manualshive.com logo in svg

IOGear GCS1212TAA4C, Manual

The IOGear GCS1212TAA4C is a high-quality KVM switch that allows for seamless control of multiple computers with just one set of peripherals. For detailed setup and troubleshooting instructions, download the free manual from manualshive.com. This manual provides easy-to-follow steps for maximizing the functionality of your device.

Share
Download
background image

Security Target 

Version 1.1

 

2022-03-08 

43 

The TOE provides a security management function to Reset to Factory Default

(not to be confused with 

the  front  panel  reset  button).    When  a  successfully  authenticated  authorized  Administrator  performs 
Reset  to  Factory  Default,  settings  previously  configured  by  the  Administrator  (such  as  USB  device 
whitelist/blacklist) will be cleaned and reset to factory default settings. Once the Reset to Factory Default 
function  has  been  completed,  the  Secure  KVM  will  terminate  the  Administrator  Logon  mode,  purge 
keyboard/mouse buffer, and power cycle the Secure KVM automatically.  After a successful self-test, the 
KVM port focus will be switched to Port 1, and the CAC function of each port will be set to factory default 
(enabled).  

The Reset to Factory Default does not affect or erase Log data nor does it affect the previously changed 
Administrator password. 

6.4.3

 

FMT_SMR.1 

 Security Roles 

The TOE maintains a single administrator role. All other users are non-administrative users. A properly 
authenticated  administrator  has  the  ability  to  view  audit  records,  Reset  to  factory  defaults,  change 
password, and configure user authentication device/ keyboard/ mouse filtering (i.e. CDF). Users without 
an administrator role cannot use these function and are not required to authenticate.  

6.5

 

Protection of the TSF 

In  order  to  mitigate  potential  tampering  and  replacement,  the  TOE  is  designed  to  ensure  that  any 
replacement may be detected, any physical modification is evident, and any logical modification may be 
prevented. Access to the TOE firmware, software, or its memory via its accessible ports is prevented. No 
access is available to modify the TOE or its  memory. To mitigate the risk that a potential attacker will 
tamper with a TOE and then reprogram it with altered functionality, the TOE software is contained in one-
time-programmable read-only memory permanently attached (non-socketed) to a circuit assembly. The 

TOE’s operational code is not upgradeable through any of the TOE external or internal ports.

 

The TOE

’s KVM

 has two tamper-evident labels printed with the TOEs unique product serial number and 

the vendor’s specific design. One label is applied to the

 side of the device and the other to the bottom of 

the chassis, over the screw used to secure the front-top cover to the enclosure. The side-label is clearly 
visible to the user operating the TOE and the other label can be clearly seen when the device is turned 
over.  The optional Remote Port Selector (RPS) includes its own tamper-evident tape to provide visual 
indications of intrusion to the RPS enclosure. Any attempt to open the KVM or RPS enclosures sufficient 
to gain access to internal components will change the labels to a tampered state.  

6.5.1

 

FPT_FLS_EXT.1 

 Failure with Preservation of Secure State 

The TOE preserves a secure state by disabling the TOE when the following types of failures occur: failure 
of the power on self-test and failure of the anti-tampering function. The behavior as described below for 
FPT_PHP.1 and FPT_PHP.3 will occur if the Secure KVM Switch self-test fails or its security function detects 
a breach.   

 

3

 

Vendor guidance documents also refer to this as ‘

Reset KVM to Default

’.

  

Summary of Contents for GCS1212TAA4C

Page 1: ...VM Switch Series CAC Models Security Target Version 1 1 2022 03 08 Prepared for 15365 Barranca Pkwy Irvine CA 92618 Prepared by Common Criteria Testing Laboratory 6841 Benjamin Franklin Drive Columbia...

Page 2: ...sion Author Modifications 0 1 Leidos Initial Version 0 2 Leidos Updates based on vendor and evaluation reviews 0 3 Leidos Updates for validator check in comments 1 0 Leidos Minor Updates for evaluator...

Page 3: ...Security Objectives 15 4 1 Security Objectives for the Operational Environment 15 5 IT Security Requirements 16 5 1 Extended Requirements 16 5 2 TOE Security Functional Requirements PSD MOD_AO_V1 0 M...

Page 4: ...9 FDP_RIP 1 KM Residual Information Protection Keyboard Data FDP_RIP_EXT 1 Residual Information Protection and FDP_RIP_EXT 2 Purge of Residual Information 38 6 2 10 FDP_SWI_EXT 1 PSD Switching FDP_SWI...

Page 5: ...KVM Switch Computer Interfaces and TOE Models 8 Table 6 Security Objectives for the Operational Environment 15 Table 7 TOE Security Functional Components 17 Table 8 Audio Filtration Specifications 19...

Page 6: ...et of Evaluation TOE Identification IOGEAR Secure KVM Switch Series CAC Models TOE Versions The following table identifies the model numbers per configuration The firmware version for all models is v1...

Page 7: ...1 0 19 July 2019 MOD_AO_V1 0 PP Module for Keyboard Mouse Devices Version 1 0 19 July 2019 MOD_KM_V1 0 o including the following optional and selection based SFRs FDP_FIL_EXT 1 KM FDP_RIP 1 KM and FDP...

Page 8: ...assignment Assignments within Selections are denoted by italicized bold text Iteration operation is identified with a slash and an identifier e g KM Additional iterations made by the ST author are def...

Page 9: ...is powered off non volatile or not volatile Monitoring The ability of a User to receive an indicator of the current Active Interface Non Selected Computer A Connected Computer that has no Active Inter...

Page 10: ...authenticate to a computer e g smart card reader biometric authentication device proximity card reader User Data Information that the User inputs to the Connected Computer or is output to the User fr...

Page 11: ...cus to the computer attached to its corresponding port 2 2 TOE Overview The TOE is the IOGEAR Secure Switch series of products with CAC The TOE allows users to connect a single set of peripherals to i...

Page 12: ...tched peripherals on the console side are analog audio output USB keyboard and mouse USB user authentication device and DisplayPort HDMI or DVI I video output depending on model Separate USB cables ar...

Page 13: ...CS1428TAA4C GCS1218TAA4C GCS1228TAA4C Table 5 IOGEAR Secure KVM Switch Computer Interfaces and TOE Models Model No Computer Video Input Interface Computer Keyboard Mouse Computer Audio Input Computer...

Page 14: ...devices and connected computers as specified in PSD Data leakage is prevented across the TOE to avoid compromise of the user s information The Secure KVM Switch products automatically clear the inter...

Page 15: ...er Port 1 The dedicated secure source computer must have its own monitor keyboard and mouse connected for installation and operation A detailed description of the TOE security features can be found in...

Page 16: ...a Class A digital device pursuant to Part 15 of the Federal Communications Commission rules If not installed and used in accordance with the guidance instructions the device may cause harmful interfe...

Page 17: ...emove all settings previously configured by the Administrator such as USB device whitelist blacklist Once the Reset to Factory Default function has been completed the Secure KVM will terminate the Adm...

Page 18: ...curity related guidance material for all devices in the evaluated configuration Guidance Documentation IOGEAR 2 4 8 Port USB DVI HDMI DisplayPort Single Dual View Secure KVM Switch Administrator s Gui...

Page 19: ...assumptions about the operational environment of the TOE In general the PSD has presented a Security Problem Definition appropriate for peripheral sharing devices The IOGEAR Secure KVM Switch Series s...

Page 20: ...at microphones are not plugged into the TOE audio output interfaces OE NO_SPECIAL_ANALOG_CAPABILITIES from MOD VI_V1 0 The operational environment will not have special analog data collection cards or...

Page 21: ...he following extended SFRs and since they are not redefined in this ST the PSD and associated modules should be consulted for more information in regard to those CC extensions FDP_AFL_EXT 1 Audio Filt...

Page 22: ...dentifies the TOE Security Functional Requirements for the PSD 4 0 and modules MOD_AO_V1 0 MOD_KM_V1 0 MOD_UA_V1 0 Section 5 3 identifies the requirements for the Video Display Device Module Tables 7...

Page 23: ...I_EXT 1 PSD Switching FDP_SWI_EXT 2 PSD Switching Methods FDP_SWI_EXT 3 Tied Switching FDP_TER_EXT 1 Session Termination FDP_TER_EXT 2 Session Termination or Removed Devices FDP_TER_EXT 3 Session Term...

Page 24: ...nd rejections modification of the TOE user authentication device filtering whitelist and blacklist modification of the TOE keyboard mouse filtering blacklist Reset to Factory Default view audit logs c...

Page 25: ...This SFR is originally defined in the Base PP but is refined and iterated to apply to the audio output interface per section 5 1 2 of the Audio Output PP Module 5 2 2 3 Active PSD Connections Keyboar...

Page 26: ...plication Note This SFR is originally defined in the Base PP but is refined and iterated to apply to the video interface per section 5 1 2 of the Video Display PP Module 5 2 2 6 Connected Displays Sup...

Page 27: ...pheral is rejected 5 2 2 10Peripheral Device Connection Audio Output FDP_PDC_EXT 2 AO FDP_PDC_EXT 2 1 AO The TSF shall allow connections with authorized devices as defined in Appendix E of the AO Modu...

Page 28: ...interface protocols as defined in the PP Module for User Authentication Devices authorized devices presenting authorized interface protocols as defined in the PP Module for Video Display Devices upon...

Page 29: ...PDC_EXT 2 2 VI The TSF shall allow connections with authorized devices presenting authorized interface protocols as defined in Appendix E of the VI Module and authorized devices presenting authorized...

Page 30: ...r restore factory defaults function accessible to the administrator to delete all TOE stored configuration and settings except for logging 5 2 2 21PSD Switching FDP_SWI_EXT 1 FDP_SWI_EXT 1 1 The TSF s...

Page 31: ...io output computer interface to the TOE analog audio output peripheral interface 5 2 2 29Unidirectional Data Flow Keyboard Mouse FDP_UDF_EXT 1 KM FDP_UDF_EXT 1 1 KM The TSF shall ensure keyboard mouse...

Page 32: ...1 Failure with Preservation of Secure State FPT_FLS_EXT 1 FPT_FLS_EXT 1 1 The TSF shall preserve a secure state when the following types of failures occur failure of the power on self test and failur...

Page 33: ...e TSF shall display a visible indication of the selected computers at all times when the TOE is powered FTA_CIN_EXT 1 22 The TSF shall implement the visible indication using the following mechanism ea...

Page 34: ...Security Functional Components DP Models Requirement Class Requirement Component FDP User Data Protection FDP_IPC_EXT 1 DP Internal Protocol Conversion FDP_PDC_EXT 3 VI DP Authorized Connection Proto...

Page 35: ...AA4C GCS1314TAA4C GCS1322TAA4C and GCS1324TAA4C Table 10 TOE Security Functional Components H Models Requirement Class Requirement Component FDP User Data Protection FDP_PDC_EXT 3 VI H Authorized Conn...

Page 36: ...CS1218TAA4C GCS1222TAA4C GCS1224TAA4C and GCS1228TAA4C Table 11 TOE Security Functional Components D Models Requirement Class Requirement Component FDP User Data Protection FDP_PDC_EXT 3 VI D Authoriz...

Page 37: ...e TOE are included by reference from the PSD Table 12 Assurance Components Requirement Class Requirement Component Security Target ASE Conformance Claims ASE_CCL 1 Extended Components Definition ASE_E...

Page 38: ...n the text editor by entering the command LIST The event logs are divided into two types critical and non critical The Log Data Area displays the critical and non critical Log data Each logged event i...

Page 39: ...es in Section 2 2 for details on TOE computer peripherals and connected computer port interfaces for each specific TOE model The TOE ensures that any previous information content of a resource is made...

Page 40: ...wo connected displays at a time The HDMI models GCS1312TAA4C and GCS1314TAA4C each support one connected display While GCS1322TAA4C and GCS1324TAA4C each support two connected displays at a time The D...

Page 41: ...has its own default password and like the password for the TOE Administrator Logon function should be changed after first logon Guidance instructs the administrator not to use the same password as wa...

Page 42: ...to the HDMI protocol Since the TOE converts DisplayPort signals at the computer interface to HDMI signals at the console interface DisplayPort is not identified as an authorized protocol for the PSD c...

Page 43: ...rict security standards and policy for the IOGEAR Secure KVM Switch If supported only basic HID keyboard operations will function 6 2 7 FDP_PUD_EXT 1 Powering Unauthorized Devices The TOE does not sup...

Page 44: ...ogether and there are no options to switch peripherals independently from the keyboard and mouse When the PSD is attached to a 2 Port Secure KVM Switch only pushbuttons numbered 1 and 2 will be detect...

Page 45: ...deo function filters the AUX channel by converting it to EDID only DisplayPort video is converted into HDMI video stream Monitor s EDID is through EDID channel read filtered and sent to Port s EDID EE...

Page 46: ...tocols The H Models satisfy the following SFRs FDP_PDC_EXT 3 VI H Authorized Connection Protocols Video Output H Model FDP_SPR_EXT 1 HDMI H Sub Protocol Rules HDMI Protocol H Module 6 2 12 3D Models T...

Page 47: ...must change the password after the first successful logon The password is case sensitive and new passwords must contain at least 1 lower case letter at least 1 upper case letter at least 1 numeric cha...

Page 48: ...any logical modification may be prevented Access to the TOE firmware software or its memory via its accessible ports is prevented No access is available to modify the TOE or its memory To mitigate the...

Page 49: ...t RPS connected will be permanently disabled and all the front panel LEDs except the Power LED will flash continuously A mechanical intrusion is detected by a pressure switch that trips when the enclo...

Page 50: ...t failure the TOE does not shut down The anti tampering self tests include the correct operation and tampering of the internal KVM and RPS batteries A KVM detecting tampering during normal operation w...

Page 51: ...abled since it fails the button jam self test Users can verify the integrity of the TOE by triggering a self test e g by powering on or rebooting the TOE and examining the front panel LEDs for self te...

Page 52: ...green to indicate that the CAC function is enabled and the computer attached to its corresponding port has the CAC focus note that CAC switching is always synchronized with computer selection The CAC...

Page 53: ...ined in Section 3 the Security Problem Definition of the PSD and modules have been included in this ST by reference As explained in Section 4 Security Objectives the Security Objectives of the PSD and...

Page 54: ...otection PSD FDP_RIP_EXT 2 Purge of Residual Information PSD FDP_SPR_EXT 1 DP DP Sub Protocol Rules DisplayPort Protocol DP Models MOD VI_V1 0 FDP_SPR_EXT 1 DVI I D Sub Protocol Rules DVI I Protocol D...

Page 55: ...urity Roles PSD FPT Protection of the TSF FPT_FLS_EXT 1 Failure with Preservation of Secure State PSD FPT_NTA_EXT 1 No Access to TOE PSD FPT_PHP 1 Passive Detection of Physical Attack PSD FPT_PHP 3 Re...

Page 56: ...ments are satisfied by aspects of the corresponding security function The set of security functions work together to satisfy all of the security functions and assurance requirements Furthermore all of...

Page 57: ...3 VI DP X FDP_PDC_EXT 3 VI H X FDP_PDC_EXT 3 VI D X FDP_PDC_EXT 4 X FDP_PUD_EXT 1 X FDP_PWR_EXT 1 X FDP_RIP 1 KM X FDP_RIP_EXT 1 X FDP_RIP_EXT 2 X FDP_SPR_EXT 1 DP DP X FDP_SPR_EXT 1 DVI I D X FDP_SPR...

Page 58: ...22 03 08 53 Specifications Security Audit User Data Protection Identification and Authentication Security Management Protection of the TSF TOE Access FPT_PHP 1 X FPT_PHP 3 X FPT_STM 1 X FPT_TST 1 X FP...

Page 59: ...ata 2 Host Controller Device Emulators ATEN SICG8022A Embedded RAM 1 Undisclosed Volatile May contain user data 3 System EEPROM ATMEL AT24C512 EEPROM 2 512K bits Non volatile No user data 4 System Fla...

Page 60: ...tory Default KVM reset reboot or power cycle 3 The Flash does not contain user data Firmware code is stored in the Flash and cannot be updated or rewritten The firmware code remains unchanged after a...

Reviews:

No comments

Related manuals for GCS1212TAA4C

Qlogic SANbox 5802V User Manual preview
SANbox 5802V
Brand: Qlogic Pages: 135
Qlogic SANbox2 SANbox2-64 User Manual preview
SANbox2 SANbox2-64
Brand: Qlogic Pages: 224
D-Link DXS-3410 Series Hardware Installation Manual preview
DXS-3410 Series
Brand: D-Link Pages: 54
NETGEAR 748TP Hardware Installation Manual preview
748TP
Brand: NETGEAR Pages: 36
SMART Hub VE220 Installation And User Manual preview
Hub VE220
Brand: SMART Pages: 46
Cabletron Systems DLEHF-MA User Manual preview
DLEHF-MA
Brand: Cabletron Systems Pages: 194
CYP OR-HD88HC Operation Manual preview
OR-HD88HC
Brand: CYP Pages: 20
XTBA Smart Switch 2:1 Manual preview
Smart Switch 2:1
Brand: XTBA Pages: 3
Omega iServer MicroServer EIS-2B User Manual preview
iServer MicroServer EIS-2B
Brand: Omega Pages: 68
Atlona AT-HD-SC-500 Manual preview
AT-HD-SC-500
Brand: Atlona Pages: 22
3Com 3C17500 Installation Manual preview
3C17500
Brand: 3Com Pages: 62
JenLogix Palert PX-01 Series User Manual preview
Palert PX-01 Series
Brand: JenLogix Pages: 48
Grasslin Plug in Digital Time Switch Instruction Manual preview
Plug in Digital Time Switch
Brand: Grasslin Pages: 88
Accton Technology CheetaHub Classic-2041 Quick Installation Manual preview
CheetaHub Classic-2041
Brand: Accton Technology Pages: 7
Qvis poeswitch-4 Installation Manual preview
poeswitch-4
Brand: Qvis Pages: 7
Belkin F1DA116Z User Manual preview
F1DA116Z
Brand: Belkin Pages: 288
Digital Equipment 624T Installing Manual preview
624T
Brand: Digital Equipment Pages: 2
Eaton XTCE095F F47 Series Instruction Leaflet preview
XTCE095F F47 Series
Brand: Eaton Pages: 2

Brands by name

Popular brands

Load more brands