Title

A/B switches must not be cascaded when connected to devices or ISs which are at different classification levels. (Cat III impact)

Discussion

When A/B switches are cascaded it is difficult to verify the currently selected connection is the correct selection. When A/B switches are used with ISs of differing classification levels this can lead to the compromise of sensitive data. When A/B switches are attached to ISs of different classification levels the ISSO or SA will ensure that A/B switches are not cascaded.

Check Content

The reviewer will, for A/B switches which are connected to devices or ISs that are at different classification levels, view the A/B switches to verify the A/B switches are not cascaded. If the A/B switches are cascaded, this is a finding.

Fix Text

Remove the cascaded A/B switches that are connected to ISs of different classification levels.

Additional Identifiers

Rule ID: SV-6983r2_rule

Vulnerability ID: V-6761

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.