For end points using Windows operating systems, removable storage devices will be restricted by a unique device identifier (e.g. serial number, device instance ID) or to specific host end points or users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22177 | STO-FLSH-050 | SV-25815r3_rule | Medium |
| Description |
|---|
| Because of the innate security risks involved with using removable storage devices (e.g., flash drives, thumb drives, external solid state disk drives, etc.), users must follow required access procedures. Restricting specific devices to each user allows for non-repudiation and audit tracking. |
| STIG | Date |
|---|---|
| Removable Storage and External Connections Security Technical Implementation Guide | 2017-09-25 |
Details
| Check Text ( C-27334r3_chk ) |
|---|
| Further policy details: HBSS DCM configuration guidance can be obtained from the DoD Patch Repository - https://patches.csd.disa.mil/Default.aspx. Check procedures: 1. View the configuration of the DCM module. 2. Verify DCM is configured to allow or deny approved removable storage devices based on specific device parameters (e.g. serial number, device instance ID), device driver type (e.g. external USB storage device), or specific host end points or users. If HBSS DCM is not configured to allow or deny approved removable storage devices based on specific device parameters (e.g. serial number, device instance ID), device driver type (e.g. external USB storage device), or specific host end points or users, this is a finding. |
| Fix Text (F-23395r3_fix) |
|---|
| For end points using Windows operating systems, restrict removable storage devices by specific device, unique identifier (e.g. serial number, device instance), or to specific host end points or users. |