The KVM switch has the ability to support a RAS connection, this feature must be disabled or the connectors on the KVM switch supporting this feature must be blocked with a tamper resistant/evident seal.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6687 | KVM02.003.00 | SV-6849r2_rule | EBRP-1 | High |
| Description |
|---|
| KVM switches that support Dialup Remote Access Services (RAS) do not support a robust identification and authorization process or robust auditing; therefore this feature will not be used. Tamper resistant/evident seals over the port(s) that support this feature will serve as an indicator that this feature may not been used for unauthorized access to the KVM switch. The ISSO has not ensured, if the KVM switch has the ability to support a RAS connection, this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper resistant/evident seal. |
| STIG | Date |
|---|---|
| Keyboard Video and Mouse Switch STIG | 2015-06-30 |
Details
| Check Text ( C-2637r2_chk ) |
|---|
| The reviewer will, with the assistance of the ISSO, verify if the KVM switch has the ability to support a RAS connection and that this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper resistant/evident seal. If the RAS feature is enabled and/or the RAS ports are not protected with tamper resistant/evident seals, this is a finding. |
| Fix Text (F-6277r2_fix) |
|---|
| Configure the KVM switch to disable the RAS feature, remove all hardware from the KVM switch that supports this feature, and block all connectors on the KVM switch that support this feature with tamper resistant/evident seals. Tamper resistant/evident seals are available from Protective Technologies: ptproducts@radium.ncsc.mil. |