MP3 players, camcorders, or digital cameras are being attached to ISs without prior DAA approval.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6765	USB01.001.00	SV-6987r1_rule		Medium

Description
These devices contain non-volatile memory and could be used to infect an IS to which they are attached with malicious code or they could be used to transport sensitive data leading to the compromise of the data. Finally there is normally no DoD requirement for these devices to be attached to a DoD asset. The IAO, SA, and user will ensure that MP3 players, camcorders, or digital cameras are not attached to ISs without prior DAA approval.

Description

These devices contain non-volatile memory and could be used to infect an IS to which they are attached with malicious code or they could be used to transport sensitive data leading to the compromise of the data. Finally there is normally no DoD requirement for these devices to be attached to a DoD asset. The IAO, SA, and user will ensure that MP3 players, camcorders, or digital cameras are not attached to ISs without prior DAA approval.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-2912r1_chk )
The reviewer will interview the IAO to verify that the IAO knows that USB devices such as MP3 players, camcorders, or digital cameras are not to be attached to ISs without prior DAA approval, and that this information is disseminated to all users.

Fix Text (F-6418r1_fix)
The IAO will be made aware of the policy that USB devices such as MP3 players, camcorders, or digital cameras are not to be attached to ISs without prior DAA approval. The IAO will disseminate the policy to all users.