UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The USB usage section of the SFUG, or equivalent document, does not contain a discussion of the devices that contain persistent non-removable memory.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6775 USB01.010.00 SV-6997r1_rule PRRB-1 Low
Description
Without a discussion of tthe devices that contain persistent non-removable memory, an uninformed user can mistakenly attach such a device to an IS leading to the denial of service caused by an infection of the IS and possibly the network with malicious code. Additionally the user might compromise sensitive data thinking that removal of a memory card removed all the persistent memory within a device. The IAO will ensure that the USB usage section of the SFUG contains a discussion of the devices that contain persistent non-removable memory.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-2937r1_chk )
The reviewer will interview the IAO and review the relevant documentation. The discussion should point out that with some devices it may not be obvious that it contains persistent non-removable memory and that, if there is a doubt, it will be treated as if it contains persistent memory.
Fix Text (F-6428r1_fix)
Develop, update, and distribute a SFUG section on USB devices that discusses devices that may contain persistent non-removable memory in accordance with the SPAN STIG.