Disable Booting from USB Devices in Boot Firmware

An XCCDF Rule

Details
Profiles
Prose

Description

Configure the system boot firmware (historically called BIOS on PC systems) to disallow booting from USB drives.

Rationale

Booting a system from a USB device would allow an attacker to circumvent any security measures provided by the operating system. Attackers could mount partitions and modify the configuration of the OS.

ID: xccdf_org.ssgproject.content_rule_bios_disable_usb_boot
Severity: Unknown
References: 12 16

APO13.01 DSS01.04 DSS05.03 DSS05.04 DSS05.05 DSS05.07 DSS06.03

CCI-001250

4.3.3.2.2 4.3.3.5.2 4.3.3.6.6 4.3.3.7.2 4.3.3.7.4

SR 1.1 SR 1.13 SR 1.2 SR 1.4 SR 1.5 SR 1.9 SR 2.1 SR 2.6

A.11.2.6 A.13.1.1 A.13.2.1 A.6.2.1 A.6.2.2 A.7.1.1 A.9.2.1

CM-6(a) CM-7(b) MP-7

PR.AC-3 PR.AC-6
Updated: about 1 year ago