STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Information Assurance - KVM Switch (Port Separation) on CYBEX/Avocent 4 or 8 port

DISA Rule

SV-41259r4_rule

Vulnerability Number

V-31124

Group Title

Information Assurance - KVM Switch (Port Separation)

Rule Version

IA-10.02.02

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

1. CYBEX/Avocent 4 or 8 port KVMs used for switching devices between the SIPRNet and NIPRNet (or any switching between SIPRNet and any other unclassified network devices) must be correctly configured IAW DSAWG guidance.

2. Correct configuration must include physical port separation between SIPRNet and NIPRNet (high & low) (or any switching between SIPRNet and any other unclassified network devices) connections.

3. Because of the internal physical configuration of the CYBEX/Avocent box back plates, only like classification levels may be connected to adjacent ports.

NOTE: This is based on slide #6 of the DSAWG KVM guidance. Any variation to this guidance must be presented to the DSAWG for review and approved before implementation.

Check Contents

Validate the correct configuration of CYBEX/Avocent 4 or 8 port KVMs IAW DSAWG guidance. This includes physical port separation between SIPRNet and NIPRNet (high & low) connections. Because of the internal physical configuration of the CYBEX boxes, only like classification levels may be connected to adjacent ports.

This is based on slide #6 of the DSAWG KVM guidance. Any variation to this guidance must be presented to the DSAWG for review and approved before implementation.

TACTICAL ENVIRONMENT: The check is applicable where KVM devices are in use.

Vulnerability Number

V-31124

Documentable

False

Rule Version

IA-10.02.02

Severity Override Guidance

Validate the correct configuration of CYBEX/Avocent 4 or 8 port KVMs IAW DSAWG guidance. This includes physical port separation between SIPRNet and NIPRNet (high & low) connections. Because of the internal physical configuration of the CYBEX boxes, only like classification levels may be connected to adjacent ports.

This is based on slide #6 of the DSAWG KVM guidance. Any variation to this guidance must be presented to the DSAWG for review and approved before implementation.

TACTICAL ENVIRONMENT: The check is applicable where KVM devices are in use.

Check Content Reference

M

Target Key

2506

Comments