NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_psd_v4.0

Technology Type: Peripheral Switch

CC Version: 3.1

Date: 2019.07.19

Transition End Date: 2020.01.18

Preceded By: pp_pss_v3.0

Conformance Claim: None

Protection Profile 

Control Mapping 

PP OVERVIEW

This Protection Profile (PP), describing security requirements for a Peripheral Sharing Device (PSD), defined to provide a mechanism to securely connect a common set of peripherals to the attached computer(s), is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well-defined and described threats. It represents an evolution of “traditional” Protection Profiles and the associated evaluation of the requirements contained within the document. This introduction will describe the features of a compliant Target of Evaluation (TOE) and will also discuss the evolutionary aspects of the PP as a guide to readers of the document.               

SECURITY EVALUATION SUMMARY

In the context of this PP, a PSD is an IT product for connecting one or more peripheral devices to one or more computers such that data cannot flow between computers by way of the peripherals or the PSD. Examples of PSDs that can claim compliance to this PP include Keyboard, Video, Mouse (KVM) switches; Keyboard, Mouse (KM) switches; and Isolators.

A PSD may be composed of one or more hardware components or platforms, and its software or firmware. It may include cables and accessories. PSDs that support more than one computer include a user interface that includes a visible indication of the selected computer interface and a mechanism for changing the selected computer interface. The user interface can be implemented on the chassis of the PSD using, for example, a touch screen or lights and buttons, or as part of a wired remote control.

An Isolator or Filter PSD is a device that provides the same security functions as a KVM but only to a single connected computer. Isolators do not require continuous display of the active interface.

Assigned to the following Validated Products

• VID11122 – Vertiv CYBEX™ SCMV2160DPH, SC840DVIE, SC940DVIE, SC840HE, SC940HE, SC840DPE, SC940DPE Firmware Version 44404-E7E7 Peripheral Sharing Devices
• VID11133 – IPGARD Secure KVM Switch/Isolator (CAC Models)
• VID11134 – IPGARD Secure KVM Switch (Non-CAC Models)
• VID11135 – IPGARD Secure KM Switches (CAC Models)
• VID11145 – Vertiv CYBEX™ SCMDR0001 Multi-Domain Smart Card Reader Firmware Version 40040-0E7
• VID11166 – Tripp Lite Secure KVM Switch (CAC Models)
• VID11167 – Tripp Lite Secure KVM Switch (Non-CAC Models)
• VID11168 – Sekuryx Secure KVM Switch (CAC Models)
• VID11169 – Sekuryx Secure KVM Switch (Non-CAC Models)
• VID11193 – SK41D-4TR KVM, Firmware Version 44404-E7E7
• VID11221 – ATEN Secure KVM Switch Series (CAC Models)
• VID11222 – ATEN Secure KVM Switch Series (Non-CAC Models)
• VID11223 – IOGEAR Secure KVM Switch Series (CAC Models)
• VID11224 – IOGEAR Secure KVM Switch Series (Non-CAC Models)
• VID11240 – Black Box Secure KVM Switch/Isolator (CAC Models)
• VID11241 – Black Box Secure KVM Switch (Non-CAC Models)
• VID11242 – Black Box Secure KM Switch (CAC Models)
• VID11252 – Vertiv CYBEX™ SC820DPH, SC840DPH, SC920DPH, SC940DPH, SC840DPHC, SC940DPHC, SC840DVI, SC940DVI Firmware Version 44404-E7E7 Peripheral Sharing Devices
• VID11254 – Vertiv CYBEX™ SCUSBHIDFILTER Firmware Version 40404-0E7 and Vertiv CYBEX™ SCKM140PP4 KM Switch Firmware Version 40404-0E7
• VID11288 – Vertiv CYBEX™ SC845DPH, SC945DPH, SC845DPHC, SC945DPHC, SCM145DPH, SCM185DPH, SC985DPH, SCMV245DPH, SCMV285DPH Firmware Version 44444-E7E7 Peripheral Sharing Devices
• VID11304 – BAE Systems Secure KVM Gen2 8560943-2
• VID11323 – Raritan Secure KVM Switch Series with CAC
• Belkin F1DN104KVM-UN-4, F1DN204KVM-UN-4, F1DN102KVM-UN-4, F1DN202KVM-UN-4, F1DN108KVM-UN-4, F1DN208KVM-UN-4, F1DN116KVM-UN-4 Firmware Version 44444-E7E7 Peripheral Sharing Devices
• Belkin F1DN104KVM-UNN4, F1DN204KVM-UNN4, F1DN102KVM-UNN4, F1DN202KVM-UNN4 Firmware Version 44404-E7E7 Peripheral Sharing Devices
• Belkin F1DN102MOD-BA-4, F1DN202MOD-BA-4, F1DN104MOD-BA-4, F1DN204MOD-BA-4, F1DN108MOD-BA-4, F1DN208MOD-BA-4, F1DN102MOD-HH-4, F1DN102MOD-PP-4, F1DN102MOD-DD-4, F1DN202MOD-HH-4, F1DN202MOD-PP-4, F1DN202MOD-DD-4, F1DN104MOD-HH-4, F1DN104MOD-PP-4, F1DN108MOD-PP-4, F1DN104MOD-DD-4, F1DN204MOD-HH-4, F1DN204MOD-PP-4, F1DN208MOD-PP-4, F1DN204MOD-DD-4, F1DN104MOD-XX-4, F1DN204MOD-XX-4 Firmware Version 44404-E7E7 Peripheral Sharing Devices
• Belkin F1DN002MOD-KM-4, F1DN004MOD-KM-4 and F1DN-FLTR-HID-4 Firmware Version 40404-0E7 Peripheral Sharing Devices
• Adder AVS-4112, AVS-2112, AVS-4114, AVS-4214, AVS-2114, AVS-2214, AVS-4128, AVS-4124, AVS-1124, AVS-4224 Firmware Version 44404-E7E7 Peripheral Sharing Devices
• Adder AVS-4228, AVS-42216, XDS441, XDS441FX Firmware Version 44404-E7E7 Peripheral Sharing Devices
• High Sec Labs SK41PHU-4, DK42PHU-4, SX42PHU-4, SX82PHU-4, SC42DHU-4, SC42PHU-4 Firmware Version 44444-E7E7 Peripheral Sharing Devices

Active Related Technical Decisions

• 0583 – FPT_PHP.3 modified for PSD remote controllers
  • References:  FPT_PHP.3
• 0518 – Typographical error in Dependency Table
  • References:  FPT_STM.1