Title

MP3 players, camcorders, or digital cameras are being attached to ISs without prior DAA approval. (Cat II impact)

Discussion

These devices contain non-volatile memory and could be used to infect an IS to which they are attached with malicious code or they could be used to transport sensitive data leading to the compromise of the data. Finally there is normally no DoD requirement for these devices to be attached to a DoD asset. The IAO, SA, and user will ensure that MP3 players, camcorders, or digital cameras are not attached to ISs without prior DAA approval.

Check Content

The reviewer will interview the IAO to verify that the IAO knows that USB devices such as MP3 players, camcorders, or digital cameras are not to be attached to ISs without prior DAA approval, and that this information is disseminated to all users.

Fix Text

The IAO will be made aware of the policy that USB devices such as MP3 players, camcorders, or digital cameras are not to be attached to ISs without prior DAA approval. The IAO will disseminate the policy to all users.

Additional Identifiers

Rule ID: SV-6987r1_rule

Vulnerability ID: V-6765

Group Title: USB MP3 Players Camcorders and digital cameras

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.