![]() The receiver for a wireless end point provides a wireless port on the computer that could be attacked by. The use of unauthorized wireless devices can compromise DoD computers, networks, and data. DCM software provides granular end point access control and management.įor Wireless USB (WUSB) devices, comply with the Wireless STIG peripheral devices policy. Organizations that do not have a properly configured HBSS with DCM configuration will not use flash media.īecause of the innate security risks involved with using flash media, an access control and authorization method is needed. Even the use of approved devices does not eliminate this risk. USB flash media may have malware installed on the drive which may adversely impact the DoD network. If information deemed sensitive (non-publicly releasable) by the data-owner is not encrypted when stored on removable storage media, this can lead to the compromise of unclassified sensitive data.ĭata transfers using USB flash media (thumb drives) will comply with the requirements in the CTO 10-004(A or most recent version) and these procedures will be documented. These files may contain malware or spyware which present a risk to DoD resources.Įncrypt sensitive but unclassified data when stored on a USB flash drive and external hard disk drive. Removable media often arrives from the vendor with many files already stored on the drive. Restricting specific devices to each user allows for non-repudiation and.įor all USB flash media (thumb drives) and external hard disk drives, use an approved method to wipe the device before using for the first-time. DCM software provides granular end point access control and.įor end points using Windows operating systems, USB flash media will be restricted by a specific device or by a unique identifier (e.g., serial number) to specific users and machines.īecause of the innate security risks involved with using USB flash media, users must follow required access procedures. Install and configure Host-Based Security System (HBSS) with Device Control Module (DCM) on all Windows host computers that will use USB flash media (thumb drives).īecause of the innate security risks involved with using a USB flash media, an access control and authorization method is needed. Action is needed to scan for malicious code. Removable storage devices for which the organization has failed to maintain physical control will be scanned for malicious activity upon reclamation.įailure to maintain proper control of storage devices used in sensitive systems may mean that the firmware or other files could have been compromised. These NSA-approved tools are built upon the Assured File Transfer guard, which is an approved Unified Cross Domain Management Office (UCDMO) file transfer Cross Domain Solution. An NSA-approved, Type 1 solution.įor higher risk data transfers using thumb drives, use the File Sanitization Tool (FiST) with Magik Eraser (ME) to protect against malware and data compromise. The exploitation of this vulnerability will directly and immediately result in loss of, unauthorized disclosure of, or access to classified data or materials. Use a National Security Agency (NSA)-approved, Type 1 certified data encryption and hardware solution when storing classified information on USB flash media and other removable storage devices. Data-at-rest encryption products will be configured to require a. If USB media and devices are not protected by strong access control techniques, unauthorized access may put sensitive data at risk. Persistent memory devices (e.g., thumb drives, memory cards, external hard drives, or other removable storage devices) may contain malware installed on the drive or within the firmware.Īccess to mobile and removable storage devices such as USB thumb drives and external hard disk drives will be protected by password, PIN, or passphrase. ![]() Permit only government-procured and -owned devices. If the BIOS is left set to allow the end point to boot from a device attached to the USB, firewire, or eSATA port, an attacker could use a USB device to force a reboot by either performing a. Set boot order of computers approved for use with removable storage such that the Basic Input Output System (BIOS) does not allow default booting from devices attached to a USB, firewire, or eSATA port. Devices attached to or inserted into the end point's plug-and-play ports and slots can be a. Use of unapproved devices to process non-publicly releasable data increases the risk to the network. Require approval prior to allowing use of portable storage devices. Findings (MAC III - Administrative Sensitive) Finding ID ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |