UCF STIG Viewer Logo

A KVM switch with configurable features must have the configuration protected from modification with a DoD compliant password.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6681 KVM01.007.00 SV-6843r2_rule IAIA-2 IAIA-1 Medium
Description
If the KVM switch is configurable, some features that are available such as auto toggling between attached ISs are not permitted. If the configuration is not protected by a password it can be modified by any user allowing features that are not permitted. This can lead to the compromise of sensitive data. If the KVM switch has configurable features, the ISSO or SA will ensure the configuration is protected from modification with a DoD compliant password.
STIG Date
Keyboard Video and Mouse Switch STIG 2015-12-09

Details

Check Text ( C-2631r2_chk )
If the KVM switch is configurable, the reviewer will, with the assistance of the SA, try to change the configuration with a random password and with no password. If the reviewer is able to change the configuration with a random password or no password, then this is a finding.

Note: The emphasis here is the protection of the configuration not the technique, if the configuration is protected as a function of a privileged user id/password sign in or by a DoD PKI (for network attached KVM switches) this fulfills this requirement.
Fix Text (F-6271r2_fix)
If the KVM switch’s configuration can be protected by a password, including user id/password combinations or PKI for network attached switches, create a DOD compliant password to protect the configuration.

If the KVM switch’s configuration cannot be protected by a password, including user id/password combinations or PKI for network attached switches, replace it with a KVM switch that either has no configuration or the configuration can be protected by a password.