Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-23921 | STO-DRV-060 | SV-28877r1_rule | Medium |
Description |
---|
Failure to maintain proper control of storage devices used in sensitive systems may mean that the firmware or other files could have been compromised. Action is needed to scan for malicious code. Although, the data on the device is most likely protected by encryption and authentication controls, it is still possible that a sophisticated attacker may have compromised the device. The risk to the system and the network increases if the device is used on a server or by a user with administrator privileges. |
STIG | Date |
---|---|
Removable Storage and External Connections Security Technical Implementation Guide | 2017-03-02 |
Check Text ( C-29526r1_chk ) |
---|
Further policy details: This requirement applies to removable storage media and other persistent memory devices that are recovered after a loss or theft. This also applies to cases where the organization failed to maintain positive physical control commensurate with the classification of the data authorized to be transferred. Reclaimed media and drives will be scanned (using FiST) for malicious activity and wiped (using ME) immediately when the data is no longer needed. Reclamation procedures: 1. Insert or access device. 2. Scan device with NSA‘s FiST. 3. Wipe device using ME. Check procedures: 1. Interview the site representative. 2. Verify that the data transfer procedures outlined above are being followed if/when lost/stolen/or misplaced flash media and external hard drives are recovered. |
Fix Text (F-26595r1_fix) |
---|
Removable storage devices for which the organization has failed to maintain physical control will be scanned for malicious activity upon reclamation. |