Title

The KVM switch must be configured to require the user to login to the KVM switch to access the ISs attached. (Cat I impact)

Discussion

Without identification and authentication of the user accessing the network attached KVM switch anyone can access the ISs attached and if they have knowledge of a valid user id and password for the IS, disrupt the system causing a denial of service or access sensitive data compromising that data. The ISSO will ensure the KVM switch is configured to require the user to login to the KVM switch to access the ISs attached. PKI authentication is acceptable and preferred to password authentication.

Check Content

The reviewer will, with the assistance of the ISSO, try to access the network attached KVM switch without valid authentication. If the KVM switch is accessed without valid authentication, this is a finding.

Fix Text

Reconfigure the network attached KVM switch to require the users to login to the KVM switch prior to being allowed access to the ISs attached to the KVM switch.

Additional Identifiers

Rule ID: SV-6904r2_rule

Vulnerability ID: V-6708

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.