STIGQter STIGQter: STIG Summary: Keyboard Video and Mouse Switch STIG

Version: 2

Release: 6 Benchmark Date: 22 Jan 2016

CheckedNameTitle
SV-6823r2_ruleWritten user agreements for all users authorized to use the KVM or A/B switch must be maintained.
SV-6824r2_ruleA SFUG, or an equivalent document, that describes the correct uses of the switch and user responsibilities, must be maintained and distributed.
SV-6825r2_ruleThe KVM switch must be physically protected in accordance with the requirements of the highest classification for any IS connected to the KVM switch.
SV-6829r2_ruleSmart (intelligent or programmable) keyboard must not be used in conjunction with a KVM switch when the KVM switch is connected to ISs of different classification and/or sensitivity levels.
SV-6839r2_ruleA wireless keyboard or mouse that is compliance with the current Wireless Keyboard and Mouse STIG must be attached to a KVM switch.
SV-6842r2_ruleThe desktop background of information systems attached to a KVM switch must be labeled with the proper classification banners.
SV-6843r2_ruleA KVM switch with configurable features must have the configuration protected from modification with a DoD compliant password.
SV-6844r2_ruleThe KVM switch feature for automatically toggling between ISs must be disabled.
SV-6845r2_ruleA hot key feature must not be enabled other than the menu feature that allows the user to select the IS to be used from the displayed menu.
SV-6846r2_ruleA machine-readable or a paper-document backup must be maintained for the configuration of the KVM switch.
SV-6847r2_ruleA written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch must be maintained.
SV-6848r2_ruleThe KVM switch must be configured to force the change of the configuration password every 90 days or there is no policy and procedure in place to change the configuration password every 90 days.
SV-6849r3_ruleThe KVM switch has the ability to support a RAS connection, this feature must be disabled or the connectors on the KVM switch supporting this feature must be blocked with a tamper evident seal.
SV-6867r2_ruleWritten permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels must be maintained.
SV-6876r3_ruleKVM or A/B switches must be approved prior to being connected to ISs of different classification levels.
SV-6878r2_ruleA KVM switch must not be cascaded while being attached to ISs of different classification levels.
SV-6882r3_ruleTamper evident seals must be attached to the KVM switch and all IS cables at their attachment points where the KVM switch is attached to ISs of different classification levels.
SV-6883r2_ruleA KVM switch must not be used to switch a peripheral other than a keyboard, video monitor, or mouse in an environment where the KVM switch is attached to ISs of different classification levels..
SV-6884r3_rulePeripherals other than a keyboard, video monitor, or mouse must not be attached to a KVM switch that is attached to ISs of different classification levels.
SV-6889r3_ruleA KVM switch, which is attached to ISs of different classification levels, must have connections for peripherals, other than the keyboard, video monitor, or mouse, blocked with tamper evident seals.
SV-6900r2_ruleA network attached KVM switch used to administer ISs must be attached to an out-of-band network.
SV-6901r2_ruleThe network attached KVM switch must not be attached to a network that is not at the same classification level as the ISs attached.
SV-6902r2_ruleThe network-facing component of a network attached KVM switch must be compliant with the current Network Infrastructure STIG.
SV-6904r2_ruleThe KVM switch must be configured to require the user to login to the KVM switch to access the ISs attached.
SV-6906r2_ruleThe KVM switch must be configured to require DoD compliant passwords.
SV-6907r2_ruleGroup or shared user ids must not be used on a network attached KVM switch.
SV-6908r2_ruleThe network attached KVM switch must be configured to restrict a users access only to the systems they require.
SV-6909r2_ruleThe network attached KVM switch must display an Electronic Notice and Consent Banner complaint with requirements of CJSCM 6510.01.
SV-6910r2_ruleThe KVM switch must be configured to use encrypted communications with FIPS 140-2 validated cryptography.
SV-6911r2_ruleThe KVM switch must be configured to encapsulate and send USB connections other than KVM connections.
SV-6915r3_ruleUnused USB ports on the KVM switch must be blocked with tamper evident seals on a KVM switch that can encapsulate and send the USB protocol over the network to the client.
SV-6916r3_ruleA network attached KVM switch must not be configured to control the power supplied to the ISs attached to the KVM switch or the connectors on the KVM switch that support this feature are not blocked with tamper evident seals.
SV-6917r2_ruleA network attached KVM switch must not be attached to ISs of different classification levels.
SV-6921r2_ruleThere must be user agreements documenting the use of A/B switches.
SV-6922r2_ruleThere must be user documentation describing the correct usage and user responsibilities for an A/B switch.
SV-6923r2_ruleThe A/B switch must be physically protected in accordance with the requirements of the highest classification of any IS connected to the A/B switch.
SV-6979r2_ruleAn A/B switch must not be used to share a peripheral device between two or more users.
SV-6980r2_ruleThe A/B switch must be properly marked and labeled.
SV-6981r3_ruleA/B switches connecting information systems of differing classification levels must be on the NIAP CCEVS Products Lists.
SV-6982r3_ruleTamper evident seals must be attached to the A/B switch and all IS cables at their attachment points for A/B switches attached to devices or ISs that have different classification levels.
SV-6983r2_ruleA/B switches must not be cascaded when connected to devices or ISs which are at different classification levels.
SV-6984r2_ruleAn A/B switch must not be used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels.
SV-6985r2_ruleInput or output devices including, but not limited to, scanners, printers, or plotters must not be attached to an A/B switches that spans classification levels.