The host system will perform on-access anti-virus and malware checking, regardless of whether the external storage or flash drive has software or hardware malware features.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-23919	STO-ALL-070	SV-28875r1_rule		Medium

Description
Like the traditional hard drive, removable storage devices and media may contain malware which may threaten DoD systems to which they eventually directly or indirectly attach. To mitigate this risk, DoD policy requires anti-virus and malware detection solutions.

STIG	Date
Removable Storage and External Connections Security Technical Implementation Guide	2017-09-25

Details

Check Text ( C-29524r1_chk )
Further policy details: All enterprise and host systems will be configured to perform on-access scanning for viruses/malware upon introduction to a system. If the destination device (e.g., router, camera, or printer) does not support on-access scanning, ensure data is scanned before loading. Reference the Intellipedia webpage related to HBSS for additional guidance regarding proper configuration and scanning capabilities of DoD-approved antivirus software. The antivirus scanning on the host is configured in compliance with the Antivirus Security Guidance (available at http://iase.disa.mil/stigs/checklist/index.html) and the latest version of CTO 10-084 requirements. Check procedures: 1. Inspect a sampling of external drives, USB thumb drives, and other removable storage drives such as cameras. 2. View the process of attaching these devices to an authorized host and verify that files are inspected by the anti-virus software when retrieved on access. 3. Ask the site representative for evidence that verifies that a security review using the Antivirus Security Guidance and the latest version of CTO 10-084 requirements has been performed. 4. Interview the IAO or site representative and verify that incident response procedures include flash media and external hard drive storage devices.

Check Text ( C-29524r1_chk )

Further policy details:

All enterprise and host systems will be configured to perform on-access scanning for viruses/malware upon introduction to a system. If the destination device (e.g., router, camera, or printer) does not support on-access scanning, ensure data is scanned before loading. Reference the Intellipedia webpage related to HBSS for additional guidance regarding proper configuration and scanning capabilities of DoD-approved antivirus software.

The antivirus scanning on the host is configured in compliance with the Antivirus Security Guidance (available at http://iase.disa.mil/stigs/checklist/index.html) and the latest version of CTO 10-084 requirements.

Check procedures:

1. Inspect a sampling of external drives, USB thumb drives, and other removable storage drives such as cameras.

2. View the process of attaching these devices to an authorized host and verify that files are inspected by the anti-virus software when retrieved on access.

3. Ask the site representative for evidence that verifies that a security review using the Antivirus Security Guidance and the latest version of CTO 10-084 requirements has been performed.

4. Interview the IAO or site representative and verify that incident response procedures include flash media and external hard drive storage devices.

Fix Text (F-26592r1_fix)
The host system will perform on-access anti-virus and malware checking, regardless of whether the flash memory device has software or hardware malware features.