Compliant Product - ATEN/IOGear Secure KVM Switch Series
Certificate Date: 01 July 2011
Validation Report Number: CCEVS-VR-10446-2011
Product Type: Peripheral Switch
Conformance Claim: EAL2 Augmented with ALC_FLR.2
CC Testing Lab: SAIC Common Criteria Testing Laboratory
The Target of Evaluation (TOE) is a single ATEN or IOGEAR Secure KVM switch connected to a USB keyboard, USB mouse, DVI-I Monitor, and audio input and output devices (e.g., microphone and speakers) accessible to a human user and also connected to up to two or four computer workstations or servers via USB, DVI-I, and audio connections. The TOE provides the ability for the user to switch among the attached computers so they can utilize the attached keyboard, mouse, monitor, and audio devices to interact with the selected computer while being assured that the TOE will ensure that the computers cannot interact with each other by virtue of the TOE or its connections.
Each KVM switch device includes tamper-evident tape and chassis intrusion features to provide some assurance in regard to potential tamper scenarios involving the TOE. Also, the internal logic of the TOE ensures that USB connectivity is limited to keyboards and mice to mitigate attacks that might involve the use of a potentially wide range of alternate USB devices.
Alternate website: http://www.iogear.com/
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, version 3.1, revision 3. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the TOE is EAL 2 augmented with ALC_FLR.2. The TOE, configured as specified in the evaluated configuration guide, satisfies all of the security functional requirements stated in the Security Target. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in June 2011. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for ATEN/IOGear Secure KVM Switch Series (VID 10446) prepared by the CCEVS.
The TOE is a hardware device that is engineered to provide selectable connectivity between user accessible devices and attached computers while ensuring that the attached computers have no means via the TOE to communicate with one another, access data intended for another computer, or disrupt the services of another computer. Furthermore, the TOE provides selector buttons associated with LEDs so that users can make appropriate selections and observe via the LEDs the current selection state. Lastly, the TOE includes some tamper capabilities to provide some assurance to the user that the TOE has not been opened and potentially subject to tampering of some sort.