{"product_id":11062,"v_id":11062,"product_name":"Tripp Lite B002a Secure KVM Switch Series","certification_status":"Certified","certification_date":"2020-07-09T00:00:00Z","tech_type":"Peripheral Switch","vendor_id":{"name":"Trippe Manufacturing Company","website":"www.tripplite.com"},"vendor_poc":"David Posner","vendor_phone":"773-869-1111","vendor_email":"david_posner@tripplite.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: arial, helvetica, sans-serif; font-size: 12pt;\">The Tripp Lite B002a Secure KVM Switch Series provide a secure medium to connect one or more input peripherals to two or more computers. The TOE models support the following types of peripheral connectivity:</span></p>\r\n<p class=\"Body\" style=\"margin-left: .5in; text-indent: -.25in; line-height: normal; mso-list: l0 level1 lfo1;\"><span style=\"font-family: arial, helvetica, sans-serif; font-size: 12pt;\"><!-- [if !supportLists]--><span style=\"mso-list: Ignore;\">&middot;<span style=\"font-style: normal; font-variant: normal; font-weight: normal; font-stretch: normal; line-height: normal;\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><!--[endif]--><span style=\"mso-bidi-font-weight: bold;\">KVM: connectivity between a single set of peripheral devices (keyboard/mouse, up to two displays, audio, USB authentication device depending on TOE model) and two or more connected computers.</span></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: arial, helvetica, sans-serif; font-size: 12pt;\">The Target of Evaluation (TOE) is hardware and firmware components of the Tripp Lite B002a Secure KVM Switch Series. The TOE model numbers descriptions, and software/firmware versions can be found in the Security Target.</span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: arial, helvetica, sans-serif; font-size: 12pt;\">Computers of varying sensitivities can be connected to a single TOE that is intended to restrict peripheral connectivity to one computer at a time. Data leakage is prevented across the TOE to avoid severe compromise of the user's information.</span></p>","evaluation_configuration":"<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">The Target of Evaluation (TOE) is hardware and firmware components of the Tripp Lite B002a Secure KVM Switch Series. The TOE model numbers descriptions, and software/firmware versions can be found in the Security Target.</span></p>","security_evaluation_summary":"<p><span style=\"font-size: 12pt; line-height: 115%; font-family: 'times new roman', times, serif;\">The evaluation was carried out in accordance with the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Tripp Lite B002a Secure KVM Switch Series were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. These materials were supplemented with the requirements of the NIAP <em>Protection Profile for Peripheral Sharing Switch, Version 3.0</em>, as well as any applicable supplemental guidance from NIAP, such as scheme policies, scheme publications, NIAP Technical Decisions, and official NIAP Technical Query responses. The product, when delivered and configured as identified in the <em>Tripp Lite B002a Secure KVM Switch Series Administration and Security Management Tool Guide (KVM), Version 2.1, June 8, 2020 </em>and the respective <em>User Manuals</em>, satisfies all of the security functional requirements stated in the&nbsp;<em>Tripp Lite B002a Secure KVM Switch Series Security Target, version 1.04, June 8, 2020.</em> The project underwent CCEVS Validator review. The evaluation was completed in July 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.</span></p>","environmental_strengths":"<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">The TOE implements the User Data Protection and Data Isolation security function policies of the <em style=\"mso-bidi-font-style: normal;\">Protection Profile for Peripheral Sharing Switch</em>. As specified in the ST,</span></p>\r\n<p class=\"Body\" style=\"margin-left: .25in; line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">&ldquo;Secure KVM devices allow an individual user to utilize a set of peripherals to operate in an environment with one or several isolated computers. KVM devices allow switching keyboard, mouse, display, audio, and USB/CAC (on C models) from one isolated computer to another.&rdquo;</span></p>\r\n<p style=\"text-align: justify; background: white; margin: 0in 7.5pt 6.0pt 0in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em>Keyboard and Mouse </em></strong></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">The keyboard and mouse processor is programmed in firmware only to accept basic keyboard and mouse USB devices (standard 108-key keyboard and 3-button mouse). Wireless keyboard and mouse are not allowed by the TOE. Only USB host peripheral devices are allowed by TOE keyboard and mouse host emulators. A secure peripheral switch (multiplexer) is used to assure the selection of just one tied keyboard and mouse serial data stream during TOE operation. The secure multiplexer has a third position, isolation, which is activated when the TOE has been tampered with or self-test has failed to disable the keyboard and mouse stream.</span></p>\r\n<p style=\"text-align: justify; background: white; margin: 0in 7.5pt 6.0pt 0in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em>TOE External Interfaces</em></strong></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">The TOE only supports AC/DC power, USB keyboard and mouse, video out (DP 1.2 in/DP 1.2 out or HDMI 1.4 in/HDMI 1.4 out), analog audio output, and USB authentication devices on supported models. Docking protocols are not supported by the TOE. Analog microphone or audio line inputs are not supported by the TOE. Unidirectional audio diodes are placed in parallel on both right and left stereo channels to ensure unidirectional data flow from the connected computer to the user peripheral device. Audio data from the connected peripheral devices to the connected computer is blocked by the audio data diodes.</span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em style=\"mso-bidi-font-style: normal;\"><span style=\"color: black;\">Audio Subsystem </span></em></strong></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">Electrical isolation of the audio subsystem from all other TOE interfaces prevents data leakage to and from the audio paths. The use of microphones or audio line input devices is prohibited. All TOE devices support analog audio out switching and all TOE devices will prevent the use of microphone devices. These microphones are stopped through the use of unidirectional audio diodes on both left and right stereo channels (which force data flow from only the computer to the connected audio device) and the analog output amplifier which enforces unidirectional audio data flow. The TOE audio subsystem does not delay, store, or convert audio data flows. This prevents any audio overflow during switching between isolated audio channels.</span></p>\r\n<p class=\"Body\" style=\"line-height: normal; page-break-after: avoid;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em>Video Subsystem</em></strong></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">Each connected computer has its own TOE isolated channel with its own Extended Display Identification Data (EDID) emulator and video input port. Data flows from the input video source through its respective EDID emulator and out of the monitor display port. Each video input interface is isolated from one another using different EDID ICs, power planes, ground planes, and electronic components in each independent channel. The TOE supports HDMI/DP 1.2 video input, and HDMI/DP 1.4 video output (depending on the TOE model). DP models include both single-head and dual-head designs, while all HDMI models are dual-head.</span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em style=\"mso-bidi-font-style: normal;\">TOE Administration and Security Management</em></strong></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">Each TOE is equipped with an Administration and Security Management Tool that can be initiated by running an executable file on a computer with keyboard connected to the same computer via the TOE. The tool requires administrator or a user to be successfully identified and authenticated by the TOE in order to gain access to any supported feature. Some features are restricted to the Administrator role only, while other features can be performed by either the Administrator or User role.</span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em>User Authentication Device Subsystem </em></strong></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">TOE models that support USB authentication devices are shipped with default Device Filtration for the CAC port. The filter is set at default to allow only standard smart-card reader, PIV/CAC USB 1.1/2.0 token, or biometric reader. All devices must be bus powered only (no external power source allowed). The TOE default settings accept standard smart-card reader, PIV/CAC USB 1.1/2.0 token or biometric reader. Authenticated users and administrator can register (whitelist) other USB devices. All other USB devices are prohibited (blacklisted).</span></p>\r\n<p style=\"text-align: justify; background: white; margin: 0in .1in 6.0pt 0in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em>User Control and Monitoring Security</em></strong></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">User monitoring and control of the TOE is performed through the TOE front panel LED illuminated push-buttons. These buttons are tied to the TOE system controller functionality. All push-buttons for selecting computer channels are internally illuminated via LEDs. The current selected channel is indicated by the illumination of the current channel push-button LED (the other channel LEDs remain off). During operation, all front panel LED indications cannot be turned off or dimmed by the user in any way including after Restore Factory Default (reset). </span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-family: 'times new roman', times, serif; font-size: 12pt;\">All features of the TOE front panel are tested during power up self-testing. From power up until the termination of the TOE self-test, no channel is selected.</span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em>Tampering Protection</em></strong></span></p>\r\n<p class=\"Body\" style=\"line-height: normal;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\">In order to mitigate potential tampering and replacement, the TOE is devised to ensure that any replacement may be detected, any physical modification is evident, and any logical modification may be prevented. The TOE is designed so that access to the TOE firmware, software, or its memory via its accessible ports is prevented. The TOE is designed to prevent any physical or logical access its internal memory. There is a mechanical switch on the inside of the TOE that triggers the anti-tampering state when the enclosure is manually opened. Once the anti-tampering state is triggered, the TOE is permanently disabled.</span></p>\r\n<p style=\"text-align: justify; background: white; margin: 0in .1in 6.0pt 0in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><strong style=\"mso-bidi-font-weight: normal;\"><em>Self-Testing and Security Audit</em></strong></span></p>\r\n<p style=\"text-align: justify; background: white; margin: 0in .1in 6.0pt 0in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\">The TOE has a self-testing function that executes immediately after power is supplied including Restore Factory Default (reset) and power reset. Self-testing must complete successfully before normal operational access is granted to the TSF. The self-test function includes the following activities:</span></p>\r\n<p style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; background: white; margin: 0in .1in 6.0pt .5in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><!-- [if !supportLists]--><span style=\"mso-list: Ignore;\">&middot;<span style=\"font-style: normal; font-variant: normal; font-weight: normal; font-stretch: normal; line-height: normal;\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><!--[endif]-->Basic integrity test of the TOE hardware (no front panel push buttons are jammed).</span></p>\r\n<p style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; background: white; margin: 0in .1in 6.0pt .5in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><!-- [if !supportLists]--><span style=\"mso-list: Ignore;\">&middot;<span style=\"font-style: normal; font-variant: normal; font-weight: normal; font-stretch: normal; line-height: normal;\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><!--[endif]-->Basic integrity test of the TOE firmware.</span></p>\r\n<p style=\"mso-add-space: auto; text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; background: white; margin: 0in .1in 6.0pt .5in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><!-- [if !supportLists]--><span style=\"mso-list: Ignore;\">&middot;<span style=\"font-style: normal; font-variant: normal; font-weight: normal; font-stretch: normal; line-height: normal;\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><!--[endif]-->Integrity test of the anti-tampering system and control function.</span></p>\r\n<p style=\"text-align: justify; text-indent: -.25in; mso-list: l0 level1 lfo1; background: white; margin: 0in .1in 6.0pt .5in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\"><!-- [if !supportLists]--><span style=\"mso-list: Ignore;\">&middot;<span style=\"font-style: normal; font-variant: normal; font-weight: normal; font-stretch: normal; line-height: normal;\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><!--[endif]-->Test the data traffic isolation between ports.</span></p>\r\n<p style=\"text-align: justify; background: white; margin: 0in .1in 6.0pt 0in;\"><span style=\"font-size: 12pt; font-family: 'times new roman', times, serif;\">The TOE has a non-volatile memory event log which records all abnormal security events that occur within TOE operation. This log can be accessed by the identified and authorized administrator and dumped into a .txt file using a connected computer and the Administration and Security Management tool that is provided by the TOE vendor.</span></p>","features":[]}