UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Maintain a list of all end point systems that have been authorized for use with flash media.


Overview

Finding ID Version Rule ID IA Controls Severity
V-23895 STO-FLSH-030 SV-28851r1_rule Low
Description
Many USB persistent memory devices are portable and easily overlooked. They may be used as a vector for exfiltrating data. To help mitigate this risk, end points must be designated as properly authorized and configured for use with USB flash drives within the DoD.
STIG Date
Removable Storage and External Connections Security Technical Implementation Guide 2017-09-25

Details

Check Text ( C-29516r1_chk )
Further check details:

System does not have to be tied to a single specific device or individual on the listing.

Check procedure:

1. Inspect the USB authorized end point listing.
2. Verify that identifying information such as device serial number and location is tracked on the listing.
Fix Text (F-26580r1_fix)
Maintain a list of all end point systems that have been authorized for use with flash media.