A network attached KVM switch must not be configured to control the power supplied to the ISs attached to the KVM switch or the connectors on the KVM switch that support this feature are not blocked with tamper resistant/evident seals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6716 | KVM03.012.00 | SV-6916r2_rule | DCBP-1 PECF-1 PECF-2 | Medium |
| Description |
|---|
| If a network attached KVM switch can control the power to the ISs attached to it and the KVM switch is compromised, a denial of service can be caused by powering off all the ISs attached to the KVM switch without accessing the individual ISs. The ISSO will ensure any feature that allows the KVM switch to directly control the power supplied to the ISs is not configured or used, and any connectors on the KVM switch used to support this feature are blocked with a tamper resistant/evident seal. |
| STIG | Date |
|---|---|
| Keyboard Video and Mouse Switch STIG | 2015-06-30 |
Details
| Check Text ( C-2733r2_chk ) |
|---|
| With the assistance of the ISSO, verify the network attached KVM switch is not configured to control the power of the ISs attached and all connectors on the KVM switch that support this functionality are blocked with tamper resistant/evident seals. If the KVM switch is configured to control the power of connected ISs, this is a finding. |
| Fix Text (F-6323r2_fix) |
|---|
| Remove the KVM switch’s control over the power supplied to the ISs and block any connectors on the KVM switch used to support this feature with tamper resistant/evident seals. Tamper resistant/evident seals are available from Protective Technologies: ptproducts@radium.ncsc.mil. |