Firmware on the USB flash drive and external hard drive will be signed and verified with either Hashed Message Authentication Code (HMAC) or digital signatures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22174 | STO-DRV-040 | SV-25812r1_rule | Low |
| Description |
|---|
| Several security incidents have occurred when the firmware on devices contained malware. For devices used to store or transfer sensitive information, if the firmware is signed, then this provides added assurance that the firmware has not been compromised. |
| STIG | Date |
|---|---|
| Removable Storage and External Connections Security Technical Implementation Guide | 2017-09-25 |
Details
| Check Text ( C-27323r1_chk ) |
|---|
| Further policy details: 1. The minimum HMAC for signature algorithm values are HMAC-SHA256 and Rivest-Shimir-Alderman (RSA) 2048 or better. 2. This requirement applies to USB thumb drives. This requirement also applies to external hard disk drives regardless of connection type (e.g., eSATA, firewire, or USB). 3. This requirement applies to media and devices used for storage of high value data or for transfer between systems with differing classification or trust levels (e.g., contrator to government system). 4. Use of approved devices will ensure use of products with this feature. Check: Verify use of approved devices from the DAR-approved products list for flash drive and removable storage devices. |
| Fix Text (F-23390r1_fix) |
|---|
| Firmware on the USB flash drive and external hard drive will be signed and verified with either Hashed Message Authentication Code (HMAC) or digital signatures. |