Title

A hot key feature must not be enabled other than the menu feature that allows the user to select the IS to be used from the displayed menu. (Cat II impact)

Discussion

There are many "hot key" features that could be used. Since each vender has a different set of features and it is impractical to review all features from all venders for potential vulnerabilities, no features other than the ability to bring up a menu of the ISs available on the KVM switch to allow the user to select which IS they wish to display will be enabled. Additional features will be approved if requested and time is available to review the feature and its implementation. The ISSO or SA will ensure the only “hot key” feature enabled is the menu feature that allows the user to select the IS to be used from the displayed menu.

Check Content

The reviewer will, with the assistance of the ISSO or SA, verify the only “hot key” feature enabled is the menu feature that allows the user to select the IS to be used from the displayed menu. If the configuration cannot be protected, this is a finding.

Fix Text

Disable any unauthorized "hot key" features in the KVM switch's configuration.

Additional Identifiers

Rule ID: SV-6845r2_rule

Vulnerability ID: V-6683

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.