Title

Smart (intelligent or programmable) keyboard must not be used in conjunction with a KVM switch when the KVM switch is connected to ISs of different classification and/or sensitivity levels. (Cat II impact)

Discussion

In an environment where the KVM switch is connected to ISs of different classification and/or sensitivity levels, a smart (intelligent or programmable) keyboard can transfer sensitive data from one system to another leading to the compromise of data. The ISSO or SA will ensure a smart (intelligent or programmable) keyboard is not used in conjunction with a KVM switch when the switch is connected to ISs of different classification and/or sensitivity levels.

Check Content

The reviewer will interview the ISSO and view the keyboard attached to the KVM to verify that a smart keyboard is not in use when the KVM switch is attached to ISs with different classification and/or sensitivity levels. Keyboards that include USB ports, smart card slots, and removable media slots are considered smart keyboards. Note: A keyboard that has extended functionality that is not programmable, like an internet keyboard, is not prohibited. Note: Having a CAC reader in the KVM switch is acceptable; however, the host rather than the switch itself must perform the authentication algorithms. Otherwise the switch must be approved by PKI PMO.

Fix Text

Replace the smart keyboard with a non-smart keyboard.

Additional Identifiers

Rule ID: SV-6829r2_rule

Vulnerability ID: V-6678

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.