STIGQter STIGQter: STIG Summary: Keyboard Video and Mouse Switch STIG Version: 2 Release: 6 Benchmark Date: 22 Jan 2016: A SFUG, or an equivalent document, that describes the correct uses of the switch and user responsibilities, must be maintained and distributed.

DISA Rule

SV-6824r2_rule

Vulnerability Number

V-6676

Group Title

SFUG information for KVM and A/B switches.

Rule Version

KVM01.002.00

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

If a Security Features User Guide does not exist, develop one making sure there is a section for KVM and A/B switches containing the information found in this STIG.

If a Security Features User Guide exists, but does not contain a section on KVM and A/B switches, create a section that describes the correct uses of KVM and A/B switches.

Check Contents

The reviewer will interview the ISSO and review the SFUG documentation.

The SFUG will at a minimum have the following requirements.
1. Logging onto an IS.
a. Identify the classification of the IS currently selected.
b. Use the login and passwords appropriate for that IS.
c. Verify the classification of the present IS by checking the classification label/banner.
d. Begin processing.
2. Switching between ISs.
a. Screen lock the IS you are currently working on if the IS supports this capability.
b. Select the desired IS with the switch.
c. Enter your user identifier and password to deactivate the screen lock on the newly selected IS.
d. Verify the classification of the present IS by checking the classification label/banner.
e. Begin processing.
If no documentation exists within the SFUG or equivalent document, describing the user's security responsibilities when using a KVM or A/B switch, then this is a finding.

Vulnerability Number

V-6676

Documentable

False

Rule Version

KVM01.002.00

Severity Override Guidance

The reviewer will interview the ISSO and review the SFUG documentation.

The SFUG will at a minimum have the following requirements.
1. Logging onto an IS.
a. Identify the classification of the IS currently selected.
b. Use the login and passwords appropriate for that IS.
c. Verify the classification of the present IS by checking the classification label/banner.
d. Begin processing.
2. Switching between ISs.
a. Screen lock the IS you are currently working on if the IS supports this capability.
b. Select the desired IS with the switch.
c. Enter your user identifier and password to deactivate the screen lock on the newly selected IS.
d. Verify the classification of the present IS by checking the classification label/banner.
e. Begin processing.
If no documentation exists within the SFUG or equivalent document, describing the user's security responsibilities when using a KVM or A/B switch, then this is a finding.

Check Content Reference

I

Target Key

550

Comments