Title

A/B switches connecting information systems of differing classification levels must be on the NIAP CCEVS Products Lists. (Cat II impact)

Discussion

An A/B switch not found on the approved KVM and A/B switch lists has not been tested to verify that it does not leak data between systems. This can lead to the compromise of sensitive data or the compromise of the ISs attached to the A/B switch. The organization will ensure only approved A/B switches are used with ISs of differing classification levels.

Check Content

The reviewer will verify the A/B switch attached to ISs of different classification levels exist on the NIAP CCEVS Products Lists. https://www.niap-ccevs.org/CCEVS_Products/ If the A/B switch is not on the NIAP CCEVS Products Lists, this is a finding.

Fix Text

Replace the A/B switch with one from the NIAP CCEVS Products Lists. https://www.niap-ccevs.org/CCEVS_Products/

Additional Identifiers

Rule ID: SV-6981r3_rule

Vulnerability ID: V-6759

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.