manualshive.com logo in svg

ATEN CS1142D4C, Manual

Share
Download
ATEN CS1142D4C Manual Download Page 32

Security Target 

Version 1.1

 

2022-03-08 

27 

5.2.2.27

 

User Authentication Isolation (FDP_UAI_EXT.1)  

FDP_UAI_EXT.1.1 

The TSF shall isolate the user authentication function from all other TOE USB 
functions. 

5.2.2.28

 

Unidirectional Data Flow (Audio Output) (FDP_UDF_EXT.1/AO)  

FDP_UDF_EXT.1.1/AO 

The TSF shall ensure [

analog audio output data

] transits the TOE unidirectionally 

from [the TOE analog audio output computer] interface to [the TOE analog 
audio output peripheral] interface. 

5.2.2.29

 

Unidirectional Data Flow (Keyboard/Mouse) (FDP_UDF_EXT.1/KM)  

FDP_UDF_EXT.1.1/KM 

The  TSF  shall  ensure  [

keyboard,  mouse

]  data  transits  the  TOE  unidirectionally 

from the [TOE [

keyboard, mouse

]] peripheral interface(s) to the [TOE [

keyboard, 

mouse

]] interface. 

5.2.2.30

 

Unidirectional Data Flow (Video Output) (FDP_UDF_EXT.1/VI) 

FDP_UDF_EXT.1.1/VI

  The TSF shall ensure [

video

] data transits the TOE unidirectionally from the [

TOE 

computer video

] interface to the [

TOE peripheral device display

] interface. 

5.2.3

 

Identification and Authentication (FIA) 

5.2.3.1

 

User Authentication Before Any Action (FIA_UAU.2) 

FIA_UAU.2.1 

The TSF shall require each administrator to be successfully authenticated before 

allowing any other TSF‐mediated actions on behalf of that

 administrator.

 

5.2.3.2

 

User Identification Before Any Action (FIA_UID.2) 

FIA_UID.2.1 

The TSF shall require each administrator to be successfully identified before 

allowing any other TSF‐mediated actions on behalf of that 

administrator.

 

5.2.4

 

Security Management (FMT) 

5.2.4.1

 

Management of Security Functions Behavior (FMT_MOF.1) 

FMT_MOF.1.1 

The TSF shall restrict the ability to [

modify the behavior of

] the functions [

TOE 

user authentication device filtering whitelist and blacklist

,

 

TOE keyboard and 

mouse filtering blacklist,

 

Reset to Factory Default, view audit logs, change 

password

] to [

the authorized administrators

]. 

5.2.4.2

 

Specification of Management Functions (FMT_SMF.1) 

FMT_SMF.1.1 

The TOE shall be capable of performing the following management functions: 
[

modify TOE user authentication device filtering whitelist and blacklist, modify 

TOE keyboard and mouse filtering blacklist, Reset to Factory Default, view 
audit logs, change password

]. 

Summary of Contents for CS1142D4C

Page 1: ...dels Security Target Version 1 1 2022 03 08 Prepared for ATEN 3F No 125 Section 2 Datung Road Sijhih District New Taipei City 221 Taiwan Prepared by Common Criteria Testing Laboratory 6841 Benjamin Fr...

Page 2: ...Incorporate vendor review comments 0 3 Leidos Incorporate vendor review comments 0 4 Leidos Updates based on evaluator comments 0 5 Leidos Minor update to add adapters 0 6 Leidos Updates for validato...

Page 3: ...tives 16 4 1 Security Objectives for the Operational Environment 16 5 IT Security Requirements 17 5 1 Extended Requirements 17 5 2 TOE Security Functional Requirements PSD MOD AO MOD KM MOD_UA_V1 0 18...

Page 4: ...ual Information Protection Keyboard Data FDP_RIP_EXT 1 Residual Information Protection and FDP_RIP_EXT 2 Purge of Residual Information 39 6 2 10 FDP_SWI_EXT 1 PSD Switching FDP_SWI_EXT 2 PSD Switching...

Page 5: ...ch Computer Interfaces and TOE Models 9 Table 6 Security Objectives for the Operational Environment 16 Table 7 TOE Security Functional Components 18 Table 8 Audio Filtration Specifications 21 Table 9...

Page 6: ...1 1 ST Date 2022 03 08 Target of Evaluation TOE Identification ATEN Secure KVM Switch Series CAC Models TOE Versions The following table identifies the model numbers per configuration The firmware ver...

Page 7: ...0 19 July 2019 MOD_AO_V1 0 PP Module for Keyboard Mouse Devices Version 1 0 19 July 2019 MOD_KM_V1 0 o including the following optional and selection based SFRs FDP_FIL_EXT 1 KM FDP_RIP 1 KM and FDP_S...

Page 8: ...gnment Assignments within Selections are denoted by italicized bold text Iteration operation is identified with a slash and an identifier e g KM Additional iterations made by the ST author are defined...

Page 9: ...is powered off non volatile or not volatile Monitoring The ability of a User to receive an indicator of the current Active Interface Non Selected Computer A Connected Computer that has no Active Inter...

Page 10: ...authenticate to a computer e g smart card reader biometric authentication device proximity card reader User Data Information that the User inputs to the Connected Computer or is output to the User fr...

Page 11: ...Security Target Version 1 1 2022 03 08 6 Acronym Definition PC Personal Computer PSD Peripheral Sharing Device RPS Remote Port Selector SFP Security Function Policy USB Universal Serial Bus...

Page 12: ...ich of the connected computers is active such that the peripherals connected to the console can be used to interact with the selected computer The TOE s console ports support USB keyboard and mouse an...

Page 13: ...e Secure KVM Switch products supporting DisplayPort convert the DisplayPort video signal to HDMI The HDMI signal inside the KVM will be converted again to DisplayPort signal for output to the connecte...

Page 14: ...4DP4C CS1184H4C CS1144H4C CS1184D4C CS1144D4C CS1188DP4C CS1148DP4C CS1188D4C CS1148D4C The ATEN Secure KVM products implement a secure isolation design for all models to share a single set of periphe...

Page 15: ...devices Details of the data flow architecture are provided in the proprietary Secure KVM Isolation Document All keyboard and mouse connections are filtered first and only authorized devices will be al...

Page 16: ...entified in Section 2 5 below An optional KVM cable set not supplied with the TOE is available as a separate purchase The KVM cable sets are built for the KVM connection to the PCs providing better co...

Page 17: ...Class A digital device pursuant to Part 15 of the Federal Communications Commission rules If not installed and used in accordance with the guidance instructions the device may cause harmful interferen...

Page 18: ...emove all settings previously configured by the Administrator such as USB device whitelist blacklist Once the Reset to Factory Default function has been completed the Secure KVM will terminate the Adm...

Page 19: ...ntation ATEN PSD PP v4 0 Secure KVM Switch Series 2 4 8 Port USB DVI HDMI DisplayPort Single Dual Display PP v4 0 Secure KVM Switch Administrator Guide Version 1 03 2021 1 25 ATEN PSD PP v4 0 Secure K...

Page 20: ...assumptions about the operational environment of the TOE In general the PSD has presented a Security Problem Definition appropriate for peripheral sharing devices The ATEN Secure KVM Switch Series su...

Page 21: ...at microphones are not plugged into the TOE audio output interfaces OE NO_SPECIAL_ANALOG_CAPABILITIES from MOD_VI_V1 0 The operational environment will not have special analog data collection cards or...

Page 22: ...he following extended SFRs and since they are not redefined in this ST the PSD and associated modules should be consulted for more information in regard to those CC extensions FDP_AFL_EXT 1 Audio Filt...

Page 23: ...tional Requirements for the PSD 4 0 and modules MOD_AO_V1 0 MOD_KM_V1 0 MOD_UA_V1 0 Section 5 3 identifies the requirements for the Video Display Device Module Tables 7 9 10 and 11 identify the SFRs t...

Page 24: ...witching Methods FDP_SWI_EXT 3 Tied Switching FDP_TER_EXT 1 Session Termination FDP_TER_EXT 2 Session Termination or Removed Devices FDP_TER_EXT 3 Session Termination upon Switching FDP_UAI_EXT 1 User...

Page 25: ...nce and rejections modification of the TOE user authentication device filtering whitelist and blacklist modification of the TOE keyboard mouse filtering blacklist Reset to Factory Default view audit l...

Page 26: ...tate Application Note This SFR is originally defined in the Base PP but is refined and iterated to apply to the audio output interface per section 5 1 2 of the Audio Output PP Module 5 2 2 3Active PSD...

Page 27: ...pplication Note This SFR is originally defined in the Base PP but is refined and iterated to apply to the video interface per section 5 1 2 of the Video Display PP Module 5 2 2 6Connected Displays Sup...

Page 28: ...2 1 AO The TSF shall allow connections with authorized devices as defined in Appendix E of the AO Module and authorized devices and functions as defined in the PP Module for Keyboard Mouse Devices aut...

Page 29: ...e to a powered on TOE 5 2 2 12 Authorized Devices User Authentication Devices FDP_PDC_EXT 2 UA FDP_PDC_EXT 2 1 UA The TSF shall allow connections with authorized devices as defined in Appendix E of th...

Page 30: ...authorized interface protocols as defined in the PP Module for Keyboard Mouse Devices authorized devices presenting authorized interface protocols as defined in the PP Module for User Authentication...

Page 31: ...g can be initiated through automatic port scanning control through a connected computer or control through keyboard shortcuts FDP_SWI_EXT 2 2 The TSF shall ensure that switching can be initiated only...

Page 32: ...cation and Authentication FIA 5 2 3 1User Authentication Before Any Action FIA_UAU 2 FIA_UAU 2 1 The TSF shall require each administrator to be successfully authenticated before allowing any other TSF...

Page 33: ...de unambiguous detection of physical tampering that might compromise the TSF FPT_PHP 1 2 The TSF shall provide the capability to determine whether physical tampering with the TSF s devices or TSF s el...

Page 34: ...hts bright green to indicate that the CAC function is enabled for that corresponding port Each port has its own Port LED and CAC LED FTA_CIN_EXT 1 3 The TSF shall ensure that while the TOE is powered...

Page 35: ...t the HDMI protocol from inside the TOE to peripheral display interface s as DisplayPort protocol 5 3 1 2Authorized Connection Protocols Video Output DP Models FDP_PDC_EXT 3 VI DP FDP_PDC_EXT 3 1 VI D...

Page 36: ...P 5 4 1 1Authorized Connection Protocols Video Output H Models FDP_PDC_EXT 3 VI H FDP_PDC_EXT 3 1 VI H The TSF shall have interfaces for the HDMI protocols FDP_PDC_EXT 3 2 VI H The TSF shall apply the...

Page 37: ...ection FDP 5 5 1 1Authorized Connection Protocols Video Output D Models FDP_PDC_EXT 3 VI D FDP_PDC_EXT 3 1 VI D The TSF shall have interfaces for the DVI I protocols FDP_PDC_EXT 3 2 VI D The TSF shall...

Page 38: ...ASE_ECD 1 ST Introduction ASE_INT 1 Security Objectives ASE_OBJ 2 Derived Security Requirements ASE_REQ 2 Security Problem Definition ASE_SPD 1 TOE Summary Specification ASE_TSS 1 Development ADV Basi...

Page 39: ...in the text editor by entering the command LIST The event logs are divided into two types critical and non critical The Log Data Area displays the critical and non critical Log data Each logged event...

Page 40: ...es in Section 2 2 for details on TOE computer peripherals and connected computer port interfaces for each specific TOE model The TOE ensures that any previous information content of a resource is made...

Page 41: ...d CS1184H4C each support one connected display While CS1142H4C and CS1144H4C each support two connected displays at a time The DVI models CS1182D4C CS1184D4C and CS1188D4C each support one connected d...

Page 42: ...or Logon functions After the secure source computer is connected to the TOE and the authorized administrator has authenticated to the utility the administrator uses the utility GUI commands to configu...

Page 43: ...rt TOE models with HDMI source are capable of embedding digital audio into digital video data transmission DisplayPort interfaced TOEs support digital audio embedded in the video The DisplayPort signa...

Page 44: ...output interface 6 2 8 FDP_PWR_EXT 1 Powered By Computer The Secure KVM Switch provides power to connected user authentication devices via the USB protocol is isolated from other circuitry and cannot...

Page 45: ...OE does not allow switching to be initiated through automatic port scanning control through a connected computer or control through keyboard shortcuts Note that the CAC interface can be turned on off...

Page 46: ...nced PP are blocked by this TOE function as the emulated EEPROM would only support valid EDID read requests from connected computers 6 2 12 1 DP Models The following TOE models support DP 1 2 video in...

Page 47: ...C CS1144D4C CS1148D4C The TOEs video EDID read procedure is activated once during power on or reboot in order to read the connected display EDID information EDID from display to computer and HPD from...

Page 48: ...to restore a lost forgotten password 6 4 2 FMT_SMF 1 Specification of Management Functions The TOE provides security management functions to configure the user authentication and keyboard mouse device...

Page 49: ...TOE s operational code is not upgradeable through any of the TOE external or internal ports The TOE s KVM has two tamper evident labels printed with the TOEs unique product serial number and the vend...

Page 50: ...o the KVM 6 5 4 FPT_STM 1 Reliable Time Stamps The TOE includes its own time clock to provide reliable time stamps for its auditing functions and for measuring the lockout duration following three fai...

Page 51: ...results from the following Connecting a tampered RPS to KVM before KVM power up This RPS was already tampered before connecting to KVM and therefore the RPS will not be detected and aligned with the K...

Page 52: ...ion device for at least one second when the user switches the device from one computer to another 6 6 1 FTA_CIN_EXT 1 Continuous Indications The TOE displays continuous visual indicators of the comput...

Page 53: ...hen the corresponding port is selected this indicates a non qualified USB smart card CAC reader is connected The TOE has a reset button that resets the switch to the default settings when pressed The...

Page 54: ...ined in Section 3 the Security Problem Definition of the PSD and modules have been included in this ST by reference As explained in Section 4 Security Objectives the Security Objectives of the PSD and...

Page 55: ...otection PSD FDP_RIP_EXT 2 Purge of Residual Information PSD FDP_SPR_EXT 1 DP DP Sub Protocol Rules DisplayPort Protocol DP Models MOD_VI_V1 0 FDP_SPR_EXT 1 DVI I D Sub Protocol Rules DVI I Protocol D...

Page 56: ...urity Roles PSD FPT Protection of the TSF FPT_FLS_EXT 1 Failure with Preservation of Secure State PSD FPT_NTA_EXT 1 No Access to TOE PSD FPT_PHP 1 Passive Detection of Physical Attack PSD FPT_PHP 3 Re...

Page 57: ...ments are satisfied by aspects of the corresponding security function The set of security functions work together to satisfy all of the security functions and assurance requirements Furthermore all of...

Page 58: ...3 VI DP X FDP_PDC_EXT 3 VI H X FDP_PDC_EXT 3 VI D X FDP_PDC_EXT 4 X FDP_PUD_EXT 1 X FDP_PWR_EXT 1 X FDP_RIP 1 KM X FDP_RIP_EXT 1 X FDP_RIP_EXT 2 X FDP_SPR_EXT 1 DP DP X FDP_SPR_EXT 1 DVI I D X FDP_SPR...

Page 59: ...22 03 08 54 Specifications Security Audit User Data Protection Identification and Authentication Security Management Protection of the TSF TOE Access FPT_PHP 1 X FPT_PHP 3 X FPT_STM 1 X FPT_TST 1 X FP...

Page 60: ...ata 2 Host Controller Device Emulators ATEN SICG8022A Embedded RAM 1 Undisclosed Volatile May contain user data 3 System EEPROM ATMEL AT24C512 EEPROM 2 512K bits Non volatile No user data 4 System Fla...

Page 61: ...tory Default KVM reset reboot or power cycle 3 The Flash does not contain user data Firmware code is stored in the Flash and cannot be updated or rewritten The firmware code remains unchanged after a...

Reviews:

No comments

Brands by name

Popular brands

Load more brands