A written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch is not maintained.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6685	KVM02.001.00	SV-6847r1_rule	DCHW-1	Low

Description
Without a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch, tampering with the KVM switch by adding or moving connections cannot be verified and the physical configuration cannot be reproduced if needed. This can lead to a denial of service if a connection is removed or moved, or a compromise of sensitive data if a connection is added or moved. The IAO will maintain a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch.

Description

Without a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch, tampering with the KVM switch by adding or moving connections cannot be verified and the physical configuration cannot be reproduced if needed. This can lead to a denial of service if a connection is removed or moved, or a compromise of sensitive data if a connection is added or moved. The IAO will maintain a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch.

STIG	Date
Keyboard Video and Mouse Switch STIG	2014-08-04

Details

Check Text ( C-2635r1_chk )
The reviewer will verify that the description exists and check that it accurately describes the switch and its attached ISs. An annotated drawing or diagram is acceptable.

Fix Text (F-6275r1_fix)
Create a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level for each IS attached to the KVM switch.