UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Sensitive data stored on a USB device with persistent memory, that the data owner requires encryption is not encrypted using NIST-certified cryptography.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6772 USB01.007.00 SV-6994r1_rule Medium
Description
If the data owner believes that the data requires encryption it will be encrypted when at rest. If it is not encrypted this can lead to the compromise of sensitive data. The IAO, SA, and user will ensure that all sensitive data stored on a USB device with persistent memory, if required by the data owner, is encrypted using NIST-certified cryptography.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-2934r1_chk )
The reviewer will interview the IAO to verify that all sensitive data stored on a USB device with persistent memory, if required by the data owner, is encrypted using NIST-certified cryptography.
Fix Text (F-6425r1_fix)
Establish a process that will disseminate the requirement for encrypt of sensitive data that the data owner designates as needing encryption. Also establish a process identifying which data needs to be encrypted and notifying the users that the identified data needs encryption.