UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Removable storage devices for which the organization has failed to maintain physical control will be scanned for malicious activity upon reclamation.


Overview

Finding ID Version Rule ID IA Controls Severity
V-23921 STO-DRV-060 SV-28877r2_rule Medium
Description
Failure to maintain proper control of storage devices used in sensitive systems may mean the firmware or other files could have been compromised. Action is needed to scan for malicious code. Although, the data on the device is most likely protected by encryption and authentication controls, it is still possible that a sophisticated attacker may have compromised the device. The risk to the system and the network increases if the device is used on a server or by a user with administrator privileges.
STIG Date
Removable Storage and External Connections Security Technical Implementation Guide 2017-09-25

Details

Check Text ( C-29526r2_chk )
Further policy details:

This requirement applies to removable storage media and other persistent memory devices that are recovered after a loss or theft. This also applies to cases where the organization failed to maintain positive physical control commensurate with the classification of the data authorized to be transferred.

Reclaimed media and drives will be scanned for malicious activity and wiped immediately when the data is no longer needed.

Reclamation procedures:
1. Insert or access device.
2. Scan device with organization approved security scanning software.
3. Wipe device using organization approved disk wipe software.


Check procedures:

1. Interview the site representative.
2. Verify the data transfer procedures outlined above are being followed if/when lost/stolen/or misplaced flash media and external hard drives are recovered. If security scanning software and disk wipe software are not used on reclaimed or recovered storage devices, this is a finding.
Fix Text (F-26595r1_fix)
Removable storage devices for which the organization has failed to maintain physical control will be scanned for malicious activity upon reclamation.