Unused USB ports on the KVM switch must be blocked with tamper evident seals on a KVM switch that can encapsulate and send the USB protocol over the network to the client.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6715 | KVM03.011.00 | SV-6915r3_rule | DCBP-1 | Medium |
| Description |
|---|
| By blocking the unused USB ports on a network attached KVM switch that can encapsulate USB over IP with tamper evident seals there will be an indication if someone has attached an unauthorized USB connection to the KVM switch. When a seal is found to have been tampered with or broken, it should be investigated. The ISSO will ensure any open USB ports on the KVM switch are blocked with tamper evident seals. |
| STIG | Date |
|---|---|
| Keyboard Video and Mouse Switch STIG | 2015-12-09 |
Details
| Check Text ( C-2731r3_chk ) |
|---|
| If the KVM switch can encrypt USB and send it over the network, the reviewer will view the KVM switch and verify that unused USB ports are blocked with tamper evident seals. If unused USB ports are not blocked with tamper evident seals, this is a finding. |
| Fix Text (F-6322r3_fix) |
|---|
| Block unused USB ports on a network attached KVM switch that can encapsulate USB over IP with tamper evident seals. NSA IAD Protective Technologies has tamper evident products available for use, including seals for RJ45, D-sub, and USB ports. These can be obtained by contacting them either on NIPRNet at ptproducts@radium.ncsc.mil or on SIPRNet at ptproducts@nsa.smil.mil. When ordering, please specify that this is for use on a DoD Information System and the government use version is needed. |