Title

Written user agreements for all users authorized to use the KVM or A/B switch must be maintained. (Cat III impact)

Discussion

A written user agreement allows the ISSO to be certain the end user that will be using the equipment has been presented with the documentation that explains their duties and responsibilities in relation to the equipment and they have acknowledged that they have read the documentation and understand it. Though there is no guarantee the user will perform as required, it will lessen the problems caused by uninformed users. The ISSO will maintain written user agreements for all users authorized to use the KVM or A/B switch.

Check Content

The reviewer will interview the ISSO and view the written agreements. The agreement will require the user to perform the following. 1. Logging onto an IS. a. Identify the classification of the IS currently selected. b. Use the login and passwords appropriate for that IS. c. Verify the classification of the present IS by checking the classification label/banner. d. Begin processing. 2. Switching between ISs. a. Screen lock the IS you are currently working on if the IS supports this capability. b. Select the desired IS with the switch. c. Enter your user identifier and password to deactivate the screen lock on the newly selected IS. d. Verify the classification of the present IS by checking the classification label/banner. e. Begin processing. The agreement may state that the user has read and understands the SFUG sections dealing with the KVM switch usage if the SFUG or similar documentation exists. If no documents exist, this is a finding.

Fix Text

Develop a user agreement, have each user of KVM or A/B switches sign a user agreement, and keep the signed agreement on file.

Additional Identifiers

Rule ID: SV-6823r2_rule

Vulnerability ID: V-6675

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.