For higher risk data transfers using flash media, use an organization approved security scanning software and disk wipe software to protect against malware and data compromise.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-23920	STO-FLSH-070	SV-28876r2_rule		Medium

Description
Use of an organization approved security scanning software and disk wipe software with the procedures listed in the Check section is the only authorized method for using flash media for higher risk data transfers.

STIG	Date
Removable Storage and External Connections Security Technical Implementation Guide	2017-09-25

Details

Check Text ( C-29525r2_chk )
Further policy details: This requirement applies to flash media. Higher risk categories are defined as: 1. Data transfers to or from non-DoD systems 2. Special cases when data must traverse different classification domains Higher risk data transfer procedures for USB thumb drives: 1. Insert/Unlock USB thumb drive. 2. Load file from the source network. 3. Scan flash media device with an organization approved security scanning software. 4. Set USB thumb drive to read only mode, if possible. 5. Scan file using scanning software on the destination network. 6. Load file to destination network. 7. Use an organization approved disk wipe software to wipe device when data is no longer needed. Higher risk data transfer procedures for memory cards: 1. Insert card into card reader. 2. Scan disk drive created by memory card using organization approved security scanning software. 3. Scan disk drive created by the memory card using scanning software on the destination network. 4. Load file to destination network. 5. Use organization approved disk wipe software to wipe the device when data is no longer needed. Check procedures: 1. Interview the site representative. 2. Ask if higher risk data transfers, as outlined above, are performed. If so, ask how this transfer is done and verify compliance with above procedure. If an organization approved security scanning software and disk wipe software are not being utilized when flash media is used for higher risk data transfers, this is a finding.

Check Text ( C-29525r2_chk )

Further policy details:

This requirement applies to flash media.

Higher risk categories are defined as:
1. Data transfers to or from non-DoD systems
2. Special cases when data must traverse different classification domains

Higher risk data transfer procedures for USB thumb drives:
1. Insert/Unlock USB thumb drive.
2. Load file from the source network.
3. Scan flash media device with an organization approved security scanning software.
4. Set USB thumb drive to read only mode, if possible.
5. Scan file using scanning software on the destination network.
6. Load file to destination network.
7. Use an organization approved disk wipe software to wipe device when data is no longer needed.

Higher risk data transfer procedures for memory cards:
1. Insert card into card reader.
2. Scan disk drive created by memory card using organization approved security scanning software.
3. Scan disk drive created by the memory card using scanning software on the destination network.
4. Load file to destination network.
5. Use organization approved disk wipe software to wipe the device when data is no longer needed.

Check procedures:

1. Interview the site representative.
2. Ask if higher risk data transfers, as outlined above, are performed. If so, ask how this transfer is done and verify compliance with above procedure. If an organization approved security scanning software and disk wipe software are not being utilized when flash media is used for higher risk data transfers, this is a finding.

Fix Text (F-26594r2_fix)
For higher risk data transfers using flash media, an organization approved security scanning and disk wipe software will be used.