Security Target
Version 1.1
2022-03-08
39
Administrator performs Reset to Factory Default, all settings previously configured by the Administrator
(such as USB device whitelist/blacklist) will be cleaned and reset to factory default settings. Once the Reset
to Factory Default function has been completed, the Secure KVM will terminate the Administrator Logon
mode, purge keyboard/mouse buffer, and power cycle the Secure KVM automatically. After a successful
self-test, the KVM port focus will be switched to Port 1, and the CAC function of each port will be set to
factory default (enabled). Audit logs are retained and a log is generated for Reset to Factory Default.
The TOE also provides non-administrative users a front panel Reset button allowing the user to delete
TOE stored configuration and settings. Performing the reset function by pressing the Reset button for
more than 5 seconds, purges the Keyboard/Mouse buffer; the CAC enable/disable feature is restored to
the factory default
‘
enabled
’ state
; and the switch performs a self-test and switches to Port 1. CDF
configured by Administrator, logs, Administrative tasks, or other secure functions are not affected by the
front panel Reset function.
The Letter of Volatility is provided in Appendix A identifies the TOE components that have non-volatile
memory and provides details of the memory and its use.
6.2.10
FDP_SWI_EXT.1
–
PSD Switching; FDP_SWI_EXT.2
–
PSD Switching Methods;
FDP_SWI_EXT.3
–
Tied Switching
The keyboard, mouse, video, audio, and USB smart card CAC reader ports are always switched together
to the same connected computer using a push button on the front of the device or the wired PSD remote
control. As such, the keyboard and mouse are always switched together and there are no options to
switch peripherals independently from the keyboard and mouse. When the PSD is attached to a 2-Port
Secure KVM Switch, only pushbuttons numbered 1 and 2 will be detected and functional. When the PSD
is attached to a 4-Port Secure KVM Switch, only pushbuttons numbered 1, 2, 3, and 4 will be detected and
functional. When the PSD is attached to an 8-Port Secure KVM Switch, all eight pushbuttons will be
detected and functional. The TOE does not allow switching to be initiated through automatic port scanning,
control through a connected computer, or control through keyboard shortcuts. Note that the CAC
interface can be turned on/off independently of the other peripherals so when it is disabled, all
peripherals except for the CAC will be switched to the same computer and the CAC will remain inactive.
6.2.11
FDP_TER_EXT.1 Session Termination; FDP_TER_EXT.2 Session Termination or
Removed Devices; FDP_TER_EXT.3 Session Termination upon Switching
Inserting a card reader at the smart card/CAC port will activate the filtering process of the USB host
controller’s dedicated micro
-controller. If the card reader is in the whitelist and not on a blacklist (i.e.,
pass the CAC authentication), the micro-controller will switch the CAC multiplexer to computer channel
(Figure 1) and reboot the card reader; if not, the CAC multiplexer stays at micro-controller channel, so
CAC data could not be passed to computers.
The Secure KVM Switch resets the power supplied to the user authentication device for at least one
second when the user switches the device from one computer to another. The capacitance of the TOE is
about 10μF. For a typical user authentication device power reset, voltage decreases from 5V to less than
2V in 0.2 sec, meeting the 2.0V in one second requirement. Capacitance is small enough to assure that
low-power devices would reach less than 2.0 V during that one second power reset.
