CCI-000085 requires monitoring for unauthorized connections of mobile devices. The referenced rule disables all USB support in the kernel by the bootloader.
Signed-off-by: Willy Santos <[email protected]> --- rhel6/src/input/system/permissions/mounting.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/rhel6/src/input/system/permissions/mounting.xml b/rhel6/src/input/system/permissions/mounting.xml index 7df811a..f913f4b 100644 --- a/rhel6/src/input/system/permissions/mounting.xml +++ b/rhel6/src/input/system/permissions/mounting.xml @@ -96,7 +96,7 @@ disable USB storage devices if they are plugged into the sytem. Support for thes should be disabled and the devices themselves should be tightly controlled.</rationale> <ident cce="4173-1" /> <oval id="bootloader_nousb_argument" /> -<ref nist="CM-6, CM-7" disa="1250" /> +<ref nist="CM-6, CM-7" disa="1250,85" /> </Rule> <Rule id="bios_disable_usb_boot"> -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
