Title

A network attached KVM switch used to administer ISs must be attached to an out-of-band network. (Cat I impact)

Discussion

If a network attached KVM switch is attached to an out-of-band network there is less opportunity for a malicious user to compromise the interface and create a denial of service by issuing disruptive commands to a server. The ISSO or SA will ensure a network attached KVM switch used to administer ISs is connected to an out-of-band network.

Check Content

The reviewer will interview the ISSO or SA to verify that a network attached KVM switch used to administer ISs is connected to an out of band network. If a network attached KVM used to administer ISs is not connected to an out-of-band network, this is a finding.

Fix Text

Develop a plan that will attach all network attached KVM switches used to administer ISs to an out-of-band network. Obtain CM approval and implement the plan.

Additional Identifiers

Rule ID: SV-6900r2_rule

Vulnerability ID: V-6705

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.