The KVM switch has the ability to support a RAS connection, this feature must be disabled or the connectors on the KVM switch supporting this feature must be blocked with a tamper evident seal.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6687	KVM02.003.00	SV-6849r3_rule	EBRP-1	High

Description
KVM switches that support Dialup Remote Access Services (RAS) do not support a robust identification and authorization process or robust auditing; therefore this feature will not be used. Tamper evident seals over the port(s) that support this feature will serve as an indicator that this feature may not been used for unauthorized access to the KVM switch. The ISSO has not ensured, if the KVM switch has the ability to support a RAS connection, this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper evident seal.

Description

KVM switches that support Dialup Remote Access Services (RAS) do not support a robust identification and authorization process or robust auditing; therefore this feature will not be used. Tamper evident seals over the port(s) that support this feature will serve as an indicator that this feature may not been used for unauthorized access to the KVM switch. The ISSO has not ensured, if the KVM switch has the ability to support a RAS connection, this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper evident seal.

STIG	Date
Keyboard Video and Mouse Switch STIG	2015-12-09

Details

Check Text ( C-2637r3_chk )
The reviewer will, with the assistance of the ISSO, verify if the KVM switch has the ability to support a RAS connection and that this feature is disabled and the connectors on the KVM switch supporting this feature are blocked with a tamper evident seal. If the RAS feature is enabled and/or the RAS ports are not protected with tamper evident seals, this is a finding.

Fix Text (F-6277r3_fix)
Configure the KVM switch to disable the RAS feature, remove all hardware from the KVM switch that supports this feature, and block all connectors on the KVM switch that support this feature with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.

Fix Text (F-6277r3_fix)

Configure the KVM switch to disable the RAS feature, remove all hardware from the KVM switch that supports this feature, and block all connectors on the KVM switch that support this feature with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed.