Compliant Product - Vertiv CYBEX™ SC820DPH, SC840DPH, SC920DPH, SC940DPH, SC840DPHC, SC940DPHC, SC840DVI, SC940DVI Firmware Version 44404-E7E7 Peripheral Sharing Devices
Certificate Date: 2021.11.19CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11252-2021
Product Type: Peripheral Switch
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for Analog Audio Output Devices Version 1.0
PP-Module for Keyboard/Mouse Devices Version 1.0
PP-Module for Video/Display Devices Version 1.0
Protection Profile for Peripheral Sharing Device Version 4.0
CC Testing Lab: Acumen Security
The Vertiv Secure Peripheral Sharing Devices (PSD) allow users to share keyboard, video, and mouse peripherals between a number of connected computers. The devices also allow for the sharing of audio device peripherals.
The following security features are provided by the Vertiv Peripheral Sharing Devices:
- Computer video input interfaces are isolated through the use of separate electronic components, power and ground domains
- The display is isolated by dedicated, read-only, Extended Display Identification Data (EDID) emulation for each computer
- Access to the monitor’s EDID is blocked
- Access to the Monitor Control Command Set (MCCS commands) is blocked
- DisplayPort (DP) and High-Definition Multimedia Interface (HDMI) video peripherals are supported by the SC820DPH, SC840DPH, SC920DPH, SC940DPH, SC840DPHC and SC940DPHC devices. DVI-D video peripheral devices are supported by the SC840DVI and SC940DVI devices
- Video input is accepted as DisplayPort or HDMI on the SC820DPH, SC840DPH, SC920DPH, SC940DPH, SC840DPHC and SC940DPHC devices. Additionally, the SC840DPHC and SC940DPHC accept USB-Type C with DisplayPort as an alternate function. The SC840DVI and SC940DVI devices accept DVI-D video input
Keyboard and Mouse Security
- The keyboard and mouse are isolated by dedicated, USB device emulation for each computer
- One-way, peripheral-to-computer data flow is enforced through unidirectional optical data diodes
- Communication from computer-to-keyboard/mouse is blocked
- Non HID (Human Interface Device) data transactions are blocked
- One-way computer to speaker sound flow is enforced through unidirectional optical data diodes
- Any attempt to open the product enclosure will activate an anti-tampering system, making the product inoperable and indicating tampering via blinking Light Emitting Diodes (LEDs)
- Special holographic tampering evident labels on the product’s enclosure provide a clear visual indication if the product has been opened or compromised
In the evaluated configuration, the TOE is connected to two or four computers. The video input is DisplayPort, HDMI, DVI-D or USB-C, and one or two displays are connected. The peripheral sharing device is connected to speakers or headphones.
The TOE is used with a remote control.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Vertiv CYBEX™ SC820DPH, SC840DPH, SC920DPH, SC940DPH, SC840DPHC, SC940DPHC, SC840DVI, SC940DVI Firmware Version 44404-E7E7 Peripheral Sharing Devices were evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when delivered configured as identified in the following documents satisfies all of the security functional requirements stated in the Vertiv CYBEX™ SC820DPH, SC840DPH, SC920DPH, SC940DPH, SC840DPHC, SC940DPHC, SC840DVI, SC940DVI Firmware Version 44404-E7E7 Peripheral Sharing Devices Security Target:
· Vertiv CYBEX™ SC820DPH, SC840DPH, SC920DPH, SC940DPH, SC840DPHC, SC940DPHC, SC840DVI, SC940DVI Firmware Version 44404-E7E7 Peripheral Sharing Devices Common Criteria Guidance Supplement, Version: 1.7.
The project underwent CCEVS Validator review. The evaluation was completed in November 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE is comprised of several security features. Each of the security features consists of several security functionalities, as identified below:
Audit entries are generated for security related events.
User Data Protection
The TOE provides secure switching capabilities for keyboard and mouse, display and audio output. The TOE ensures that only authorized peripheral devices may be used.
Identification and Authentication
Administrators must be identified and authenticated prior to accessing administrative functions.
The TOE provides management capabilities in support of Configurable Device Filtration. The Administrator role restricts this functionality to authorized administrators.
Protection of the TSF
The TOE ensures a secure state in the case of failure, provides only restricted access, and performs self-testing. The TOE provides both passive detection of physical attack, and active resistance to attack (for the ™ SC820DPH, SC840DPH, SC920DPH, SC940DPH, SC840DPHC, SC940DPHC, SC840DVI, SC940DVI devices only). The TOE provides reliable timestamps in support of the audit function.
The TOE provides a continuous indication of which computer is currently selected.
Vertiv IT Systems