UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

There is no section within the SFUG, or equivalent documentation, describing the correct usage and handling of USB technologies.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6774 USB01.009.00 SV-6996r1_rule PRRB-1 Medium
Description
The Security Features User Guide gives the user a single reference for information on the current general and site policies and procedures describing their security responsibilities. The lack of this reference could lead to the compromise of sensitive data. The reviewer will interview the IAO and review the relevant document. What needs to be here is a description for handling, and labeling of USB devices. Additionally an explanation of the restrictions placed on attaching non-government owned USB devices to a government owned IS and the prohibition of disguised USB jump drives.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-2936r1_chk )
The reviewer will interview the IAO and review the relevant document. What needs to be here is a description for handling, and labeling of USB devices. Additionally an explanation of the restrictions placed on attaching non-government owned USB devices to a government owned IS and the prohibition of disguised USB jump drives.
Fix Text (F-6427r1_fix)
Develop, update, and distribute a SFUG section dealing with USB devices in accordance with the SPAN STIG.