Check: KVM02.005.00
KVM:
KVM02.005.00
(in version v2 r6)
Title
KVM or A/B switches must be approved prior to being connected to ISs of different classification levels. (Cat II impact)
Discussion
Only KVM switches that have been tested and verified to prevent the transfer of data from one IS to another will be used when the ISs connected to the switch are of differing classification levels. The switch will be operated in the approved port configuration only. When the KVM switch is attached to ISs of different classification levels, the ISSO will ensure only approved KVM or A/B switches are used.
Check Content
Verify the KVM or A/B switch attached to ISs of different classification levels has been evaluated and approved prior to connection. The National Information Assurance Partnership (NIAP) product lists can be found below: https://www.niap-ccevs.org/CCEVS_Products/ If the KVM or A/B switch is not found on the NIAP list, this is a finding.
Fix Text
Immediately replace the unapproved KVM switch with an approved KVM switch. If there is no approved KVM switch available, remove all ISs from the unapproved KVM switch and attach a separate keyboard, video monitor, and mouse to each IS. Alternately the ISs can be segregated by classification level on as many individual KVM switches as needed. Verify port configuration complies with guidance for the switch used.
Additional Identifiers
Rule ID: SV-6876r3_rule
Vulnerability ID: V-6699
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |