Written permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels must be maintained.

From Keyboard Video and Mouse Switch STIG

Part of AO written permission KVM span classification

Associated with IA controls: DCBP-1

SV-6867r2_rule Written permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels must be maintained.

Vulnerability discussion

The AO responsible for an IS attached to a KVM switch that has other ISs attached of differing classifications levels must approve of the use of the KVM switch. The AO is the only individual that may be cognizant of the nature of the data accessible from the IS and what requirements have been placed on its access. There may be a need to have the system isolated from KVM switches even though they are approved for use in spanning classification levels.When the ISs are of different classification levels, the ISSM will maintain written permission from all AOs responsible for all ISs connected to a KVM switch.

Check content

The reviewer will interview the ISSM and verify written permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels is being maintained. If no documentation exists, this is a finding.

Fix text

Obtain written permission for the IS to be attached to the KVM switch from the AO responsible for the system in question. At the earliest time so as not to impact production, if written permission has not been received, the IS will be removed from the KVM switch and be placed on a separate keyboard, video monitor, and mouse until written permission is received.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer