Written permission from the DAA responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels is not being maintained.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6698 | KVM02.004.00 | SV-6867r1_rule | DCBP-1 | Low |
| Description |
|---|
| The DAA responsible for a IS attached to a KVM switch that has other ISs attached of differing classifications levels must approve of the use of the KVM switch. The DAA is the only individual that may be cognizant of the nature of the data accessible from the IS and what requirements have been placed on its access. There may have a need to have the system isolated from KVM switches even though they are approved for use in spanning classification levels. When the ISs are of different classification levels, the IAM will maintain written permission from all DAAs responsible for all ISs that are connected to a KVM switch. |
| STIG | Date |
|---|---|
| Keyboard Video and Mouse Switch STIG | 2014-08-04 |
Details
| Check Text ( C-2658r1_chk ) |
|---|
| The reviewer will interview the IAM and verify that written permission from the DAA responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels is being maintained. View the documentation. |
| Fix Text (F-6292r1_fix) |
|---|
| Obtain written permission for the IS to be attached to the KVM switch in accordance with the SPAN STIG from the DAA responsible for the system in question At the earliest time so as not to impact production, if written permission has not received, the IS will be removed from the KVM switch and placed on a separate keyboard, video monitor, and mouse until written permission is received. |