The SFUG (Security Features User Guide) or an equivalent document describes the user’s security responsibilities including any site-specific requirements. This gives the user a single reference source for both initial indoctrination and for later review. The distribution of the SFUG will lessen the vulnerabilities created by user ignorance of policy or procedures required by the site. By keeping this document current the user will have the current policies and procedures available. The ISSO will maintain and distribute to the users a SFUG, or an equivalent document, that describes the correct uses of the switch and the user’s responsibilities.
The reviewer will interview the ISSO and review the SFUG documentation.
The SFUG will at a minimum have the following requirements. 1. Logging onto an IS. a. Identify the classification of the IS currently selected. b. Use the login and passwords appropriate for that IS. c. Verify the classification of the present IS by checking the classification label/banner. d. Begin processing. 2. Switching between ISs. a. Screen lock the IS you are currently working on if the IS supports this capability. b. Select the desired IS with the switch. c. Enter your user identifier and password to deactivate the screen lock on the newly selected IS. d. Verify the classification of the present IS by checking the classification label/banner. e. Begin processing. If no documentation exists within the SFUG or equivalent document, describing the user's security responsibilities when using a KVM or A/B switch, then this is a finding.
Fix Text (F-6258r2_fix)
If a Security Features User Guide does not exist, develop one making sure there is a section for KVM and A/B switches containing the information found in this STIG.
If a Security Features User Guide exists, but does not contain a section on KVM and A/B switches, create a section that describes the correct uses of KVM and A/B switches.