Table of Contents
Advertisement
Security Target
KVM port focus will be switched to Port 1, and the CAC function of each port will be set to factory default
(enabled).
The Reset to Factory Default does not affect or erase Log data nor does it affect the previously changed
Administrator password.
6.4.3 FMT_SMR.1 – Security Roles
The TOE maintains a single administrator role. All other users are non-administrative users. A properly
authenticated administrator has the ability to view audit records, Reset to factory defaults, change
password, and configure user authentication device/ keyboard/ mouse filtering (i.e. CDF). Users without
an administrator role cannot use these function and are not required to authenticate.
6.5
Protection of the TSF
In order to mitigate potential tampering and replacement, the TOE is designed to ensure that any
replacement may be detected, any physical modification is evident, and any logical modification may be
prevented. Access to the TOE firmware, software, or its memory via its accessible ports is prevented. No
access is available to modify the TOE or its memory. To mitigate the risk that a potential attacker will
tamper with a TOE and then reprogram it with altered functionality, the TOE software is contained in one-
time-programmable read-only memory permanently attached (non-socketed) to a circuit assembly. The
TOE's operational code is not upgradeable through any of the TOE external or internal ports.
The TOE's KVM has two tamper-evident labels printed with the TOEs unique product serial number and
the vendor's specific design. One label is applied to the side of the device and the other to the bottom of
the chassis, over the screw used to secure the front-top cover to the enclosure. The side-label is clearly
visible to the user operating the TOE and the other label can be clearly seen when the device is turned
over. The optional Remote Port Selector (RPS) includes its own tamper-evident tape to provide visual
indications of intrusion to the RPS enclosure. Any attempt to open the KVM or RPS enclosures sufficient
to gain access to internal components will change the labels to a tampered state.
6.5.1 FPT_FLS_EXT.1 – Failure with Preservation of Secure State
The TOE preserves a secure state by disabling the TOE when the following types of failures occur: failure
of the power on self-test and failure of the anti-tampering function. The behavior as described below for
FPT_PHP.1 and FPT_PHP.3 will occur if the Secure KVM Switch self-test fails or its security function detects
a breach.
6.5.2 FPT_NTA_EXT.1 – No Access to TOE
The TOE firmware, software, and memory is not accessible from the TOE's external ports, with the
following exceptions:
•
the Extended Display Identification Data (EDID) memory for Video is accessible from connected
computers;
•
the configuration data, settings, and logging data is accessible by authorized administrators.
44
Version 1.1
2022-03-08
Advertisement
Table of Contents
