USB ports are not disabled for all Sun Ray Desktop Units. This requirement excludes the keyboard and mouse.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16143 | SUN0140 | SV-17132r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Enabled USB ports may be used by users to store files, scripts, and executables. USB thumb drives, USB hard drives, and USB appliances may be inserted into these ports. If unapproved executables, scripts, or malware reside on the USB device, executing these or moving these onto the network may cause a virus infection or unapproved applications running on the network. Classified data may be copied inadvertently to the unclassified network if ports have been enabled. Limiting the use of these ports will prevent these USB programs and files from accessing the network. |
| STIG | Date |
|---|---|
| Sun Ray 4 STIG | 2015-04-02 |
Details
| Check Text ( C-17187r1_chk ) |
|---|
| Within the Sun Ray Administration console, perform the following: 1. Select the Advanced Tab. 2. Select the Security Tab. 3. Verify the USB Port under Devices is not checked. If it is, this is a finding. Caveat: This is not applicable for keyboard and mouse USB ports, however, these ports must be documented and approved by the IAO. This check may be Not a Finding for USB ports enabled for operational purposes that are approved by the DAA. |
| Fix Text (F-16249r1_fix) |
|---|
| Disable all USB ports on Sun Ray Desktop Units. |