Compliant Product - ATEN Secure KVM Switch Series (CAC Models)
Certificate Date: 2022.03.10CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11221-2022
Product Type: Peripheral Switch
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for Analog Audio Output Devices Version 1.0
PP-Module for Keyboard/Mouse Devices Version 1.0
PP-Module for User Authentication Devices Version 1.0
PP-Module for Video/Display Devices Version 1.0
Protection Profile for Peripheral Sharing Device Version 4.0
CC Testing Lab: Leidos Common Criteria Testing Laboratory
Each device in the ATEN Secure KVM Switch series is a peripheral sharing device that allows for securely sharing one set of peripherals between multiple computers. Each of the sixteen models is a Peripheral Sharing Device that include console ports and computer ports. The console ports are used to connect a single set of peripherals, including a mouse, keyboard, user authentication device such as smart card or CAC reader, speaker, and one or two video displays (depending on specific device type) to the TOE. The TOE’s computer ports are connected to up to 2, 4, or 8 separate computers (again depending on specific device type). The user can then securely switch the connected console peripherals between any of the connected computers while preventing unauthorized data flows or leakage between computers. The TOE supports manual port switching using a press and release a port selection push button (on the switch, or on the Remote Port Selector (RPS) if connected and aligned) to bring the KVM focus to the computer attached to its corresponding port.
The TOE is the following models of the ATEN Secure KVM Switch Series.
In Table 1, DisplayPort configurations support DisplayPort monitors, HDMI configurations support HDMI monitors, and DVI configurations support DVI monitors. All TOE devices support USB keyboards and mice.
The TOE includes a wired remote controller: Remote Port Selector (RPS) that is available to customers as an additional purchase.This device has the same firmware version as the models above.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the ATEN Secure KVM Switch Series devices were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product satisfies all of the security functional requirements stated in the ATEN Secure KVM Switch Series Security Target, version 1.0, January 12, 2022, when delivered and configured as identified in the product documentation listed in the aforementioned security target.
The evaluation underwent CCEVS Validator review. The evaluation was completed in March 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
ATEN Secure KVM Switch series devices enforce the following TOE security functional policies as specified in the ST.
The TOE generates audit records for the authorized administrator actions. Each audit record records a standard set of information such as date and time of the event, type of event, and the outcome (success or failure) of the event.
The TOE controls and isolates information flowing between the peripheral device interfaces and a computer interface. The peripheral devices supported include USB keyboard; USB mouse; USB authentication device (CAC reader and smart card); audio output; and (depending on device type) DisplayPort, DVI-I, or HDMI video. Some TOE models accept DisplayPort signals at the computer interface and internally convert the signals to HDMI signals and then convert back to DisplayPort for output to the console interface.
The TOE authorizes peripheral device connections with the TOE console ports based on the peripheral device type.
The TOE ensures that any previous information content of a resource is made unavailable upon the deallocation of the resource from a TOE computer interface immediately after the TOE switches to another selected computer and on start-up of the TOE.
The TOE provides a Reset to Factory Default function allowing authenticated authorized Administrators to remove all settings previously configured by the Administrator (such as USB device whitelist/blacklist). Once the Reset to Factory Default function has been completed, the Secure KVM will terminate the Administrator Logon mode, purge keyboard/mouse buffer, and power cycle the Secure KVM automatically.
The TOE provides an identification and authentication function for the administrative user to perform administrative functions such as configuring the user authentication device filtering whitelist and blacklist (configurable device filtration). The authorized administrator must logon by providing a valid password.
The TOE supports configurable device filtration (CDF). This function is restricted to the authorized administrator and allows the TOE to be configured to accept or reject specific USB devices using CDF whitelist and blacklist parameters. Additionally, the TOE provides security management functions to configure the keyboard/mouse device filtration, Reset to Factory Default and to change the administrator password.
The TOE runs a suite of self-tests during initial startup and after activating the reset button that includes a test of the basic TOE hardware and firmware integrity; a test of the basic computer-to-computer isolation; and a test of critical security functions (i.e., user control and anti-tampering). The TOE provides users with the capability to verify the integrity of the TSF and the TSF functionality.
The TOE resists physical attacks on the main TOE enclosure as well as the RPS enclosure for the purpose of gaining access to the internal components or to damage the anti-tampering battery by becoming permanently disabled. The TOE preserves a secure state by disabling the TOE when there is a failure of the power on self-test, or a failure of the anti-tampering function.
The TOE provides unambiguous detection of physical tampering that might compromise the TSF. The TSF provides the capability to determine whether physical tampering with the TSF's devices or TSF's elements has occurred.
The TOE displays a continuous visual indication of the computer to which the user is currently connected, including on power up, and on reset.
ATEN International Co., Ltd.