A KVM switch is being used to switch a peripheral other than a keyboard, video or mouse in an environment where the KVM switch is attached to ISs of different classification levels..
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6702 | KVM02.008.00 | SV-6883r1_rule | DCBP-1 | High |
| Description |
|---|
| Since the other peripheral devices could contain persistent memory and allow data to become compromised by moving it between ISs of differing classification levels this would create an unacceptable situation. This includes the ability to switch a smart card reader. If the switch has this ability and it is not disabled it will be assumed that it is being used. When the KVM switch is attached to ISs of different classification levels, the IAO or SA will ensure, if the KVM switch has the ability to switch peripheral devices other than the keyboard, video, and mouse, that this feature is disabled. |
| STIG | Date |
|---|---|
| Keyboard Video and Mouse Switch STIG | 2014-08-04 |
Details
| Check Text ( C-2680r1_chk ) |
|---|
| The reviewer will, with the assistance of the IAO or SA, verify that the KVM switch is not configured to switch peripherals other than a Keyboard, Video, and Mouse. Note: This includes but is not limited to a smart card reader. Note: The most likely interface that would be used with this feature would be USB but it may be any legacy I/O interfaces. |
| Fix Text (F-6272r1_fix) |
|---|
| Disable the feature for automatically toggling between ISs. If the KVM switch can be configured to disable the ability to switch peripherals other than the keyboard, video monitor, and mouse, modify the configuration to disable this feature. If the KVM switch cannot be configured to disable this feature replace the KVM switch with a KVM switch that is compliant with the SPAN STIG. |