Maintain a list of all end point systems that have been authorized for use with flash media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-23895 | STO-FLSH-030 | SV-28851r1_rule | Low |
| Description |
|---|
| Many USB persistent memory devices are portable and easily overlooked. They may be used as a vector for exfiltrating data. To help mitigate this risk, end points must be designated as properly authorized and configured for use with USB flash drives within the DoD. |
| STIG | Date |
|---|---|
| Removable Storage and External Connections Security Technical Implementation Guide | 2017-09-25 |
Details
| Check Text ( C-29516r1_chk ) |
|---|
| Further check details: System does not have to be tied to a single specific device or individual on the listing. Check procedure: 1. Inspect the USB authorized end point listing. 2. Verify that identifying information such as device serial number and location is tracked on the listing. |
| Fix Text (F-26580r1_fix) |
|---|
| Maintain a list of all end point systems that have been authorized for use with flash media. |