UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Information Assurance - Authorizing Official (AO) and DoDIN Connection Approval Office (CAO) Approval Documentation for use of KVM and A/B switches for Sharing of Classified and Unclassified Peripheral Devices


Overview

Finding ID Version Rule ID IA Controls Severity
V-245784 IA-10.03.01 SV-245784r917375_rule Low
Description
Failure to request approval for connection of existing or additional KVM or A/B devices (switch boxes) for use in switching between classified (e.g., SIPRNet) devices and unclassified devices (e.g., NIPRNet) from both the Authorizing Official (AO) and the DODIN Connection Approval Office could result in unapproved devices being used or approved devices being used or configured in an unapproved manner, thereby increasing the risk for the DODIN. REFERENCES: NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: SC-3 and SC-4 DISN Connection Process Guide: http://disa.mil/network-services/enterprise-connections/connection-process-guide NIAP Products Compliance List (PCL): https://www.niap-ccevs.org/index.cfm
STIG Date
Traditional Security Checklist 2023-05-31

Details

Check Text ( C-49215r917370_chk )
1. Check to ensure the Enclave Authorizing Official (AO) has specifically documented the approval for use of KVM and/or A/B switches in the ATO or other official documentation signed by the AO authorizing use of switches between high-side (classified/SIPRNet) and low-side (unclassified/NIPRNet) shared devices.

2. Check to ensure the AO has submitted initial and updated documentation (as required) to the DODIN Connection Approval Office (CAO) reflecting the use or addition of KVM or A/B devices on a user's enclave. The documentation may be part of the Authorization and Accreditation (A&A) documentation IAW RMF procedures or otherwise as specified by the DODIN CAO.

TACTICAL ENVIRONMENT: The check is applicable where KVM devices are in use.
Fix Text (F-49170r917371_fix)
1. The Enclave Authorizing Official (AO) must specifically document the approval for use of KVM and/or A/B switches in the ATO or other official documentation signed by the AO authorizing use of switches between high-side (classified/SIPRNet) and low-side (unclassified/NIPRNet) shared devices.

2. The AO must submit initial and updated documentation (as required) to the DODIN Connection Approval Office (CAO) reflecting the use or addition of KVM or A/B devices on a user's enclave. The documentation may be part of the Authorization and Accreditation (A&A) documentation IAW RMF procedures or otherwise as specified by the DODIN CAO.