UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Maintain a list of approved removable storage media or devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22172 STO-ALL-030 SV-25810r1_rule Low
Description
Many persistent memory media or devices are portable, easily stolen, and contain sensitive data. If these devices are lost or stolen, it may take a while to discover that sensitive information has been lost. Inventory and bar-coding of authorized devices will increase the organization’s ability to uncover unauthorized portable storage devices.
STIG Date
Removable Storage and External Connections Security Technical Implementation Guide 2017-03-02

Details

Check Text ( C-27321r1_chk )
Further policy details:

Track all devices: Flash media, external hard drives, CAC readers, printers, scanners, and other devices attached to USB, firewire, or eSata ports.

NOTE: This requirement does not apply to keyboard and mice that do not contain persistent memory.

NOTE: See Wireless STIG for security requirements for wireless keyboards and mice.

Check procedure:

Inspect the equipment list that is used to track flash media, external storage, and/or externally connected peripheral devices. Verify that identifying information is tracked and the list is kept updated as new equipment is replaced or purchased.

The following data must be included:
1. Bar Code Tag or serial number.
2. Type of device.
3. Name and contact information of person to whom the device is issued.
4. If the device was transferred, note disposition information such as date wiped and transferred.
Fix Text (F-23388r1_fix)
Maintain a list of approved removable storage media or devices.