Title

An A/B switch must not be used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels. (Cat I impact)

Discussion

If the peripheral device attached to an A/B switch, which is connected to ISs of differing classification levels, can be written to and read from this can lead to the compromise of sensitive or classified data and/or the compromise of the ISs. The ISSO or SA will ensure A/B switches are not used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels.

Check Content

The reviewer will view the A/B switch to verify the A/B switch is not used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels. This would include but not be limited to ZIP drives, hard disk drives, and writable CD drives. If A/B switches are used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels, this is a finding.

Fix Text

Remove the A/B switch used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels.

Additional Identifiers

Rule ID: SV-6984r2_rule

Vulnerability ID: V-6762

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.