Title

Written permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels must be maintained. (Cat III impact)

Discussion

The AO responsible for an IS attached to a KVM switch that has other ISs attached of differing classifications levels must approve of the use of the KVM switch. The AO is the only individual that may be cognizant of the nature of the data accessible from the IS and what requirements have been placed on its access. There may be a need to have the system isolated from KVM switches even though they are approved for use in spanning classification levels. When the ISs are of different classification levels, the ISSM will maintain written permission from all AOs responsible for all ISs connected to a KVM switch.

Check Content

The reviewer will interview the ISSM and verify written permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels is being maintained. If no documentation exists, this is a finding.

Fix Text

Obtain written permission for the IS to be attached to the KVM switch from the AO responsible for the system in question. At the earliest time so as not to impact production, if written permission has not been received, the IS will be removed from the KVM switch and be placed on a separate keyboard, video monitor, and mouse until written permission is received.

Additional Identifiers

Rule ID: SV-6867r2_rule

Vulnerability ID: V-6698

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.