UCF STIG Viewer Logo

Data transfers using USB flash media (thumb drives) will comply with the requirements in the CTO 10-084 (or most recent version) and these procedures will be documented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22175 STO-FLSH-010 SV-25813r1_rule Medium
Description
USB flash media may have malware installed on the drive which may adversely impact the DoD network. Even the use of approved devices does not eliminate this risk. Use of sound security practices and procedures will further mitigate this risk when using flash media.
STIG Date
Removable Storage and External Connections Security Technical Implementation Guide 2017-09-25

Details

Check Text ( C-27332r1_chk )
Inspect the DAA-approved documentation of flash media procedures. Verify that the DAA or the designated Flash Media Approval Authority has established documentation on using flash media devices. Documentation must be signed by the DAA or his/her alternate and will include the following at a minimum:

1. Types of flash media (e.g., thumb drives, camera memory) that may be used in the organization under its area of responsibility and by whom.

2. Procedures for identifying, reporting, and investigating violations of the acceptable use policy.

3. Procedures for random and periodic inspections to ensure compliance.

4. Procedures for approval/disapproval of flash media use requests.
Fix Text (F-23393r1_fix)
Data transfers using USB flash media (thumb drives) will comply with the requirements in the CTO 10-084 (or most recent version) and these procedures will be documented.