USB devices with persistent memory are not formatted in a manner to allow the application of Access Controls to files or data stored on the device.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6773	USB01.008.00	SV-6995r1_rule	DCBP-1	Medium

Description
Without using a format that allows the application of access controls to the device files stored on the USB device may be accessed from any system that the device is connected to. Note that access controls are easily bypassed on USB devices so this should not be considered an adequate replacement for encryption. The IAO, SA, and user will ensure that USB devices with persistent memory are formatted in a manner to allow the application of Access Controls to files or data stored on the device.

Description

Without using a format that allows the application of access controls to the device files stored on the USB device may be accessed from any system that the device is connected to. Note that access controls are easily bypassed on USB devices so this should not be considered an adequate replacement for encryption. The IAO, SA, and user will ensure that USB devices with persistent memory are formatted in a manner to allow the application of Access Controls to files or data stored on the device.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-2935r1_chk )
The reviewer will interview the IAO to verify that USB devices with persistent memory are formatted in a manner to allow the application of Access Controls to files or data stored on the device.

Fix Text (F-6426r1_fix)
Develop a process to disseminate the requirement that USB devices with persistent memory will be formatted in a manner to allow the application of Access Controls to files or data stored on the device.