UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Unused USB ports on the KVM switch must be blocked with tamper evident seals on a KVM switch that can encapsulate and send the USB protocol over the network to the client.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6715 KVM03.011.00 SV-6915r3_rule DCBP-1 Medium
Description
By blocking the unused USB ports on a network attached KVM switch that can encapsulate USB over IP with tamper evident seals there will be an indication if someone has attached an unauthorized USB connection to the KVM switch. When a seal is found to have been tampered with or broken, it should be investigated. The ISSO will ensure any open USB ports on the KVM switch are blocked with tamper evident seals.
STIG Date
Keyboard Video and Mouse Switch STIG 2015-12-09

Details

Check Text ( C-2731r3_chk )
If the KVM switch can encrypt USB and send it over the network, the reviewer will view the KVM switch and verify that unused USB ports are blocked with tamper evident seals. If unused USB ports are not blocked with tamper evident seals, this is a finding.
Fix Text (F-6322r3_fix)
Block unused USB ports on a network attached KVM switch that can encapsulate USB over IP with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.