A signed user agreement is proof that the user has been informed of its security liability when using an A/B switch. The ISSO will maintain written user agreements for all users authorized to use an A/B switch. Government authorities, defence companies and military applications face many unique requirements and mandates, which must be supported by control and access solutions such as KVM switches. Device security features, reliability and user rights management are often essential for these solutions. The SFUG (Security Features User Guide) or an equivalent document describes the user`s security responsibility, including site requirements. This gives the user a single reference source for initial indoctrination and for further verification. The distribution of SFUG reduces security vulnerabilities resulting from the user`s lack of knowledge of the policies or procedures required by the site. If you keep this document up to date, the user will have the current policies and procedures. IsSO manages and distributes to users an SFUG or equivalent document describing the correct use of the switch and the user`s responsibilities. If the KVM switch is configurable, some features are available, such as automatic switching between connected IS.
B are not allowed. If the configuration is not password protected, it can be changed by any user who authorizes unauthorized functions. This may result in a risk to sensitive data. If the KVM switch has configurable features, ISSO or SA ensures that the configuration with a DoD-compatible password is protected from change. The longer the time between the password changes, the more likely it is that the password will be compromised. A compromised password can allow a malicious user to change the configuration of the KVM switch, creating a denial of service or a risk to confidential data. IsSO ensures that the KVM switch is configured to force the configuration password to change every 90 days, or there is a policy and procedure to change the configuration password every 90 days. There are many „Hot Key“ features that could be used. Since each seller has a different set of functions and it is not possible to check all the features of all Vender operations to detect potential vulnerabilities, no feature other than the ability to call a menu of the ISs available on the KVM switch is enabled to allow the user to select which is to be displayed.
Additional features will be approved on request and it`s time to check the feature and its implementation. ISSO or SA ensures that the only „Hot Key“ feature enabled is the menu function that allows the user to select the IS to use in the menu displayed. Develop a plan to remove all A/B switches that are used to change devices between two or more users and to recover new devices to support documented needs.