On 6/29/12 5:45 PM, Willy Santos wrote:
CCI-000085 requires monitoring for unauthorized connections of mobile
devices. The referenced rule disables booting from a USB device.
Signed-off-by: Willy Santos <wsantos(a)redhat.com>
---
rhel6/src/input/system/permissions/mounting.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rhel6/src/input/system/permissions/mounting.xml
b/rhel6/src/input/system/permissions/mounting.xml
index 8436498..7df811a 100644
--- a/rhel6/src/input/system/permissions/mounting.xml
+++ b/rhel6/src/input/system/permissions/mounting.xml
@@ -111,7 +111,7 @@ any security measures offered by the native OS. Attackers could mount
partitions
configuration of the native OS. The BIOS should be configured to disallow booting from
USB media.</rationale>
<ident cce="3944-6" />
<!-- <oval id="bios_disable_usb_boot" /> -->
-<ref nist="CM-6, CM-7" disa="1250" />
+<ref nist="CM-6, CM-7" disa="1250,85" />
</Rule>
<Rule id="service_autofs_disabled">
Ack