STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: There is no section within the SFUG, or equivalent documentation, describing the correct usage and handling of USB technologies.

DISA Rule

SV-6996r1_rule

Vulnerability Number

V-6774

Group Title

USB SFUG Section

Rule Version

USB01.009.00

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Develop, update, and distribute a SFUG section dealing with USB devices in accordance with the SPAN STIG.

Check Contents

The reviewer will interview the IAO and review the relevant document. What needs to be here is a description for handling, and labeling of USB devices. Additionally an explanation of the restrictions placed on attaching non-government owned USB devices to a government owned IS and the prohibition of disguised USB jump drives.

Vulnerability Number

V-6774

Documentable

False

Rule Version

USB01.009.00

Severity Override Guidance

The reviewer will interview the IAO and review the relevant document. What needs to be here is a description for handling, and labeling of USB devices. Additionally an explanation of the restrictions placed on attaching non-government owned USB devices to a government owned IS and the prohibition of disguised USB jump drives.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1386

Comments