A SFUG, or an equivalent document, that describes the correct uses of the switch and the users responsibilities, is not being maintained and distributed.

From Keyboard, Video, Mouse Switch Security STIG

Part of SFUG information for KVM and A/B switches.

Associated with IA controls: PRRB-1

SV-6824r1_rule A SFUG, or an equivalent document, that describes the correct uses of the switch and the users responsibilities, is not being maintained and distributed.

Vulnerability discussion

The SFUG or an equivalent document describes the users security responsibilities including any site-specific requirements. This gives the user a single reference source for both initial indoctrination and for later review. The distribution of the SFUG will lessen the vulnerabilities create by user ignorance of policy or procedures required by the site. By keeping this document current the user will have the current policies and procedures available.The IAO will maintain and distribute to the users a SFUG, or an equivalent document, that describes the correct uses of the switch and the users responsibilities.

Check content

The reviewer will interview the IAO and review the documentation. SFUG is a Security Features User Guide. The SFUG will at a minimum have the following requirements. 1. Logging onto an IS. a. Identify the classification of the IS currently selected. b. Use the login and passwords appropriate for that IS. c. Verify the classification of the present IS by checking the classification label/banner. d. Begin processing. 2. Switching between ISs. a. Screen lock the IS you are currently working on if the IS supports this capability. b. Select the desired IS with the switch. c. Enter your user identifier and password to deactivate the screen lock on the newly selected IS. d. Verify the classification of the present IS by checking the classification label/banner. e. Begin processing.

Fix text

If a Security Features User Guide does not exist, develop one making sure that there is a section for KVM and A/B switches containing the information found in the SPAN STIG. If a Security Features User Guide exist create a section for KVM and A/B switches that contains the information found in the SPAN STIG.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer