Persistent memory USB devices are not treated as removable media and contrary to DODD 5200.1-R; the devices are not secured, transported, and sanitized in a manner appropriate for the classification level of the data they contain.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6770 | USB01.005.00 | SV-6992r1_rule | PECS-1 PECS-2 PEDD-1 | Medium |
| Description |
|---|
| Persistent memory USB devices can function as removable media. They have the same vulnerabilities as floppy disk but greater capacity. They will be secured, transported and sanitized as required by DODD 5200-1-R in a manner appropriate for the classification level of the data they contain. The IAO, SA, and user will ensure that persistent memory USB devices are treated as removable media and, in accordance with DODD 5200.1-R; the devices are secured, transported, and sanitized in a manner appropriate for the classification level of the data they contain. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-2920r1_chk ) |
|---|
| The reviewer will interview the IAO to verify that the policy for treating persistent memory USB devices as removable media, and in accordance with DODD 5200.1-R; the devices are secured, transported, and sanitized in a manner appropriate for the classification level of the data they contain is disseminated to all users. This would include any device with internal non-removable persistent memory not just jump drives or disk driver. |
| Fix Text (F-6423r1_fix) |
|---|
| Disseminate the policy requiring that persistent memory USB devices will be treated as removable media and, in accordance with DODD 5200.1-R; the devices will be secured, transported, and sanitized in a manner appropriate for the classification level of the data they contain. |