Security Target
Version 1.1
2022-03-08
44
6.5.2
FPT_NTA_EXT.1
–
No Access to TOE
The TOE firmware, software, and memory is not accessible from
the TOE’s external ports, with the
following exceptions:
•
the Extended Display Identification Data (EDID) memory for Video is accessible from connected
computers;
•
the configuration data, settings, and logging data is accessible by authorized administrators.
6.5.3
FPT_PHP.1
–
Passive Detection of Physical Attack and FPT_PHP.3
–
Resistance to
Physical Attack
The TOE becomes permanently inoperable and all front panel or RPS LEDs (except for Power LED) flash
constantly when a chassis intrusion, such as removal of the device cover, is detected. These indications
cannot be turned off by the TOE user and the guidance documentation instructs the user to stop using
the TOE, remove it from service and contact IOGEAR.
The KVM and RPS contain internal batteries with a minimum lifetime of five years, are non-replaceable,
and cannot be accessed without opening the device enclosure.
The TOE’s anti
-tampering function is
triggered when the battery is damaged or exhausted, permanently disabling the switch. See Section 6.5.5
for additional details. The admin guide instructs users to never attempt to replace the battery or open the
switch or RPS enclosure.
If a mechanical intrusion is detected on the switch, the switch (without RPS connected) will be
permanently disabled and all the front panel LEDs (except the Power LED) will flash continuously. A
mechanical intrusion is detected by a pressure switch that trips when the enclosure is opened. If a
mechanical intrusion is detected by the RPS (connected with the switch and aligned), this will permanently
disable both the RPS itself and the switch, and all LEDs (on RPS) and the front panel LEDs except the Power
LED (on switch) will flash continuously. To disable the KVM in the event of an aligned RPS, the RPS will
send a "tampering command" to the KVM.
6.5.4
FPT_STM.1 Reliable Time Stamps
The TOE includes its own time clock to provide reliable time stamps for its auditing functions and for
measuring the lockout duration following three failed authentication attempts. The developer sets the
time to UTC (Coordinated Universal Time) during manufacturing.
6.5.5
FPT_TST.1
–
TSF Testing and FPT_TST_EXT.1
–
TSF Testing
The Secure KVM Switch TOE self-tests include memory tests, firmware integrity tests, and tests of push-
button functioning. The TOE executes self-tests during boot (after a power-on, Reset to Factory Default,
or the reset button is pressed). The self-test function runs independently at each one of the TOE micro-
controllers following power up. The KVM performs self-tests first before enabling the peripheral switching
function. Before self-tests have completed successfully, the data paths between peripherals and
connected computers are blocked and no data flow is allowed.
The following details the particular self-tests: