Compliant Product - Vertiv CYBEX™ SCMDR0001 Multi-Domain Smart Card Reader Firmware Version 40040-0E7
Certificate Date: 2021.10.22CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11145-2021
Product Type: Sharing Switch
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for User Authentication Devices Version 1.0
Protection Profile for Peripheral Sharing Device Version 4.0
CC Testing Lab: Acumen Security
The Multi-Domain Smart Card Reader (MDR) is connected to up to four computers and is used with a smart card.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Vertiv CYBEX™ SCMDR0001 Multi-Domain Smart Card Reader Firmware Version 40040-0E7 were evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1. The product, when delivered configured as identified in the following documents satisfies all of the security functional requirements stated in the Vertiv CYBEX™ SCMDR0001 Multi-Domain Smart Card Reader Firmware Version 40040-0E7 Security Target:
· The CYBEX™ SECURE MULT-DOMAIN SMART CARD READER, 590-2296-501 Rev. A
· Vertiv CYBEX™ SCMDR0001 Multi-Domain Smart Card Reader Firmware Version 40040-0E7 Common Criteria Guidance Supplement, Version 1.4
The project underwent CCEVS Validator review. The evaluation was completed in October 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE is comprised of several security features. Each of the security features consists of several security functionalities, as identified below:
· User Data Protection
· Protection of the TSF
· TOE Access
These features are described in more detail in the subsections below.
User Data Protection
The TOE provides secure isolation between connected computers and a smartcard.
Protection of the TSF
The TOE ensures a secure state in the case of failure, provides only restricted access, and performs self-testing. The TOE provides passive detection of physical attack.
The TOE provides a continuous indication of which computer is currently selected.
Vertiv IT Systems