Cyber Trackr - Free Compliance Library
Cyber Trackr
The Free Compliance Library

Keyboard Video and Mouse Switch STIG

  • Version/Release: V2R6
  • Published: 2015-12-09
  • Released: 2016-01-22
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

The Keyboard Video and Mouse Switch (KVM) STIG includes the computing requirements for KVM switches operating to support the DoD. The Keyboard Video and Mouse Switch STIG must also be applied for each site using KVM switches. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.
a
Written user agreements for all users authorized to use the KVM or A/B switch must be maintained.
Low - V-6675 - SV-6823r2_rule
RMF Control
Severity
Low
CCI
Version
KVM01.001.00
Vuln IDs
  • V-6675
Rule IDs
  • SV-6823r2_rule
A written user agreement allows the ISSO to be certain the end user that will be using the equipment has been presented with the documentation that explains their duties and responsibilities in relation to the equipment and they have acknowledged that they have read the documentation and understand it. Though there is no guarantee the user will perform as required, it will lessen the problems caused by uninformed users. The ISSO will maintain written user agreements for all users authorized to use the KVM or A/B switch.PRRB-1
Checks: C-2603r2_chk

The reviewer will interview the ISSO and view the written agreements. The agreement will require the user to perform the following. 1. Logging onto an IS. a. Identify the classification of the IS currently selected. b. Use the login and passwords appropriate for that IS. c. Verify the classification of the present IS by checking the classification label/banner. d. Begin processing. 2. Switching between ISs. a. Screen lock the IS you are currently working on if the IS supports this capability. b. Select the desired IS with the switch. c. Enter your user identifier and password to deactivate the screen lock on the newly selected IS. d. Verify the classification of the present IS by checking the classification label/banner. e. Begin processing. The agreement may state that the user has read and understands the SFUG sections dealing with the KVM switch usage if the SFUG or similar documentation exists. If no documents exist, this is a finding.

Fix: F-6257r2_fix

Develop a user agreement, have each user of KVM or A/B switches sign a user agreement, and keep the signed agreement on file.

a
A SFUG, or an equivalent document, that describes the correct uses of the switch and user responsibilities, must be maintained and distributed.
Low - V-6676 - SV-6824r2_rule
RMF Control
Severity
Low
CCI
Version
KVM01.002.00
Vuln IDs
  • V-6676
Rule IDs
  • SV-6824r2_rule
The SFUG (Security Features User Guide) or an equivalent document describes the user’s security responsibilities including any site-specific requirements. This gives the user a single reference source for both initial indoctrination and for later review. The distribution of the SFUG will lessen the vulnerabilities created by user ignorance of policy or procedures required by the site. By keeping this document current the user will have the current policies and procedures available. The ISSO will maintain and distribute to the users a SFUG, or an equivalent document, that describes the correct uses of the switch and the user’s responsibilities.PRRB-1
Checks: C-2604r3_chk

The reviewer will interview the ISSO and review the SFUG documentation. The SFUG will at a minimum have the following requirements. 1. Logging onto an IS. a. Identify the classification of the IS currently selected. b. Use the login and passwords appropriate for that IS. c. Verify the classification of the present IS by checking the classification label/banner. d. Begin processing. 2. Switching between ISs. a. Screen lock the IS you are currently working on if the IS supports this capability. b. Select the desired IS with the switch. c. Enter your user identifier and password to deactivate the screen lock on the newly selected IS. d. Verify the classification of the present IS by checking the classification label/banner. e. Begin processing. If no documentation exists within the SFUG or equivalent document, describing the user's security responsibilities when using a KVM or A/B switch, then this is a finding.

Fix: F-6258r2_fix

If a Security Features User Guide does not exist, develop one making sure there is a section for KVM and A/B switches containing the information found in this STIG. If a Security Features User Guide exists, but does not contain a section on KVM and A/B switches, create a section that describes the correct uses of KVM and A/B switches.

c
The KVM switch must be physically protected in accordance with the requirements of the highest classification for any IS connected to the KVM switch.
High - V-6677 - SV-6825r2_rule
RMF Control
Severity
High
CCI
Version
KVM01.003.00
Vuln IDs
  • V-6677
Rule IDs
  • SV-6825r2_rule
If the KVM switch is not physically protected in accordance with the requirements of the highest classification for any IS connected to the KVM switch, the KVM switch can be tampered with leading to the compromise of sensitive data or a denial of service caused by the disruption of the systems the KVM switch is connected. The ISSO or SA will ensure the KVM switch is physically protected in accordance with the requirements of the highest classification for any IS connected to the KVM switch. When the KVM switch is moved it may require the ISs attached to the switch to be powered down prior to the move.System AdministratorPECF-1, PECF-2
Checks: C-2605r2_chk

The reviewer will check the location of the KVM switch. If the switch is not located in an area that is secured in the same manner as required of the IS with the highest classification level, then this is a finding.

Fix: F-6259r1_fix

Develop a plan to move the KVM switch to a location that is physically protected in accordance with the requirements of the highest classification for any IS connected to the KVM switch. Obtain CM approval for the plan and implement the plan.

b
Smart (intelligent or programmable) keyboard must not be used in conjunction with a KVM switch when the KVM switch is connected to ISs of different classification and/or sensitivity levels.
Medium - V-6678 - SV-6829r2_rule
RMF Control
Severity
Medium
CCI
Version
KVM01.004.00
Vuln IDs
  • V-6678
Rule IDs
  • SV-6829r2_rule
In an environment where the KVM switch is connected to ISs of different classification and/or sensitivity levels, a smart (intelligent or programmable) keyboard can transfer sensitive data from one system to another leading to the compromise of data. The ISSO or SA will ensure a smart (intelligent or programmable) keyboard is not used in conjunction with a KVM switch when the switch is connected to ISs of different classification and/or sensitivity levels.System AdministratorInformation Assurance OfficerDCBP-1
Checks: C-2610r2_chk

The reviewer will interview the ISSO and view the keyboard attached to the KVM to verify that a smart keyboard is not in use when the KVM switch is attached to ISs with different classification and/or sensitivity levels. Keyboards that include USB ports, smart card slots, and removable media slots are considered smart keyboards. Note: A keyboard that has extended functionality that is not programmable, like an internet keyboard, is not prohibited. Note: Having a CAC reader in the KVM switch is acceptable; however, the host rather than the switch itself must perform the authentication algorithms. Otherwise the switch must be approved by PKI PMO.

Fix: F-6262r2_fix

Replace the smart keyboard with a non-smart keyboard.

b
A wireless keyboard or mouse that is compliance with the current Wireless Keyboard and Mouse STIG must be attached to a KVM switch.
Medium - V-6679 - SV-6839r2_rule
RMF Control
Severity
Medium
CCI
Version
KVM01.005.00
Vuln IDs
  • V-6679
Rule IDs
  • SV-6839r2_rule
Signals from a wireless device can be intercepted and decoded which can lead to the compromise of sensitive data. The ISSO or SA will ensure wireless keyboards or mice attached to KVM switches are in compliance with the current Wireless Keyboard and Mouse STIG.System AdministratorInformation Assurance OfficerECWN-1
Checks: C-2624r2_chk

The reviewer will look at the keyboard and the mouse. If either is wireless, it must be in compliance with the Wireless Keyboard and Mouse STIG.

Fix: F-6267r2_fix

Reconfigure the wireless device, if possible, to be compliant with the Wireless Keyboard and Mouse STIG. If the wireless device cannot be made compliant with the Wireless Keyboard and Mouse STIG, replace the device with a wireless device that can be made compliant with the Wireless Keyboard and Mouse STIG or with a wired device.

a
The desktop background of information systems attached to a KVM switch must be labeled with the proper classification banners.
Low - V-6680 - SV-6842r2_rule
RMF Control
Severity
Low
CCI
Version
KVM01.006.00
Vuln IDs
  • V-6680
Rule IDs
  • SV-6842r2_rule
Without the banners to identify the information system the KVM switch is currently active on, the user could enter a command to the wrong information system and create a denial of service or the user could enter data into the wrong system creating either a security incident (data entered to a system of the wrong classification) or a compromise of sensitive data.System AdministratorInformation Assurance OfficerECML-1
Checks: C-2629r5_chk

The reviewer will view the desktop backgrounds of each information system attached to the KVM switch and verify they are labeled as described below. The desktop backgrounds will display classification banners at the top and bottom of the screen. These banners will state the overall classification level of the information system in large bold type. These banners will have a solid background color assigned using the following scheme: Yellow for Sensitive Compartmented Information (SCI). Orange for Top Secret (TS). Red for Secret. Blue for Confidential. Green for Unclassified. When information systems have similar classification levels but require separation for other reasons, the use of unique colors for different information systems or networks is permissible. These banners will identify the information system, if space is available. If classification banners are not used on information systems attached to a KVM, this is a finding.

Fix: F-6270r4_fix

Modify the screen backgrounds for each information system attached to the KVM switch to comply with information below. These banners will state the overall classification level of the information system in large bold type. These banners will have a solid background color assigned using the following scheme: Yellow for Sensitive Compartmented Information (SCI). Orange for Top Secret (TS). Red for Secret. Blue for Confidential. Green for Unclassified. When information systems have similar classification levels but require separation for other reasons, the use of unique colors for different information systems or networks is permissible. These banners will identify the information system, if space is available.

b
A KVM switch with configurable features must have the configuration protected from modification with a DoD compliant password.
Medium - V-6681 - SV-6843r2_rule
RMF Control
Severity
Medium
CCI
Version
KVM01.007.00
Vuln IDs
  • V-6681
Rule IDs
  • SV-6843r2_rule
If the KVM switch is configurable, some features that are available such as auto toggling between attached ISs are not permitted. If the configuration is not protected by a password it can be modified by any user allowing features that are not permitted. This can lead to the compromise of sensitive data. If the KVM switch has configurable features, the ISSO or SA will ensure the configuration is protected from modification with a DoD compliant password.System AdministratorIAIA-2, IAIA-1
Checks: C-2631r2_chk

If the KVM switch is configurable, the reviewer will, with the assistance of the SA, try to change the configuration with a random password and with no password. If the reviewer is able to change the configuration with a random password or no password, then this is a finding. Note: The emphasis here is the protection of the configuration not the technique, if the configuration is protected as a function of a privileged user id/password sign in or by a DoD PKI (for network attached KVM switches) this fulfills this requirement.

Fix: F-6271r2_fix

If the KVM switch’s configuration can be protected by a password, including user id/password combinations or PKI for network attached switches, create a DOD compliant password to protect the configuration. If the KVM switch’s configuration cannot be protected by a password, including user id/password combinations or PKI for network attached switches, replace it with a KVM switch that either has no configuration or the configuration can be protected by a password.

b
The KVM switch feature for automatically toggling between ISs must be disabled.
Medium - V-6682 - SV-6844r2_rule
RMF Control
Severity
Medium
CCI
Version
KVM01.008.00
Vuln IDs
  • V-6682
Rule IDs
  • SV-6844r2_rule
The feature that automatically toggles between connected ISs or active ISs can cause a screen to be automatically displayed that contains sensitive information. This can lead to the compromise of sensitive data. The ISSO or SA will ensure the feature for automatically toggling between ISs is disabled.System AdministratorDCBP-1
Checks: C-2632r2_chk

If the KVM switch has the feature for automatically toggling between ISs, the reviewer will verify, with the assistance of the ISSO or SA, that it is disabled. If the feature is disabled but the configuration is not protected then this is a finding.

Fix: F-6272r3_fix

Disable the feature for automatically toggling between ISs. If the KVM switch can be configured to disable the ability to switch peripherals other than the keyboard, video monitor, and mouse, modify the configuration to disable this feature. If the KVM switch cannot be configured to disable this feature replace the KVM switch with a KVM switch that is compliant.

b
A hot key feature must not be enabled other than the menu feature that allows the user to select the IS to be used from the displayed menu.
Medium - V-6683 - SV-6845r2_rule
RMF Control
Severity
Medium
CCI
Version
KVM01.009.00
Vuln IDs
  • V-6683
Rule IDs
  • SV-6845r2_rule
There are many "hot key" features that could be used. Since each vender has a different set of features and it is impractical to review all features from all venders for potential vulnerabilities, no features other than the ability to bring up a menu of the ISs available on the KVM switch to allow the user to select which IS they wish to display will be enabled. Additional features will be approved if requested and time is available to review the feature and its implementation. The ISSO or SA will ensure the only “hot key” feature enabled is the menu feature that allows the user to select the IS to be used from the displayed menu.System AdministratorDCBP-1
Checks: C-2633r2_chk

The reviewer will, with the assistance of the ISSO or SA, verify the only “hot key” feature enabled is the menu feature that allows the user to select the IS to be used from the displayed menu. If the configuration cannot be protected, this is a finding.

Fix: F-6273r1_fix

Disable any unauthorized "hot key" features in the KVM switch's configuration.

a
A machine-readable or a paper-document backup must be maintained for the configuration of the KVM switch.
Low - V-6684 - SV-6846r2_rule
RMF Control
Severity
Low
CCI
Version
KVM01.011.00
Vuln IDs
  • V-6684
Rule IDs
  • SV-6846r2_rule
Without a backup of the KVM switch's configuration, you can have a denial of service if the configuration cannot be restored quickly in the event it is lost or a faulty switch needs to be replaced. The ISSO or SA will ensure a machine-readable or a paper-document backup is maintained for the configuration of the KVM switch.System AdministratorCOSW-1
Checks: C-2634r2_chk

Interview the ISSO or SA to verify a backup of the configuration is maintained. If a backup of the configuration does not exist, this is a finding.

Fix: F-6274r1_fix

Create a machine-readable or paper-document backup of the KVM switch configuration.

a
A written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch must be maintained.
Low - V-6685 - SV-6847r2_rule
RMF Control
Severity
Low
CCI
Version
KVM02.001.00
Vuln IDs
  • V-6685
Rule IDs
  • SV-6847r2_rule
Without a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch, tampering with the KVM switch by adding or moving connections cannot be verified and the physical configuration cannot be reproduced if needed. This can lead to a denial of service or a compromise of sensitive data if a connection is removed, moved, or added. The ISSO will maintain a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch.DCHW-1
Checks: C-2635r2_chk

The reviewer will verify the description exists and check that it accurately describes the switch and its attached ISs. An annotated drawing or diagram is acceptable. If no documentation exists, this is a finding.

Fix: F-6275r1_fix

Create a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level for each IS attached to the KVM switch.

b
The KVM switch must be configured to force the change of the configuration password every 90 days or there is no policy and procedure in place to change the configuration password every 90 days.
Medium - V-6686 - SV-6848r2_rule
RMF Control
Severity
Medium
CCI
Version
KVM02.002.00
Vuln IDs
  • V-6686
Rule IDs
  • SV-6848r2_rule
The longer the time between password changes the greater the chance the password will become compromised. A compromised password can allow a malicious user to change the configuration of the KVM switch creating a denial of service or a compromise of sensitive data. The ISSO will ensure the KVM switch is configured to force the change of the configuration password every 90 days or there is a policy and procedure in place to change the configuration password every 90 days.DCBP-1
Checks: C-2636r2_chk

The reviewer will, with the assistance of the ISSO or SA, verify the KVM switch is configured to force the change of the configuration password every 90 days or there is a policy and procedure in place to change the configuration password every 90 days. If the switch is not configured or there is no policy or procedure in place to force a configuration password change every 90 days, this is a finding.

Fix: F-6276r1_fix

Configure the KVM switch to force the change of the configuration password every 90 days or if the KVM switch does not support this functionality, create a policy and procedure to change the configuration password every 90 days.

c
The KVM switch has the ability to support a RAS connection, this feature must be disabled or the connectors on the KVM switch supporting this feature must be blocked with a tamper evident seal.
High - V-6687 - SV-6849r3_rule
RMF Control
Severity
High
CCI
Version
KVM02.003.00
Vuln IDs
  • V-6687
Rule IDs
  • SV-6849r3_rule
KVM switches that support Dialup Remote Access Services (RAS) do not support a robust identification and authorization process or robust auditing; therefore this feature will not be used. Tamper evident seals over the port(s) that support this feature will serve as an indicator that this feature may not been used for unauthorized access to the KVM switch. The ISSO has not ensured, if the KVM switch has the ability to support a RAS connection, this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper evident seal.Sites that depend on this feature for after-hours support and maintenance will be denied access to this feature and will need to implement an approved alternative.EBRP-1
Checks: C-2637r3_chk

The reviewer will, with the assistance of the ISSO, verify if the KVM switch has the ability to support a RAS connection and that this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper evident seal. If the RAS feature is enabled and/or the RAS ports are not protected with tamper evident seals, this is a finding.

Fix: F-6277r3_fix

Configure the KVM switch to disable the RAS feature, remove all hardware from the KVM switch that supports this feature, and block all connectors on the KVM switch that support this feature with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

a
Written permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels must be maintained.
Low - V-6698 - SV-6867r2_rule
RMF Control
Severity
Low
CCI
Version
KVM02.004.00
Vuln IDs
  • V-6698
Rule IDs
  • SV-6867r2_rule
The AO responsible for an IS attached to a KVM switch that has other ISs attached of differing classifications levels must approve of the use of the KVM switch. The AO is the only individual that may be cognizant of the nature of the data accessible from the IS and what requirements have been placed on its access. There may be a need to have the system isolated from KVM switches even though they are approved for use in spanning classification levels. When the ISs are of different classification levels, the ISSM will maintain written permission from all AOs responsible for all ISs connected to a KVM switch.If permission has not been received prior to attachment, and the AO does not immediately approve the attachment, the system must immediately be removed from the KVM switch and a separate keyboard, video monitor, and mouse must be used until written permission from the responsible AO is received.Information Assurance ManagerDCBP-1
Checks: C-2658r2_chk

The reviewer will interview the ISSM and verify written permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels is being maintained. If no documentation exists, this is a finding.

Fix: F-6292r2_fix

Obtain written permission for the IS to be attached to the KVM switch from the AO responsible for the system in question. At the earliest time so as not to impact production, if written permission has not been received, the IS will be removed from the KVM switch and be placed on a separate keyboard, video monitor, and mouse until written permission is received.

b
KVM or A/B switches must be approved prior to being connected to ISs of different classification levels.
Medium - V-6699 - SV-6876r3_rule
RMF Control
Severity
Medium
CCI
Version
KVM02.005.00
Vuln IDs
  • V-6699
Rule IDs
  • SV-6876r3_rule
Only KVM switches that have been tested and verified to prevent the transfer of data from one IS to another will be used when the ISs connected to the switch are of differing classification levels. The switch will be operated in the approved port configuration only. When the KVM switch is attached to ISs of different classification levels, the ISSO will ensure only approved KVM or A/B switches are used.If an approved KVM switch cannot immediately replace the unapproved switch, it will be necessary to remove all of the systems from the KVM switch and attach an individual keyboard, video monitor, and mouse to each or segregate the ISs by classification level onto as many individual KVM switches as needed.DCBP-1
Checks: C-2671r4_chk

Verify the KVM or A/B switch attached to ISs of different classification levels has been evaluated and approved prior to connection. The National Information Assurance Partnership (NIAP) product lists can be found below: https://www.niap-ccevs.org/CCEVS_Products/ If the KVM or A/B switch is not found on the NIAP list, this is a finding.

Fix: F-6294r4_fix

Immediately replace the unapproved KVM switch with an approved KVM switch. If there is no approved KVM switch available, remove all ISs from the unapproved KVM switch and attach a separate keyboard, video monitor, and mouse to each IS. Alternately the ISs can be segregated by classification level on as many individual KVM switches as needed. Verify port configuration complies with guidance for the switch used.

a
A KVM switch must not be cascaded while being attached to ISs of different classification levels.
Low - V-6700 - SV-6878r2_rule
RMF Control
Severity
Low
CCI
Version
KVM02.006.00
Vuln IDs
  • V-6700
Rule IDs
  • SV-6878r2_rule
Cascading KVM switches, connecting one switch to another switch, can make it difficult to determine which system is currently connected to the keyboard, video monitor, and mouse by simple observation. In situations where the ISs are of differing classification levels this could lead to the compromise of sensitive or classified data or a denial of service caused by a privileged command being given to the wrong system. When the KVM switch is attached to ISs of different classification levels, the ISSO or SA will ensure no KVM switches are cascaded.Removal of cascading will require separate keyboard, video monitor, and mouse for each KVM switch.System AdministratorDCBP-1
Checks: C-2673r2_chk

The reviewer will check the connections for the KVM switch to verify it is not connected to another KVM switch when ISs of different classification levels are attached. If KVM switches are cascaded, this is a finding.

Fix: F-6295r2_fix

Develop a plan to remove all cascaded KVM switches as soon as possible without disrupting production. Connect each IS to an open port on a KVM switch that is in turn only connected to a keyboard, video monitor, and mouse, not to another KVM switch. Obtain CM approval for the plan and execute the plan at the earliest opportunity.

b
Tamper evident seals must be attached to the KVM switch and all IS cables at their attachment points where the KVM switch is attached to ISs of different classification levels.
Medium - V-6701 - SV-6882r3_rule
RMF Control
Severity
Medium
CCI
Version
KVM02.007.00
Vuln IDs
  • V-6701
Rule IDs
  • SV-6882r3_rule
Tamper evident seals are designed to break if tampered with or show evidence of tampering. They are used to indicate a cabinet has been opened or a cable has been removed, moved or added. For KVM switches attached to ISs of differing classification levels it is necessary to be aware of any potential tampering with the connections. Switching the cables for two ISs could lead to the compromise of sensitive data. Removal of a cable could lead to a denial of service until it is reattached. The ISSO or SA will ensure tamper evident seals are attached to the KVM switch and all IS cables at their attachment points.DCBP-1
Checks: C-2678r4_chk

The reviewer will verify tamper evident seals are attached to the KVM switches and to the IS cable attachment points. If tamper evident seals are not placed on the KVM switch and the IS cable attachment points, this is a finding. For cables, these seals will be placed across the junction between the switch and the cable. For the KVM switch, the seals will be placed across the KVM case joints such that opening the case will break the seal.

Fix: F-6296r3_fix

Obtain tamper evident seals and apply them to the KVM switch case joints such that if the case is opened the seal will be broken. Also place them across the junction between the IS cables and the KVM switch so that if a cable is moved or removed the seal will be broken. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

c
A KVM switch must not be used to switch a peripheral other than a keyboard, video monitor, or mouse in an environment where the KVM switch is attached to ISs of different classification levels..
High - V-6702 - SV-6883r2_rule
RMF Control
Severity
High
CCI
Version
KVM02.008.00
Vuln IDs
  • V-6702
Rule IDs
  • SV-6883r2_rule
Peripheral devices, other than keyboards, video monitors, and mice, can contain persistent memory and allow data to move between ISs of differing classification levels creating an unacceptable situation. This includes the ability to switch a smart card reader. If the switch has the ability to switch other peripheral devices and the feature is not disabled it will be assumed it is being used. When the KVM switch is attached to ISs of different classification levels, the ISSO or SA will ensure the KVM switch’s ability to switch peripheral devices other than the keyboard, video, and mouse is disabled.System AdministratorDCBP-1
Checks: C-2680r2_chk

The reviewer will, with the assistance of the ISSO or SA, verify the KVM switch is not configured to switch peripherals other than Keyboard, Video, and Mouse. Note: This includes but is not limited to a smart card reader. Note: The most likely interface that would be used with this feature would be USB but it may be any legacy I/O interfaces.

Fix: F-6272r3_fix

Disable the feature for automatically toggling between ISs. If the KVM switch can be configured to disable the ability to switch peripherals other than the keyboard, video monitor, and mouse, modify the configuration to disable this feature. If the KVM switch cannot be configured to disable this feature replace the KVM switch with a KVM switch that is compliant.

c
Peripherals other than a keyboard, video monitor, or mouse must not be attached to a KVM switch that is attached to ISs of different classification levels.
High - V-6703 - SV-6884r3_rule
RMF Control
Severity
High
CCI
Version
KVM02.009.00
Vuln IDs
  • V-6703
Rule IDs
  • SV-6884r3_rule
It will be assumed that any peripheral other than a keyboard, video monitor, or mouse attached to a KVM switch is intended to be used regardless of the current configuration of the KVM switch. This peripheral can contain persistent memory that can be used to move data between ISs of different classification levels compromising either the data that was moved and the IS to which the data was moved. When the KVM switch is attached to ISs of different classification levels, the ISSO, the SA, and the user will ensure no peripherals other than the keyboard, video, or mouse is connected to the KVM.System AdministratorDCBP-1
Checks: C-2683r2_chk

The reviewer will view the KVM switch, used in an environment where it is attached to ISs of different classification levels, to verify no peripherals other than the keyboard, video monitor, and mouse are attached. If any other peripherals are attached, this is a finding.

Fix: F-6298r3_fix

Remove the unauthorized peripheral and block the port it is attached to with a tamper evident seal. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

b
A KVM switch, which is attached to ISs of different classification levels, must have connections for peripherals, other than the keyboard, video monitor, or mouse, blocked with tamper evident seals.
Medium - V-6704 - SV-6889r3_rule
RMF Control
Severity
Medium
CCI
Version
KVM02.010.00
Vuln IDs
  • V-6704
Rule IDs
  • SV-6889r3_rule
It will be assumed that KVM switches that can switch peripherals other than the keyboard, video monitor, and mouse, that are attached to ISs of differing classification levels, and that do not have the connectors for the additional peripherals blocked with tamper evident seals, have been tampered with and have been used to transfer data between ISs of different classifications levels until proven otherwise. If data is transferred between ISs of different classification levels the data has been compromised and the receiving IS has been compromised. When the KVM switch is attached to ISs of different classification levels, the ISSO or SA will ensure the connectors for additional peripherals are blocked with tamper evident seals.System AdministratorDCBP-1
Checks: C-2688r3_chk

The reviewer will view the KVM switch, which is attached to ISs of different classification levels, to verify all connections for peripherals other than a keyboard, video monitor or mouse are blocked with tamper evident seals. If additional connections are not blocked with tamper evident seals, this is a finding.

Fix: F-6299r3_fix

Obtain tamper evident seals and apply them to any open connections on the KVM. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

c
A network attached KVM switch used to administer ISs must be attached to an out-of-band network.
High - V-6705 - SV-6900r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.001.00
Vuln IDs
  • V-6705
Rule IDs
  • SV-6900r2_rule
If a network attached KVM switch is attached to an out-of-band network there is less opportunity for a malicious user to compromise the interface and create a denial of service by issuing disruptive commands to a server. The ISSO or SA will ensure a network attached KVM switch used to administer ISs is connected to an out-of-band network.System AdministratorDCBP-1
Checks: C-2709r2_chk

The reviewer will interview the ISSO or SA to verify that a network attached KVM switch used to administer ISs is connected to an out of band network. If a network attached KVM used to administer ISs is not connected to an out-of-band network, this is a finding.

Fix: F-6310r2_fix

Develop a plan that will attach all network attached KVM switches used to administer ISs to an out-of-band network. Obtain CM approval and implement the plan.

c
The network attached KVM switch must not be attached to a network that is not at the same classification level as the ISs attached.
High - V-6706 - SV-6901r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.002.00
Vuln IDs
  • V-6706
Rule IDs
  • SV-6901r2_rule
If a network attached KVM switch is attached to a network of a different classification level than the ISs attached to the KVM switch, this could lead to a compromise of sensitive data either on the network or on the ISs. The ISSO will ensure network attached KVM switches are only connected to a network at the same classification level as the ISs attached.ECIC-1
Checks: C-2712r2_chk

The reviewer will interview the ISSO to verify that a network attached KVM switch is attached to a network of the same classification level as the ISs attached. If the network KVM is attached to a network that is not at the same classification level as the attached ISs, then this is a finding.

Fix: F-6313r2_fix

Remove the KVM switch from the network when the network KVM switch is attached to a network at a different classification level than the attached ISs. Attach the KVM switch to a network of the appropriate classification level.

c
The network-facing component of a network attached KVM switch must be compliant with the current Network Infrastructure STIG.
High - V-6707 - SV-6902r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.003.00
Vuln IDs
  • V-6707
Rule IDs
  • SV-6902r2_rule
If the network facing components of a network attached KVM switch are not in compliance with the Network Infrastructure STIG the KVM switch could expose the network to vulnerabilities that could lead to a denial of service caused by the disruption of the network or a compromise of sensitive data.DCCS-1, DCCS-2
Checks: C-2713r2_chk

The reviewer will interview the ISSO to verify a network review has been performed on the network the KVM switch is attached and all findings discovered during the network review dealing with the KVM switch have been closed. If a network review has not been performed on the network attached KVM switch, this is a finding.

Fix: F-6314r2_fix

Perform a self-assessment on the network the KVM switch is attached or request DISA to schedule and perform a Network review. Following the review close all findings.

c
The KVM switch must be configured to require the user to login to the KVM switch to access the ISs attached.
High - V-6708 - SV-6904r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.004.00
Vuln IDs
  • V-6708
Rule IDs
  • SV-6904r2_rule
Without identification and authentication of the user accessing the network attached KVM switch anyone can access the ISs attached and if they have knowledge of a valid user id and password for the IS, disrupt the system causing a denial of service or access sensitive data compromising that data. The ISSO will ensure the KVM switch is configured to require the user to login to the KVM switch to access the ISs attached. PKI authentication is acceptable and preferred to password authentication.This creates an additional level of identification and authentication to access the ISs. If user id and password is used on the KVM switch, users will be instructed not to use the same password for the KVM switch as is used for any of the ISs attached to the KVM switch.IAIA-2, IAIA-1
Checks: C-2718r2_chk

The reviewer will, with the assistance of the ISSO, try to access the network attached KVM switch without valid authentication. If the KVM switch is accessed without valid authentication, this is a finding.

Fix: F-6315r1_fix

Reconfigure the network attached KVM switch to require the users to login to the KVM switch prior to being allowed access to the ISs attached to the KVM switch.

c
The KVM switch must be configured to require DoD compliant passwords.
High - V-6709 - SV-6906r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.005.00
Vuln IDs
  • V-6709
Rule IDs
  • SV-6906r2_rule
Strong passwords are harder to guess or discover via brute force making the system more secure from malicious tampering. The ISSO will ensure the KVM switch is configured to require DoD compliant passwords.IAIA-1, IAIA-2
Checks: C-2721r2_chk

The reviewer will, with the assistance of the ISSO, try to change a password to a non-compliant password. If a non-compliant password can be set, this is a finding. The use of PKI authentication would make this check not a finding.

Fix: F-6316r2_fix

Reconfigure the network attached KVM switch to require DoD compliant passwords. If this is not possible, replace the KVM switch with a KVM switch that can be configured to enforce DoD compliant passwords.

c
Group or shared user ids must not be used on a network attached KVM switch.
High - V-6710 - SV-6907r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.006.00
Vuln IDs
  • V-6710
Rule IDs
  • SV-6907r2_rule
Usage of group or shared user ids makes it impossible to attribute an action to the originating user. In the case of a malicious action this could make prosecution impossible. The ISSO will ensure group or shared user ids are not used.IAGA-1
Checks: C-2722r3_chk

The reviewer will interview the ISSO and verify that group or shared user ids are not being used. If group or shared user ids are being used, this is a finding.

Fix: F-6317r2_fix

Remove the shared or group user ids and issue individual user ids to each user that requires access to the network attached KVM switch.

a
The network attached KVM switch must be configured to restrict a users access only to the systems they require.
Low - V-6711 - SV-6908r2_rule
RMF Control
Severity
Low
CCI
Version
KVM03.007.00
Vuln IDs
  • V-6711
Rule IDs
  • SV-6908r2_rule
Users accessing ISs they do not need access to can lead to the compromise of sensitive data. The ISSO will ensure the KVM switch is configured to restrict a user’s access to only the systems they require.ECAN-1
Checks: C-2723r2_chk

The reviewer will, with the assistance of the ISSO, try to access a system not allowed to the user signed onto the network attached KVM switch. If the user is able to access any systems, other than required systems, this is a finding.

Fix: F-6318r1_fix

Reconfigure the network attached KVM switch to restrict users to systems they need to access.

a
The network attached KVM switch must display an Electronic Notice and Consent Banner complaint with requirements of CJSCM 6510.01.
Low - V-6712 - SV-6909r2_rule
RMF Control
Severity
Low
CCI
Version
KVM03.008.00
Vuln IDs
  • V-6712
Rule IDs
  • SV-6909r2_rule
The warning banner notifies the user they are accessing a DoD system and they consent to having their actions monitored. Without this banner it is difficult to prosecute individuals who violate the usage restrictions of the IS.System AdministratorECWM-1
Checks: C-2724r3_chk

The reviewer will, with the assistance of the ISSO or the SA, access the network attached KVM switch to verify a compliant warning banner is displayed. If a DoD compliant warning banner is not displayed, this is a finding.

Fix: F-6319r2_fix

Reconfigure the network KVM switch to display a warning banner in accordance with CJSCM 6510.01.

c
The KVM switch must be configured to use encrypted communications with FIPS 140-2 validated cryptography.
High - V-6713 - SV-6910r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.009.00
Vuln IDs
  • V-6713
Rule IDs
  • SV-6910r2_rule
Because all administrative traffic contains sensitive data such as unencrypted passwords, it will be encrypted to protect it from interception. The KVM switch will be configured to require encryption for all communications via the network. NIST FIPS 140-2 validated cryptography will be used. The ISSO or SA will ensure the KVM switch is configured to use encrypted communications using FIPS 140-2 validated cryptography.System AdministratorECNK-1
Checks: C-2725r2_chk

The reviewer will, with the assistance of the ISSO or SA, verify the network attached KVM switch is configured for encryption using FIPS 140-2 validated cryptography. If the network KVM switch is not configured to use FIPS 140-2 validated cryptography, this is a finding.

Fix: F-6320r2_fix

Reconfigure the network KVM switch to use FIPS 140-2 validated cryptography for all communications across the network.

c
The KVM switch must be configured to encapsulate and send USB connections other than KVM connections.
High - V-6714 - SV-6911r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.010.00
Vuln IDs
  • V-6714
Rule IDs
  • SV-6911r2_rule
Some network attached KVM switched can encapsulate USB connections other than the keyboard, video monitor, and mouse connections. This connection could be a disk drive connection and could allow the transfer of data between the ISs attached to the KVM switch and the client system attached via IP to the KVM switch leading to a compromise of sensitive data. The ISSO or SA will ensure the KVM switch is not configured to encapsulate and send USB connections other than KVM connections.System AdministratorDCBP-1
Checks: C-2727r2_chk

The reviewer will, with the assistance of the ISSO or SA, verify the KVM switch is not configured to encapsulate and send USB connections other than KVM connections. If the KVM switch is configured to encapsulate and send USB connections other than Keyboard, Video, and Mouse connections, this is a finding.

Fix: F-6321r1_fix

Reconfigure the network KVM switch so that it will not encapsulate USB connections other than the keyboard, video monitor, or mouse, over IP.

b
Unused USB ports on the KVM switch must be blocked with tamper evident seals on a KVM switch that can encapsulate and send the USB protocol over the network to the client.
Medium - V-6715 - SV-6915r3_rule
RMF Control
Severity
Medium
CCI
Version
KVM03.011.00
Vuln IDs
  • V-6715
Rule IDs
  • SV-6915r3_rule
By blocking the unused USB ports on a network attached KVM switch that can encapsulate USB over IP with tamper evident seals there will be an indication if someone has attached an unauthorized USB connection to the KVM switch. When a seal is found to have been tampered with or broken, it should be investigated. The ISSO will ensure any open USB ports on the KVM switch are blocked with tamper evident seals.DCBP-1
Checks: C-2731r3_chk

If the KVM switch can encrypt USB and send it over the network, the reviewer will view the KVM switch and verify that unused USB ports are blocked with tamper evident seals. If unused USB ports are not blocked with tamper evident seals, this is a finding.

Fix: F-6322r3_fix

Block unused USB ports on a network attached KVM switch that can encapsulate USB over IP with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

b
A network attached KVM switch must not be configured to control the power supplied to the ISs attached to the KVM switch or the connectors on the KVM switch that support this feature are not blocked with tamper evident seals.
Medium - V-6716 - SV-6916r3_rule
RMF Control
Severity
Medium
CCI
Version
KVM03.012.00
Vuln IDs
  • V-6716
Rule IDs
  • SV-6916r3_rule
If a network attached KVM switch can control the power to the ISs attached to it and the KVM switch is compromised, a denial of service can be caused by powering off all the ISs attached to the KVM switch without accessing the individual ISs. The ISSO will ensure any feature that allows the KVM switch to directly control the power supplied to the ISs is not configured or used, and any connectors on the KVM switch used to support this feature are blocked with a tamper evident seal.PECF-2, DCBP-1, PECF-1
Checks: C-2733r3_chk

With the assistance of the ISSO, verify the network attached KVM switch is not configured to control the power of the ISs attached and all connectors on the KVM switch that support this functionality are blocked with tamper evident seals. If the KVM switch is configured to control the power of connected ISs, this is a finding.

Fix: F-6323r3_fix

Remove the KVM switch’s control over the power supplied to the ISs and block any connectors on the KVM switch used to support this feature with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

c
A network attached KVM switch must not be attached to ISs of different classification levels.
High - V-6717 - SV-6917r2_rule
RMF Control
Severity
High
CCI
Version
KVM03.013.00
Vuln IDs
  • V-6717
Rule IDs
  • SV-6917r2_rule
Because of the problems inherent in the spanning of networks of different classification levels, network attached KVM switches will not be attached to ISs of different classification levels. This can lead to the compromise of sensitive data. The ISSO will ensure the network attached KVM switches are not attached to ISs of different classification levels.ECIC-1
Checks: C-2737r2_chk

The reviewer will interview the ISSO to verify that a network attached KVM switch is not attached to ISs of different classification levels. If a network attached KVM is attached to ISs of different classification levels, this is a finding.

Fix: F-6324r2_fix

Remove all ISs from the network attached KVM switch that have a classification level that is different from the classification level of the network the KVM switch is attached to. Use a new network attached KVM switch for each IS classification level that you removed from the original KVM switch. Attach the KVM switch to a network that has the same classification level as the ISs that have been attach to the KVM switch.

a
There must be user agreements documenting the use of A/B switches.
Low - V-6718 - SV-6921r2_rule
RMF Control
Severity
Low
CCI
Version
KVM04.001.00
Vuln IDs
  • V-6718
Rule IDs
  • SV-6921r2_rule
A signed user agreement is proof that the user has been informed of his security responsibilities when using an A/B switch. The ISSO will maintain written user agreements for all users authorized to use an A/B switch.PRRB-1
Checks: C-2758r2_chk

The reviewer will interview the ISSO and view the user agreements. A singed addendum to the SAAR is acceptable. If signed A/B switch user agreements are not on file, this is a finding.

Fix: F-6336r2_fix

Create a standard user agreement for the use of A/B switches and have all authorized A/B switches users sign a user agreement.

a
There must be user documentation describing the correct usage and user responsibilities for an A/B switch.
Low - V-6719 - SV-6922r2_rule
RMF Control
Severity
Low
CCI
Version
KVM04.002.00
Vuln IDs
  • V-6719
Rule IDs
  • SV-6922r2_rule
The Security Features Users Guide (SFUG) gives the user a single source to find security policy and guidance as to the user’s responsibility for security. The general policies and user responsibilities as apply to A/B switches and any local security policies will be placed in the SFUG or similar document. The ISSO will maintain and distribute to the users a SFUG that describes the correct uses of an A/B switch and the user’s responsibilities.PRRB-1
Checks: C-2760r2_chk

The reviewer will interview the ISSO and view the SFUG or equivalent documentation to verify the following points are discussed. 1. A/B switches should be used only if there is no other solution. 2. A/B switches should be used only to connect multiple peripheral devices to a single IS. 3. A/B switches should never be used to connect a single peripheral to multiple ISs. 4. If an A/B switch is used to connect or share peripheral devices between two or more ISs, the ISs should be intended for the use of a single user within the users work area, and be visible from all ISs that it is attached. If documentation does not exist with the SFUG, describing the correct usage of an A/B switch and the user’s responsibilities, this is a finding.

Fix: F-6337r2_fix

Create a section in the site's SFUG that contains general security policies and guidance plus the site's security policies and guidance for use of an A/B switch.

c
The A/B switch must be physically protected in accordance with the requirements of the highest classification of any IS connected to the A/B switch.
High - V-6720 - SV-6923r2_rule
RMF Control
Severity
High
CCI
Version
KVM04.003.00
Vuln IDs
  • V-6720
Rule IDs
  • SV-6923r2_rule
If the A/B switch is not located in an area that has the same physical security as required by the IS of the highest classification level, this can lead to a compromise of sensitive data. The ISSO or SA will ensure the A/B switch is physically protected in accordance with the requirements of the highest classification for any IS connected to the A/B switch.If the A/B switch needs to be relocated, all ISs and devices attached to the switch may need to be powered down prior to the move.System AdministratorPECF-2, PECF-1
Checks: C-2762r2_chk

The reviewer will view the A/B switch to verify it is physically protected in accordance with the requirements of the highest classification of any IS connected to the A/B switch. If it is in the same location as the ISs connected then it is adequately protected. If the switch is not physically protected in accordance with the classification level of the highest attached IS, this is a finding.

Fix: F-6338r2_fix

Move the A/B switch to a location where it is protected in the same manner as required by the IS of the highest classification level the A/B switch is attached.

b
An A/B switch must not be used to share a peripheral device between two or more users.
Medium - V-6757 - SV-6979r2_rule
RMF Control
Severity
Medium
CCI
Version
KVM04.004.00
Vuln IDs
  • V-6757
Rule IDs
  • SV-6979r2_rule
When using an A/B switch to switch a peripheral between two or more users the risk always exists where the peripheral is connected to the wrong IS. An example would be a scanner shared between two systems using an A/B switch. If the user presses the scan button when the A/B switch is pointed to a different IS than the user intended, the document would be scanned into the wrong system. This could lead to the compromise of sensitive data. The ISSO or SA will ensure an A/B switch is not used to share a peripheral device between two or more users.There may be a need to acquire more peripherals.System AdministratorDCBP-1
Checks: C-2899r2_chk

The reviewer will interview the ISSO or SA to verify that A/B switches are not being used to share peripherals between two users. If an A/B switch is being used to share peripherals between users, this is a finding.

Fix: F-6405r1_fix

Develop a plan to remove all A/B switches that are being used to switch peripherals between two or more users and to acquire new peripherals to support documented needs. Obtain CM approval of the plan and execute the plan.

a
The A/B switch must be properly marked and labeled.
Low - V-6758 - SV-6980r2_rule
RMF Control
Severity
Low
CCI
Version
KVM04.005.00
Vuln IDs
  • V-6758
Rule IDs
  • SV-6980r2_rule
Failure to correctly mark switch positions and cable connections can lead to the A/B switch connecting the wrong device to the wrong system for the current intended use. This can lead to a denial of access to a peripheral by an IS or the access of the wrong peripheral by an IS compromising sensitive data. The ISSO or SA will ensure the A/B switch, cables, switch positions, and connectors are labeled in accordance with this STIG.System AdministratorECML-1
Checks: C-2904r2_chk

The reviewer will view the A/B switch to verify it is marked in accordance with this STIG. It is marked government owned equipment. The switch positions are marked as to the systems or peripherals connected. The cables and connectors are marked with the systems or peripherals that are connected and their classification level. If the A/B switch is not properly marked and labeled, this is a finding.

Fix: F-6411r2_fix

Mark and label the A/B switch in accordance with this STIG.

b
A/B switches connecting information systems of differing classification levels must be on the NIAP CCEVS Products Lists.
Medium - V-6759 - SV-6981r3_rule
RMF Control
Severity
Medium
CCI
Version
KVM04.006.00
Vuln IDs
  • V-6759
Rule IDs
  • SV-6981r3_rule
An A/B switch not found on the approved KVM and A/B switch lists has not been tested to verify that it does not leak data between systems. This can lead to the compromise of sensitive data or the compromise of the ISs attached to the A/B switch. The organization will ensure only approved A/B switches are used with ISs of differing classification levels.If there is no approved A/B switch, additional peripheral devices may need to be obtained.DCBP-1
Checks: C-2906r4_chk

The reviewer will verify the A/B switch attached to ISs of different classification levels exist on the NIAP CCEVS Products Lists. https://www.niap-ccevs.org/CCEVS_Products/ If the A/B switch is not on the NIAP CCEVS Products Lists, this is a finding.

Fix: F-6412r3_fix

Replace the A/B switch with one from the NIAP CCEVS Products Lists. https://www.niap-ccevs.org/CCEVS_Products/

b
Tamper evident seals must be attached to the A/B switch and all IS cables at their attachment points for A/B switches attached to devices or ISs that have different classification levels.
Medium - V-6760 - SV-6982r3_rule
RMF Control
Severity
Medium
CCI
Version
KVM04.007.00
Vuln IDs
  • V-6760
Rule IDs
  • SV-6982r3_rule
Without the presences of tamper evident seals the A/B switch or its connections can be tampered with and the tampering will go undetected. This can lead to the compromise of sensitive data or the compromise of an IS. When an A/B switch is attached to ISs of different classification levels, the ISSO or SA will ensure tamper evident seals are attached to the A/B switch and all IS cables at their attachment points.System AdministratorDCBP-1
Checks: C-2907r3_chk

The reviewer will, for an A/B switch attached to devices or ISs which are at different classification levels, view the A/B switch to verify tamper evident seals are attached to the A/B switch and all IS cables at their attachment points. If tamper evident seals are not attached to the A/B switch and all IS cables at their attachment points, this is a finding.

Fix: F-6413r3_fix

For an A/B switch attached to devices or ISs which are at different classification levels, attach tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

a
A/B switches must not be cascaded when connected to devices or ISs which are at different classification levels.
Low - V-6761 - SV-6983r2_rule
RMF Control
Severity
Low
CCI
Version
KVM04.008.00
Vuln IDs
  • V-6761
Rule IDs
  • SV-6983r2_rule
When A/B switches are cascaded it is difficult to verify the currently selected connection is the correct selection. When A/B switches are used with ISs of differing classification levels this can lead to the compromise of sensitive data. When A/B switches are attached to ISs of different classification levels the ISSO or SA will ensure that A/B switches are not cascaded.It may be necessary to obtain additional peripherals to sustain the required functionality after removing the cascaded A/B switches.System AdministratorDCBP-1
Checks: C-2908r2_chk

The reviewer will, for A/B switches which are connected to devices or ISs that are at different classification levels, view the A/B switches to verify the A/B switches are not cascaded. If the A/B switches are cascaded, this is a finding.

Fix: F-6414r1_fix

Remove the cascaded A/B switches that are connected to ISs of different classification levels.

c
An A/B switch must not be used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels.
High - V-6762 - SV-6984r2_rule
RMF Control
Severity
High
CCI
Version
KVM04.009.00
Vuln IDs
  • V-6762
Rule IDs
  • SV-6984r2_rule
If the peripheral device attached to an A/B switch, which is connected to ISs of differing classification levels, can be written to and read from this can lead to the compromise of sensitive or classified data and/or the compromise of the ISs. The ISSO or SA will ensure A/B switches are not used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels.It may be necessary to obtain new peripheral devices to replace needed functionality when the A/B switch is removed.System AdministratorDCBP-1
Checks: C-2909r2_chk

The reviewer will view the A/B switch to verify the A/B switch is not used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels. This would include but not be limited to ZIP drives, hard disk drives, and writable CD drives. If A/B switches are used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels, this is a finding.

Fix: F-6415r1_fix

Remove the A/B switch used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels.

c
Input or output devices including, but not limited to, scanners, printers, or plotters must not be attached to an A/B switches that spans classification levels.
High - V-6763 - SV-6985r2_rule
RMF Control
Severity
High
CCI
Version
KVM04.010.00
Vuln IDs
  • V-6763
Rule IDs
  • SV-6985r2_rule
Input devices attached to A/B switches that are in turn attached to ISs of different classification levels could input data to the wrong IS compromising sensitive or classified data and/or the IS involved. Output from output devices attached to A/B switches that are in turn attached to ISs of different classification levels could be picked up by an individual other than the one the data was intended, leading to a compromise of sensitive or classified data. The ISSO will ensure input and output devices including but not limited to scanners, printers, or plotters are not attached to A/B switches that span classification levels.Additional hardware may need to be obtained to maintain the required functionality after the A/B switch is removed.System AdministratorInformation Assurance OfficerDCBP-1
Checks: C-2910r2_chk

The reviewer will view the A/B switch to verify input and output devices including, but not limited to, scanners, printers, or plotters are not attached to an A/B switch that spans classification levels. If input and output devices are attached to an A/B switch that spans classification levels, this is a finding.

Fix: F-6416r2_fix

Remove the A/B switch attached to ISs of different classification levels and an input or output peripheral.