NIAP: Archived U.S. Government Approved Protection Profile - Protection Profile for Peripheral Sharing Switch Version 3.0

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - Protection Profile for Peripheral Sharing Switch Version 3.0

Short Name: pp_pss_v3.0

Technology Type: Peripheral Switch

CC Version: 3.1

Date: 2015.02.13

Preceded By: pp_psshid_v2.1

Succeeded By: pp_psd_v4.0

Sunset Date: 2020.01.18 [Sunset Icon]

Conformance Claim: None

Protection Profile [PDF]

Control Mapping [PDF]



Compliant targets of evaluation typically switch multiple peripherals to multiple computers based on the user switching inputs. Authorized switching methods may be implemented locally on the PSS front panel. Note that authorized switching methods specifically do not include the following methods:  keyboard shortcuts, also known as “hotkeys”, automatic scanning, and voice activation. Note that this PP is also applicable to TOEs that support one computer only (isolator). The primary function of the PSS is to provide isolation between computer sources and peripherals. It is a tool to share peripheral devices. The same security goals are applicable even when there is only one computer involved. There may be a requirement to provide isolation between the computer and the peripheral devices and in that case, a single port PSS, or isolator, may be used. Compliant TOEs support one or more authorized switching methods, which are Push-buttons, tact switches, Toggle switches, Touch-screen, Mouse or cursor control.

In the context of this PP, a peripheral sharing switch provides a mechanism to securely connect a common set of peripherals (1 to n) to the attached computer(s) (1 to j) without sharing or transferring data (Figure 1). The PSS will follow a deliberate action from the user to enable an interaction between the connected peripherals and the selected computer. Examples of the type of PSS that should claim compliance to this PP include keyboard, video, mouse (KVM) switches; keyboard, mouse (KM) switches; and isolators (PSS with a single connected computer). Examples of devices that are not suitable for evaluation against this PP include Internet Protocol (IP) and network-attached switches and matrix switches. Basic use cases are defined in Annex B.

While the functionality that the TOE is obligated to implement (in response to the described threat environment) is discussed in detail in later sections, it is useful to give a brief description here. Compliant TOEs will provide security functionality that addresses threats to the TOE and implements policies that are imposed by law or regulation.

This assurance standard specifies information security requirements for Peripheral Sharing Switch for use in an enterprise. A PSS device in the context of this assurance standard is a device which is composed of one or more hardware components or platforms and its software or firmware. It may include cables and accessories, if applicable.

Connected peripheral devices, computer platforms or extenders are not covered under this PP and may be covered by another PP, if applicable. Nevertheless, testing of the TOE requires a complete setup that includes computers and peripheral devices.

PSS devices covered by this PP:

  • may consist of one or more connected sub-systems (for example one KM switch and one video switch);
  • may switch multiple instances of the same type of peripheral device (for example PSS may support multiple displays);
  • may have a subset of the switching functions (for example display switching only);
  • may support newer protocols (unlike previous PSS PP);
  • may be controlled by newer user controls (for example multi-touch windows);

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Archived Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home