Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6774 | USB01.009.00 | SV-6996r1_rule | PRRB-1 | Medium |
Description |
---|
The Security Features User Guide gives the user a single reference for information on the current general and site policies and procedures describing their security responsibilities. The lack of this reference could lead to the compromise of sensitive data. The reviewer will interview the IAO and review the relevant document. What needs to be here is a description for handling, and labeling of USB devices. Additionally an explanation of the restrictions placed on attaching non-government owned USB devices to a government owned IS and the prohibition of disguised USB jump drives. |
STIG | Date |
---|---|
VMware ESX 3 Server | 2016-05-13 |
Check Text ( C-2936r1_chk ) |
---|
The reviewer will interview the IAO and review the relevant document. What needs to be here is a description for handling, and labeling of USB devices. Additionally an explanation of the restrictions placed on attaching non-government owned USB devices to a government owned IS and the prohibition of disguised USB jump drives. |
Fix Text (F-6427r1_fix) |
---|
Develop, update, and distribute a SFUG section dealing with USB devices in accordance with the SPAN STIG. |