Title

USB devices with persistent memory are not formatted in a manner to allow the application of Access Controls to files or data stored on the device. (Cat II impact)

Discussion

Without using a format that allows the application of access controls to the device files stored on the USB device may be accessed from any system that the device is connected to. Note that access controls are easily bypassed on USB devices so this should not be considered an adequate replacement for encryption. The IAO, SA, and user will ensure that USB devices with persistent memory are formatted in a manner to allow the application of Access Controls to files or data stored on the device.

Check Content

The reviewer will interview the IAO to verify that USB devices with persistent memory are formatted in a manner to allow the application of Access Controls to files or data stored on the device.

Fix Text

Develop a process to disseminate the requirement that USB devices with persistent memory will be formatted in a manner to allow the application of Access Controls to files or data stored on the device.

Additional Identifiers

Rule ID: SV-6995r1_rule

Vulnerability ID: V-6773

Group Title: USB Format for Access Controls

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.