Title

The network attached KVM switch must not be attached to a network that is not at the same classification level as the ISs attached. (Cat I impact)

Discussion

If a network attached KVM switch is attached to a network of a different classification level than the ISs attached to the KVM switch, this could lead to a compromise of sensitive data either on the network or on the ISs. The ISSO will ensure network attached KVM switches are only connected to a network at the same classification level as the ISs attached.

Check Content

The reviewer will interview the ISSO to verify that a network attached KVM switch is attached to a network of the same classification level as the ISs attached. If the network KVM is attached to a network that is not at the same classification level as the attached ISs, then this is a finding.

Fix Text

Remove the KVM switch from the network when the network KVM switch is attached to a network at a different classification level than the attached ISs. Attach the KVM switch to a network of the appropriate classification level.

Additional Identifiers

Rule ID: SV-6901r2_rule

Vulnerability ID: V-6706

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.