Title

A written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch must be maintained. (Cat III impact)

Discussion

Without a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch, tampering with the KVM switch by adding or moving connections cannot be verified and the physical configuration cannot be reproduced if needed. This can lead to a denial of service or a compromise of sensitive data if a connection is removed, moved, or added. The ISSO will maintain a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch.

Check Content

The reviewer will verify the description exists and check that it accurately describes the switch and its attached ISs. An annotated drawing or diagram is acceptable. If no documentation exists, this is a finding.

Fix Text

Create a written description of the KVM switch, the ISs attached to the KVM switch, and the classification level for each IS attached to the KVM switch.

Additional Identifiers

Rule ID: SV-6847r2_rule

Vulnerability ID: V-6685

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.