Title

USB ports are not disabled for all Sun Ray Desktop Units. This requirement excludes the keyboard and mouse. (Cat II impact)

Discussion

Enabled USB ports may be used by users to store files, scripts, and executables. USB thumb drives, USB hard drives, and USB appliances may be inserted into these ports. If unapproved executables, scripts, or malware reside on the USB device, executing these or moving these onto the network may cause a virus infection or unapproved applications running on the network. Classified data may be copied inadvertently to the unclassified network if ports have been enabled. Limiting the use of these ports will prevent these USB programs and files from accessing the network.

Check Content

Within the Sun Ray Administration console, perform the following: 1. Select the Advanced Tab. 2. Select the Security Tab. 3. Verify the USB Port under Devices is not checked. If it is, this is a finding. Caveat: This is not applicable for keyboard and mouse USB ports, however, these ports must be documented and approved by the IAO. This check may be Not a Finding for USB ports enabled for operational purposes that are approved by the DAA.

Fix Text

Disable all USB ports on Sun Ray Desktop Units.

Additional Identifiers

Rule ID:

Vulnerability ID: V-16143

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.