Compliant Product - BAE Systems Secure KVM Gen2 8560943-2
Certificate Date: 2023.01.12CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11304-2023
Product Type: Peripheral Switch
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for Keyboard/Mouse Devices Version 1.0
PP-Module for Video/Display Devices Version 1.0
Protection Profile for Peripheral Sharing Device Version 4.0
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The BAE Systems Secure KVM Gen2 8560943-2 is a purpose-built peripheral sharing device that allows for securely sharing one set of peripherals between multiple computers. The KVM includes console ports and computer ports. The console ports are used to connect a single set of peripherals (keyboard, trackball, flat panel display, and flat panel display with touch panel) to three separate computers in the evaluated configuration. The user can then securely switch the connected console peripherals between any of the connected computers while preventing unauthorized data flows or leakage between computers. The TOE supports manual port switching using a wired remote control that is embedded in the purpose-built console keyboard. Operating the remote control commands the KVM to connect its peripherals to the selected computer.
The evaluated version of the TOE consists of the BAE Systems Secure KVM Gen2 (part number 8560943-2) deployed in its operational environment which includes the purpose-built peripherals intended for use with the TOE as well as the power control system used to deliver electrical power to it. The peripherals specifically include the peripheral keyboard that also contains embedded wired remote control functionality that communicates with the rest of the TOE over a separate data path from the USB HID channel.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the BAE Systems Secure KVM Gen2 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 release 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product satisfies all of the security functional requirements stated in the BAE Systems Secure KVM Gen2 8560943-2 Security Target, when delivered and configured as identified in the product documentation listed in the aforementioned Security Target.
The evaluation underwent CCEVS Validator review. The evaluation was completed in January 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE controls and isolates information flowing between the peripheral device interfaces and a computer interface. The peripheral devices supported include USB keyboard, USB trackball, and two DisplayPort monitors, one with touch panel. The TOE accepts TMDS video waveform outputs from connected computers over DisplayPort which is processed by the TOE and converted to DisplayPort for output to peripheral monitors.
The TOE authorizes peripheral device connections with the TOE console ports based on the peripheral device’s VID/PID.
The TOE ensures that any previous information content of a resource is made unavailable upon the deallocation of the resource from a TOE computer interface prior to the TOE switching to another selected computer and on start-up or reset of the TOE.
Protection of the TSF
The TOE runs a suite of self-tests during initial startup and after activating the reset switch that includes a test of the basic TOE hardware and firmware integrity and a test of critical security functions (i.e., user control). The TOE provides users with the capability to verify the integrity of the TSF and the TSF functionality. The TOE contains status indicators to inform the user of a self-test failure.
The TOE preserves a secure state by disabling the TOE’s external and internal interfaces when there is a failure of the power on self-test.
The TOE provides unambiguous detection of physical tampering that might compromise the TSF with tamper evident unique labels.
The TOE displays a continuous visual indication of the computer to which the user is currently connected, including on power up, and on reset.
BAE Systems Information and Electronic Systems, Inc.