Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
MP3 players, camcorders, or digital cameras are being attached to ISs without prior DAA approval.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6765 | USB01.001.00 | SV-6987r1_rule | Medium |
| Description |
|---|
| These devices contain non-volatile memory and could be used to infect an IS to which they are attached with malicious code or they could be used to transport sensitive data leading to the compromise of the data. Finally there is normally no DoD requirement for these devices to be attached to a DoD asset. The IAO, SA, and user will ensure that MP3 players, camcorders, or digital cameras are not attached to ISs without prior DAA approval. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-2912r1_chk ) |
|---|
| The reviewer will interview the IAO to verify that the IAO knows that USB devices such as MP3 players, camcorders, or digital cameras are not to be attached to ISs without prior DAA approval, and that this information is disseminated to all users. |
| Fix Text (F-6418r1_fix) |
|---|
| The IAO will be made aware of the policy that USB devices such as MP3 players, camcorders, or digital cameras are not to be attached to ISs without prior DAA approval. The IAO will disseminate the policy to all users. |