UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Organizations that do not have a properly configured HBSS with DCM configuration will not use removable storage devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-23950 STO-FLSH-060 SV-28906r2_rule ECSC-1 Medium
Description
Because of the innate security risks involved with using removable storage devices (flash drives, thumb drives, disk drives, etc.), an access control and authorization method is needed. DCM software provides granular end point access control and management of removable media. Currently, DCM only supports the Windows operating system.
STIG Date
Removable Storage and External Connections Security Technical Implementation Guide 2017-09-25

Details

Check Text ( C-29531r2_chk )
Further policy details:

1. This requirement applies to all removable storage devices, including memory cards and USB devices.

2. DCM will be configured to monitor all removable storage devices, including camera memory, if it is used for non-publicly releasable information storage or to connect to clients attached to DoD networks.

Check procedure:

Inspect the end points and ensure the following.
1. Verify that if removable storage devices are used, then HBSS/DCM is used to track usage.

2. Inspect to see if removable storage devices are used for non-publicly releasable data or are directly or indirectly attached to the NIPRNet or the SIPRNet.

3. If either of these are true, then verify use of HBSS/DCM to monitor their usage.

If the organization is using removable storage devices without having HBSS with DCM installed and properly configured, this is a finding.
Fix Text (F-26611r2_fix)
Organizations that do not have a properly configured HBSS with DCM configuration will not use removable storage devices.