UCF STIG Viewer Logo

Keyboard Video and Mouse Switch STIG


Overview

Date Finding Count (43)
2015-12-09 CAT I (High): 16 CAT II (Med): 14 CAT III (Low): 13
STIG Description
The Keyboard Video and Mouse Switch (KVM) STIG includes the computing requirements for KVM switches operating to support the DoD. The Keyboard Video and Mouse Switch STIG must also be applied for each site using KVM switches. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-6706 High The network attached KVM switch must not be attached to a network that is not at the same classification level as the ISs attached.
V-6708 High The KVM switch must be configured to require the user to login to the KVM switch to access the ISs attached.
V-6717 High A network attached KVM switch must not be attached to ISs of different classification levels.
V-6677 High The KVM switch must be physically protected in accordance with the requirements of the highest classification for any IS connected to the KVM switch.
V-6714 High The KVM switch must be configured to encapsulate and send USB connections other than KVM connections.
V-6713 High The KVM switch must be configured to use encrypted communications with FIPS 140-2 validated cryptography.
V-6710 High Group or shared user ids must not be used on a network attached KVM switch.
V-6709 High The KVM switch must be configured to require DoD compliant passwords.
V-6687 High The KVM switch has the ability to support a RAS connection, this feature must be disabled or the connectors on the KVM switch supporting this feature must be blocked with a tamper evident seal.
V-6702 High A KVM switch must not be used to switch a peripheral other than a keyboard, video monitor, or mouse in an environment where the KVM switch is attached to ISs of different classification levels..
V-6703 High Peripherals other than a keyboard, video monitor, or mouse must not be attached to a KVM switch that is attached to ISs of different classification levels.
V-6705 High A network attached KVM switch used to administer ISs must be attached to an out-of-band network.
V-6720 High The A/B switch must be physically protected in accordance with the requirements of the highest classification of any IS connected to the A/B switch.
V-6707 High The network-facing component of a network attached KVM switch must be compliant with the current Network Infrastructure STIG.
V-6762 High An A/B switch must not be used to switch a peripheral device that has persistent memory or devices that support removable media between two or more ISs of different classification levels.
V-6763 High Input or output devices including, but not limited to, scanners, printers, or plotters must not be attached to an A/B switches that spans classification levels.
V-6757 Medium An A/B switch must not be used to share a peripheral device between two or more users.
V-6759 Medium A/B switches connecting information systems of differing classification levels must be on the NIAP CCEVS Products Lists.
V-6678 Medium Smart (intelligent or programmable) keyboard must not be used in conjunction with a KVM switch when the KVM switch is connected to ISs of different classification and/or sensitivity levels.
V-6679 Medium A wireless keyboard or mouse that is compliance with the current Wireless Keyboard and Mouse STIG must be attached to a KVM switch.
V-6715 Medium Unused USB ports on the KVM switch must be blocked with tamper evident seals on a KVM switch that can encapsulate and send the USB protocol over the network to the client.
V-6681 Medium A KVM switch with configurable features must have the configuration protected from modification with a DoD compliant password.
V-6683 Medium A hot key feature must not be enabled other than the menu feature that allows the user to select the IS to be used from the displayed menu.
V-6682 Medium The KVM switch feature for automatically toggling between ISs must be disabled.
V-6686 Medium The KVM switch must be configured to force the change of the configuration password every 90 days or there is no policy and procedure in place to change the configuration password every 90 days.
V-6716 Medium A network attached KVM switch must not be configured to control the power supplied to the ISs attached to the KVM switch or the connectors on the KVM switch that support this feature are not blocked with tamper evident seals.
V-6701 Medium Tamper evident seals must be attached to the KVM switch and all IS cables at their attachment points where the KVM switch is attached to ISs of different classification levels.
V-6704 Medium A KVM switch, which is attached to ISs of different classification levels, must have connections for peripherals, other than the keyboard, video monitor, or mouse, blocked with tamper evident seals.
V-6760 Medium Tamper evident seals must be attached to the A/B switch and all IS cables at their attachment points for A/B switches attached to devices or ISs that have different classification levels.
V-6699 Medium KVM or A/B switches must be approved prior to being connected to ISs of different classification levels.
V-6719 Low There must be user documentation describing the correct usage and user responsibilities for an A/B switch.
V-6718 Low There must be user agreements documenting the use of A/B switches.
V-6675 Low Written user agreements for all users authorized to use the KVM or A/B switch must be maintained.
V-6676 Low A SFUG, or an equivalent document, that describes the correct uses of the switch and user responsibilities, must be maintained and distributed.
V-6712 Low The network attached KVM switch must display an Electronic Notice and Consent Banner complaint with requirements of CJSCM 6510.01.
V-6711 Low The network attached KVM switch must be configured to restrict a users access only to the systems they require.
V-6680 Low The desktop background of information systems attached to a KVM switch must be labeled with the proper classification banners.
V-6685 Low A written description of the KVM switch, the ISs attached to the KVM switch, and the classification level of each IS attached to the KVM switch must be maintained.
V-6684 Low A machine-readable or a paper-document backup must be maintained for the configuration of the KVM switch.
V-6758 Low The A/B switch must be properly marked and labeled.
V-6700 Low A KVM switch must not be cascaded while being attached to ISs of different classification levels.
V-6761 Low A/B switches must not be cascaded when connected to devices or ISs which are at different classification levels.
V-6698 Low Written permission from the AO responsible for each IS attached to a KVM switch that is attached to ISs of different classification levels must be maintained.