STIGQter STIGQter: STIG Summary: Keyboard Video and Mouse Switch STIG Version: 2 Release: 6 Benchmark Date: 22 Jan 2016: The KVM switch has the ability to support a RAS connection, this feature must be disabled or the connectors on the KVM switch supporting this feature must be blocked with a tamper evident seal.

DISA Rule

SV-6849r3_rule

Vulnerability Number

V-6687

Group Title

KVM switch RAS

Rule Version

KVM02.003.00

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the KVM switch to disable the RAS feature, remove all hardware from the KVM switch that supports this feature, and block all connectors on the KVM switch that support this feature with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

Check Contents

The reviewer will, with the assistance of the ISSO, verify if the KVM switch has the ability to support a RAS connection and that this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper evident seal. If the RAS feature is enabled and/or the RAS ports are not protected with tamper evident seals, this is a finding.

Vulnerability Number

V-6687

Documentable

False

Rule Version

KVM02.003.00

Severity Override Guidance

The reviewer will, with the assistance of the ISSO, verify if the KVM switch has the ability to support a RAS connection and that this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper evident seal. If the RAS feature is enabled and/or the RAS ports are not protected with tamper evident seals, this is a finding.

Check Content Reference

M

Potential Impact

Sites that depend on this feature for after-hours
support and maintenance will be denied access to this feature and
will need to implement an approved alternative.

Target Key

550

Comments