UCF STIG Viewer Logo

Use a National Security Agency (NSA)-approved, Type 1 certified data encryption and hardware solution when storing classified information on USB flash media and other removable storage devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24177 STO-DRV-021 SV-29818r1_rule High
Description
The exploitation of this vulnerability will directly and immediately result in loss of, unauthorized disclosure of, or access to classified data or materials. An NSA-approved, Type 1 solution includes the hardware, software, and proof of coordination/approval with NSA for the level of classified processed by the external storage solution.
STIG Date
Removable Storage and External Connections Security Technical Implementation Guide 2017-09-25

Details

Check Text ( C-30145r1_chk )
1. Verify use of an NSA-approved solution which is approved for use for the level of classified data stored on the device. This solution will be implemented in consultation with NSA and will include the hardware, software, and configuration required for secure implementation of the solution.

2. Verify use of an NSA-certified, Type 1 encryption module for protecting data-at-rest.
Fix Text (F-26934r1_fix)
Use an National Security Agency (NSA), Type 1 certified solution when storing classified information on USB flash media and other removable storage devices.