Check: KVM02.008.00
KVM:
KVM02.008.00
(in version v2 r6)
Title
A KVM switch must not be used to switch a peripheral other than a keyboard, video monitor, or mouse in an environment where the KVM switch is attached to ISs of different classification levels.. (Cat I impact)
Discussion
Peripheral devices, other than keyboards, video monitors, and mice, can contain persistent memory and allow data to move between ISs of differing classification levels creating an unacceptable situation. This includes the ability to switch a smart card reader. If the switch has the ability to switch other peripheral devices and the feature is not disabled it will be assumed it is being used. When the KVM switch is attached to ISs of different classification levels, the ISSO or SA will ensure the KVM switch’s ability to switch peripheral devices other than the keyboard, video, and mouse is disabled.
Check Content
The reviewer will, with the assistance of the ISSO or SA, verify the KVM switch is not configured to switch peripherals other than Keyboard, Video, and Mouse. Note: This includes but is not limited to a smart card reader. Note: The most likely interface that would be used with this feature would be USB but it may be any legacy I/O interfaces.
Fix Text
Disable the feature for automatically toggling between ISs. If the KVM switch can be configured to disable the ability to switch peripherals other than the keyboard, video monitor, and mouse, modify the configuration to disable this feature. If the KVM switch cannot be configured to disable this feature replace the KVM switch with a KVM switch that is compliant.
Additional Identifiers
Rule ID: SV-6883r2_rule
Vulnerability ID: V-6702
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |