UCF STIG Viewer Logo

Keyboard Video and Mouse Switch STIG



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-6706 High The network attached KVM switch is attached to a network that is not at the same classification level as the ISs attached.
V-6708 High The KVM switch is not configured to require the user to login to the KVM switch to access the ISs attached.
V-6717 High A network attached KVM switch is attached to ISs of different classification levels.
V-6677 High The KVM switch is not physically protected in accordance with the requirements of the highest classification for any IS connected to the KVM switch.
V-6714 High The KVM switch is configured to encapsulate and send USB connections other than KVM connections.
V-6713 High The KVM switch is not configured to use encrypted communications with FIPS 140-1/2 validated cryptography.
V-6710 High Group or shared userids are being used on a network attached KVM switch.
V-6709 High The KVM switch is not configured to require DOD compliant password.
V-6687 High The KVM switch has the ability to support a RAS connection, this feature is not disabled or the connectors on the KVM switch supporting this feature are not blocked with a tamper resistant seal.
V-6702 High A KVM switch is being used to switch a peripheral other than a keyboard, video or mouse in an environment where the KVM switch is attached to ISs of different classification levels..
V-6703 High Peripherals other than a keyboard, video, or mouse are attached to a KVM switch that is attached to ISs of different classification levels.
V-6705 High A network attached KVM switch used to administer ISs is not attached to an “out-of-band” network.
V-6720 High The A/B switch is not physically protected in accordance with the requirements of the highest classification of any IS connected to the A/B switch.
V-6707 High The network-facing component of a network attached KVM switch is not compliant with the current Network Infrastructure STIG.
V-6762 High The An A/B switch is used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels.
V-6763 High Input or output devices including, but not limited to, scanners, printers or plotters are attached to an A/B switches that spans classification levels.
V-6757 Medium An A/B switch is used to share a peripheral device between two or more users.
V-6759 Medium KVMs and A/B switches connecting information systems of differing classification levels must be on the NIAP Products Compliance List.
V-6678 Medium Smart (intelligent or programmable) keyboard is used in conjunction with a KVM switch when the KVM switch is connected to ISs of different classification and/or sensitivity.
V-6679 Medium A wireless keyboard or mouse that is not in compliance with the current Wireless STIG is attached to a KVM switch.
V-6715 Medium Unused USB ports on the KVM switch are not blocked with tamper resistant on a KVM switch that can encapsulate and send the USB protocol over the network to the client.
V-6681 Medium The KVM switch has configurable features, but the configuration is not protected from modification with a DOD compliant password.
V-6683 Medium A “hot key” feature is enabled other than the menu feature that allows the user to select the IS to be used from the displayed menu.
V-6682 Medium The KVM switch has the feature for automatically toggling between ISs and it is not disabled.
V-6686 Medium The KVM switch is not configured to force the change of the configuration password every 90 days or that there is no policy and procedure in place to change the configuration password every 90 days.
V-6716 Medium A network attached KVM switch is configured to control the power supplied to the ISs attached to the KVM switch or the connectors on the KVM switch that support this feature are not blocked with tamper resistant seals.
V-6701 Medium Tamper resistant seals are not attached to the KVM switch and all IS cables at their attachment points where the KVM switch is attached to ISs of different classification levels.
V-6704 Medium A KVM switch, which is attached to ISs of different classification levels, has connectors for additional peripherals other than the keyboard, video, or mouse that are not blocked with tamper resistant seals.
V-6760 Medium Tamper resistant seals are not attached to the A/B switch and all IS cables at their attachment points for A/B switches attached to devices or ISs that have different classification levels.
V-6699 Medium KVM or A/B switches must be approved prior to being connected to ISs that are at different classification levels.
V-6719 Low There is no user documentation describing the correct usage and users responsibilities for an A/B switch.
V-6718 Low There are no user agreements documenting the use of A/B switches.
V-6675 Low Written user agreements for all users authorized to use the KVM or A/B switch are not being maintained..
V-6676 Low A SFUG, or an equivalent document, that describes the correct uses of the switch and the users responsibilities, is not being maintained and distributed.
V-6712 Low The network attached KVM switch does not display an Electronic Notice and Consent Banner complaint with requirements of CJSCM 6510.01.
V-6711 Low The network attached KVM switch is not configured to restrict users access only to the systems they require.
V-6680 Low The desktop background of information systems attached to a KVM switch must be labeled with the proper classification banners.
V-6685 Low A written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch is not maintained.
V-6684 Low A machine-readable or a paper-document backup is not maintained for the configuration of the KVM switch.
V-6758 Low The A/B switch is not marked in accordance with the Sharing Peripherals Across the Network STIG.
V-6700 Low A KVM switch is cascaded while being attached to ISs of different classification levels.
V-6761 Low A/B switches, that are connected to devices or ISs which are at different classification levels, are cascaded.
V-6698 Low Written permission from the DAA responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels is not being maintained.