A KVM switch must not be cascaded while being attached to ISs of different classification levels.

From Keyboard Video and Mouse Switch STIG

Part of KVM differing classification levels cascaded

Associated with IA controls: DCBP-1

SV-6878r2_rule A KVM switch must not be cascaded while being attached to ISs of different classification levels.

Vulnerability discussion

Cascading KVM switches, connecting one switch to another switch, can make it difficult to determine which system is currently connected to the keyboard, video monitor, and mouse by simple observation. In situations where the ISs are of differing classification levels this could lead to the compromise of sensitive or classified data or a denial of service caused by a privileged command being given to the wrong system.When the KVM switch is attached to ISs of different classification levels, the ISSO or SA will ensure no KVM switches are cascaded.

Check content

The reviewer will check the connections for the KVM switch to verify it is not connected to another KVM switch when ISs of different classification levels are attached. If KVM switches are cascaded, this is a finding.

Fix text

Develop a plan to remove all cascaded KVM switches as soon as possible without disrupting production. Connect each IS to an open port on a KVM switch that is in turn only connected to a keyboard, video monitor, and mouse, not to another KVM switch. Obtain CM approval for the plan and execute the plan at the earliest opportunity.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer