Security Target
Version 1.1
2022-03-08
35
For audio data output, the unidirectional buffers make sure that the audio data can travel only from the
selected computer to the audio device.
The USB authentication device connection is on a separate circuit isolated from all other TOE USB
functions and, after filtering for qualification, has a direct connection path to the selected computer. The
TOE does not emulate the user authentication device function.
All Keyboard and Mouse connections are filtered first, and only the authorized devices pre-defined in the
TOE’s whitelist
will be allowed. The data input by the authorized USB Keyboard and Mouse will be
emulated by TOE to USB data for computer sources.
No data or electrical signals flow between connected computers at any time. Each connected computer
has its own independent Device Controller, power circuit, and EEPROM.
No data transits the TOE when the TOE is powered off or when the TOE is in a failure state.
6.2.3
FDP_CDS_EXT.1
–
Connected Displays Supported
The TOE supports connected displays from a single source video feed (either single-head or multi-head).
Because of this, the single selected source video feed is always the same channel and indication of the
selected channel is through the channel selection LEDs on the TOE chassis.
The DisplayPort models GCS1412TAA4C, GCS1414TAA4C, and GCS1418TAA4C each support one
connected display. While GCS1422TAA4C, GCS1424TAA4C, and GCS1428TAA4C each support two
connected displays at a time.
The HDMI models GCS1312TAA4C and GCS1314TAA4C each support one connected display. While
GCS1322TAA4C and GCS1324TAA4C each support two connected displays at a time.
The DVI models GCS1212TAA4C, GCS1214TAA4C, and GCS1218TAA4C each support one connected
display. While GCS1222TAA4C, GCS1224TAA4C, and GCS1228TAA4C each support two connected displays
at a time.
6.2.4
FDP_FIL_EXT.1/KM
–
Device Filtering (Keyboard/Mouse); FDP_PDC_EXT.3/KM
–
Authorized Connection Protocols (Keyboard/Mouse)
The TOE supports authorized USB keyboard and mouse peripherals as defined in
below. Keyboard/mouse peripherals are filtered and emulated. Device filtering for
keyboard/mouse interfaces is configurable. Keyboard/mouse blacklisted devices are unauthorized
devices. Whitelisted devices are authorized devices for the keyboard/mouse interfaces in peripheral
device connections. The TOE does not define any whitelisted devices that are also blacklisted devices. The
KVM includes a built in allowed list (whitelist) for the USB Keyboard/ Mouse Ports. Only the default-
authorized devices can be blacklisted by the administrator for the USB Keyboard/Mouse Ports. The USB
Keyboard/Mouse Ports do not
support a “whitelist” function.
The configurable HID device function enables authorized administrators to assign a blacklist for HID
devices. To blacklist a keyboard/mouse device, the admin connects the HID device that they want
blacklisted directly to the Mouse Port (do not connect it to the KVM via a USB hub), and performs the
configuration via administrator functions. After configuration, the blacklisted HID device will be rejected