An error occurred:

Check: KVM01.006.00

KVM: KVM01.006.00 (in version v2 r6)

Title

The desktop background of information systems attached to a KVM switch must be labeled with the proper classification banners. (Cat III impact)

Discussion

Without the banners to identify the information system the KVM switch is currently active on, the user could enter a command to the wrong information system and create a denial of service or the user could enter data into the wrong system creating either a security incident (data entered to a system of the wrong classification) or a compromise of sensitive data.

Check Content

The reviewer will view the desktop backgrounds of each information system attached to the KVM switch and verify they are labeled as described below. The desktop backgrounds will display classification banners at the top and bottom of the screen. These banners will state the overall classification level of the information system in large bold type. These banners will have a solid background color assigned using the following scheme: Yellow for Sensitive Compartmented Information (SCI). Orange for Top Secret (TS). Red for Secret. Blue for Confidential. Green for Unclassified. When information systems have similar classification levels but require separation for other reasons, the use of unique colors for different information systems or networks is permissible. These banners will identify the information system, if space is available. If classification banners are not used on information systems attached to a KVM, this is a finding.

Fix Text

Modify the screen backgrounds for each information system attached to the KVM switch to comply with information below. These banners will state the overall classification level of the information system in large bold type. These banners will have a solid background color assigned using the following scheme: Yellow for Sensitive Compartmented Information (SCI). Orange for Top Secret (TS). Red for Secret. Blue for Confidential. Green for Unclassified. When information systems have similar classification levels but require separation for other reasons, the use of unique colors for different information systems or networks is permissible. These banners will identify the information system, if space is available.

Additional Identifiers

Rule ID: SV-6842r2_rule

Vulnerability ID: V-6680

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check