Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6680 | KVM01.006.00 | SV-6842r2_rule | ECML-1 | Low |
Description |
---|
Without the banners to identify the information system the KVM switch is currently active on, the user could enter a command to the wrong information system and create a denial of service or the user could enter data into the wrong system creating either a security incident (data entered to a system of the wrong classification) or a compromise of sensitive data. |
STIG | Date |
---|---|
Keyboard Video and Mouse Switch STIG | 2015-06-30 |
Check Text ( C-2629r5_chk ) |
---|
The reviewer will view the desktop backgrounds of each information system attached to the KVM switch and verify they are labeled as described below. The desktop backgrounds will display classification banners at the top and bottom of the screen. These banners will state the overall classification level of the information system in large bold type. These banners will have a solid background color assigned using the following scheme: Yellow for Sensitive Compartmented Information (SCI). Orange for Top Secret (TS). Red for Secret. Blue for Confidential. Green for Unclassified. When information systems have similar classification levels but require separation for other reasons, the use of unique colors for different information systems or networks is permissible. These banners will identify the information system, if space is available. If classification banners are not used on information systems attached to a KVM, this is a finding. |
Fix Text (F-6270r4_fix) |
---|
Modify the screen backgrounds for each information system attached to the KVM switch to comply with information below. These banners will state the overall classification level of the information system in large bold type. These banners will have a solid background color assigned using the following scheme: Yellow for Sensitive Compartmented Information (SCI). Orange for Top Secret (TS). Red for Secret. Blue for Confidential. Green for Unclassified. When information systems have similar classification levels but require separation for other reasons, the use of unique colors for different information systems or networks is permissible. These banners will identify the information system, if space is available. |