A network attached KVM switch must not be configured to control the power supplied to the ISs attached to the KVM switch or the connectors on the KVM switch that support this feature are not blocked with tamper evident seals.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6716	KVM03.012.00	SV-6916r3_rule	PECF-2 DCBP-1 PECF-1	Medium

Description
If a network attached KVM switch can control the power to the ISs attached to it and the KVM switch is compromised, a denial of service can be caused by powering off all the ISs attached to the KVM switch without accessing the individual ISs. The ISSO will ensure any feature that allows the KVM switch to directly control the power supplied to the ISs is not configured or used, and any connectors on the KVM switch used to support this feature are blocked with a tamper evident seal.

Description

If a network attached KVM switch can control the power to the ISs attached to it and the KVM switch is compromised, a denial of service can be caused by powering off all the ISs attached to the KVM switch without accessing the individual ISs. The ISSO will ensure any feature that allows the KVM switch to directly control the power supplied to the ISs is not configured or used, and any connectors on the KVM switch used to support this feature are blocked with a tamper evident seal.

STIG	Date
Keyboard Video and Mouse Switch STIG	2015-12-09

Details

Check Text ( C-2733r3_chk )
With the assistance of the ISSO, verify the network attached KVM switch is not configured to control the power of the ISs attached and all connectors on the KVM switch that support this functionality are blocked with tamper evident seals. If the KVM switch is configured to control the power of connected ISs, this is a finding.

Fix Text (F-6323r3_fix)
Remove the KVM switch’s control over the power supplied to the ISs and block any connectors on the KVM switch used to support this feature with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

Fix Text (F-6323r3_fix)

Remove the KVM switch’s control over the power supplied to the ISs and block any connectors on the KVM switch used to support this feature with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.