Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-23895 | STO-FLSH-030 | SV-28851r1_rule | Low |
Description |
---|
Many USB persistent memory devices are portable and easily overlooked. They may be used as a vector for exfiltrating data. To help mitigate this risk, end points must be designated as properly authorized and configured for use with USB flash drives within the DoD. |
STIG | Date |
---|---|
Removable Storage and External Connections Security Technical Implementation Guide | 2016-12-16 |
Check Text ( C-29516r1_chk ) |
---|
Further check details: System does not have to be tied to a single specific device or individual on the listing. Check procedure: 1. Inspect the USB authorized end point listing. 2. Verify that identifying information such as device serial number and location is tracked on the listing. |
Fix Text (F-26580r1_fix) |
---|
Maintain a list of all end point systems that have been authorized for use with flash media. |