Install and configure Host-Based Security System (HBSS) with Device Control Module (DCM) on all Windows host computers that will use removable storage devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22176	STO-FLSH-040	SV-25814r2_rule	ECSC-1	Medium

Description
Because of the innate security risks involved with using removable storage devices (flash drives, thumb drives, disk drives, etc.), an access control and authorization method is needed. DCM software provides granular end point access control and management of removable media. Currently, DCM only supports the Windows operating system (OS).

STIG	Date
Removable Storage and External Connections Security Technical Implementation Guide	2017-09-25

Details

Check Text ( C-27333r2_chk )
Further policy details: This check applies only to end points using Windows OS that use removable storage devices. Check Procedure: Inspect the end points. Ensure the following: 1. HBSS is installed and configured in compliance with the HBSS STIG. The site may provide the results of an SRR review or self-inspection. 2. Verify DCM is installed and configured to allow only authorized removable storage devices by using a device identifier or serial number. 3. Verify DCM is configured in accordance with the CTO 10-004a or updated version. 4. If the HBSS/DCM solution is not used, an alternate solution which performs the required security functions is required, and this alternative must be approved by USCYBERCOM. If HBSS with DCM is not installed and configured on a Windows host that uses removable storage devices, this is a finding.

Check Text ( C-27333r2_chk )

Further policy details:

This check applies only to end points using Windows OS that use removable storage devices.

Check Procedure:

Inspect the end points. Ensure the following:

1. HBSS is installed and configured in compliance with the HBSS STIG. The site may provide the results of an SRR review or self-inspection.

2. Verify DCM is installed and configured to allow only authorized removable storage devices by using a device identifier or serial number.

3. Verify DCM is configured in accordance with the CTO 10-004a or updated version.

4. If the HBSS/DCM solution is not used, an alternate solution which performs the required security functions is required, and this alternative must be approved by USCYBERCOM.

If HBSS with DCM is not installed and configured on a Windows host that uses removable storage devices, this is a finding.

Fix Text (F-23394r2_fix)
Install and configure Host-Based Security System (HBSS) with Device Control Module (DCM) on all Windows host computers that will use removable storage devices (flash drives, thumb drives, disk drives, etc.).