ITAC-17

Can all functions of the application or service be performed using only the keyboard?

Explanation

This question is asking whether the application or service can be fully operated using only a keyboard, without requiring a mouse, touchscreen, or other pointing device. This is a fundamental accessibility requirement that ensures users with motor disabilities or those who cannot use pointing devices can still access all functionality. In a security assessment context, this question appears because accessibility is increasingly considered part of overall compliance requirements. Organizations must ensure their systems are accessible to all users, including those with disabilities, to comply with regulations like the Americans with Disabilities Act (ADA), Section 508 of the Rehabilitation Act, or the Web Content Accessibility Guidelines (WCAG). Accessibility also relates to security in that it ensures all users can securely interact with systems without needing assistance that might compromise security protocols. For example, if a user with a disability needs to share credentials with an assistant because they cannot navigate the authentication process independently, this creates a security vulnerability. When answering this question, you should: 1. Indicate whether all functions can be accessed and operated using only keyboard commands 2. Mention if keyboard shortcuts or focus indicators are implemented 3. Note any exceptions where keyboard-only operation is not possible 4. Reference any accessibility testing or compliance standards you've met 5. If not fully keyboard accessible, explain any remediation plans

Example Responses

Example Response 1

Yes, our application is fully keyboard accessible All interactive elements can be navigated to using the Tab key, activated using Enter or Space, and operated using appropriate keyboard shortcuts We've implemented visible focus indicators that meet WCAG 2.1 AA standards to show users which element currently has keyboard focus Our development team conducts regular keyboard-only testing as part of our quality assurance process, and we maintain a comprehensive set of keyboard shortcuts documentation for users We've also implemented ARIA landmarks and skip navigation links to improve keyboard navigation efficiency.

Example Response 2

Yes, our service supports complete keyboard accessibility All functionality can be accessed and operated using standard keyboard controls (Tab, Enter, Space, arrow keys) and custom keyboard shortcuts where appropriate We've implemented enhanced focus management to ensure users always know where they are in the interface, with high-contrast focus indicators Our application has been tested using screen readers in keyboard-only mode, and we've addressed all identified issues For complex interactions like drag-and-drop, we provide equivalent keyboard alternatives using cut/copy/paste operations or arrow key positioning.

Example Response 3

No, our current application version does not support full keyboard accessibility for all functions While basic navigation and form submission can be performed with a keyboard, our interactive data visualization components and certain custom widgets require mouse interaction We recognize this as a gap in our accessibility compliance and have prioritized keyboard accessibility in our development roadmap We expect to release an update within the next quarter that will implement keyboard controls for all interactive elements, including our visualization tools In the meantime, we offer alternative accessible views of the data for users who cannot use a mouse.

Context

Tab: IT Accessibility
Category: IT Accessibility