Information Assurance - KVM or A/B Switch not listed on the NIAP U.S. Government Approved Protection Products Compliance List (PCL) for Peripheral Sharing Switches
An XCCDF Rule
Description
<VulnDiscussion>Failure to use tested and approved switch boxes can result in the loss or compromise of classified information. REFERENCES: NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: SC-3 and SC-4 DISN Connection Process Guide: http://disa.mil/network-services/enterprise-connections/connection-process-guide NIAP Products Compliance List (PCL): https://www.niap-ccevs.org/index.cfm</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245781r917549_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
1. All KVM or A/B switches that switch from NIPR to SIPR or other low-side to high-side systems being reviewed must be on the most current approved NIAP PCL for use for switching between high-side and low-side devices.
2. Any unapproved switch boxes in use (switching from NIPR to SIPR) must have specific approval for use and be addressed in the SIPRNet ATC or IATC from the CCAO.
NOTE: A KVM used for switching between high (SIPRNet) and low (NIPRNet) shared devices must meet one or both of the following basic criteria:
a. Be on the NIAP PCL AND meet any configuration requirements for the sites' IA environment as the minimum requirement to be used on the DODIN.