Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6775 | USB01.010.00 | SV-6997r1_rule | PRRB-1 | Low |
Description |
---|
Without a discussion of tthe devices that contain persistent non-removable memory, an uninformed user can mistakenly attach such a device to an IS leading to the denial of service caused by an infection of the IS and possibly the network with malicious code. Additionally the user might compromise sensitive data thinking that removal of a memory card removed all the persistent memory within a device. The IAO will ensure that the USB usage section of the SFUG contains a discussion of the devices that contain persistent non-removable memory. |
STIG | Date |
---|---|
VMware ESX 3 Server | 2016-05-13 |
Check Text ( C-2937r1_chk ) |
---|
The reviewer will interview the IAO and review the relevant documentation. The discussion should point out that with some devices it may not be obvious that it contains persistent non-removable memory and that, if there is a doubt, it will be treated as if it contains persistent memory. |
Fix Text (F-6428r1_fix) |
---|
Develop, update, and distribute a SFUG section on USB devices that discusses devices that may contain persistent non-removable memory in accordance with the SPAN STIG. |