UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The host system will perform on-access anti-virus and malware checking, regardless of whether the external storage or flash drive has software or hardware malware features.


Overview

Finding ID Version Rule ID IA Controls Severity
V-23919 STO-ALL-070 SV-28875r1_rule Medium
Description
Like the traditional hard drive, removable storage devices and media may contain malware which may threaten DoD systems to which they eventually directly or indirectly attach. To mitigate this risk, DoD policy requires anti-virus and malware detection solutions.
STIG Date
Removable Storage and External Connections Security Technical Implementation Guide 2017-03-02

Details

Check Text ( C-29524r1_chk )
Further policy details:

All enterprise and host systems will be configured to perform on-access scanning for viruses/malware upon introduction to a system. If the destination device (e.g., router, camera, or printer) does not support on-access scanning, ensure data is scanned before loading. Reference the Intellipedia webpage related to HBSS for additional guidance regarding proper configuration and scanning capabilities of DoD-approved antivirus software.

The antivirus scanning on the host is configured in compliance with the Antivirus Security Guidance (available at http://iase.disa.mil/stigs/checklist/index.html) and the latest version of CTO 10-084 requirements.

Check procedures:

1. Inspect a sampling of external drives, USB thumb drives, and other removable storage drives such as cameras.

2. View the process of attaching these devices to an authorized host and verify that files are inspected by the anti-virus software when retrieved on access.

3. Ask the site representative for evidence that verifies that a security review using the Antivirus Security Guidance and the latest version of CTO 10-084 requirements has been performed.

4. Interview the IAO or site representative and verify that incident response procedures include flash media and external hard drive storage devices.
Fix Text (F-26592r1_fix)
The host system will perform on-access anti-virus and malware checking, regardless of whether the flash memory device has software or hardware malware features.