Smart (intelligent or programmable) keyboard must not be used in conjunction with a KVM switch when the KVM switch is connected to ISs of different classification and/or sensitivity levels.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6678 | KVM01.004.00 | SV-6829r2_rule | DCBP-1 | Medium |
| Description |
|---|
| In an environment where the KVM switch is connected to ISs of different classification and/or sensitivity levels, a smart (intelligent or programmable) keyboard can transfer sensitive data from one system to another leading to the compromise of data. The ISSO or SA will ensure a smart (intelligent or programmable) keyboard is not used in conjunction with a KVM switch when the switch is connected to ISs of different classification and/or sensitivity levels. |
| STIG | Date |
|---|---|
| Keyboard Video and Mouse Switch STIG | 2015-12-09 |
Details
| Check Text ( C-2610r2_chk ) |
|---|
| The reviewer will interview the ISSO and view the keyboard attached to the KVM to verify that a smart keyboard is not in use when the KVM switch is attached to ISs with different classification and/or sensitivity levels. Keyboards that include USB ports, smart card slots, and removable media slots are considered smart keyboards. Note: A keyboard that has extended functionality that is not programmable, like an internet keyboard, is not prohibited. Note: Having a CAC reader in the KVM switch is acceptable; however, the host rather than the switch itself must perform the authentication algorithms. Otherwise the switch must be approved by PKI PMO. |
| Fix Text (F-6262r2_fix) |
|---|
| Replace the smart keyboard with a non-smart keyboard. |