Security Target
Version 1.1
2022-03-08
40
The micro-controller switches the CAC from computer channel back to micro-controller channel whenever
the card reader is pulled out, terminating an open session. If an inserted CAC Reader is verified by the
micro-controller to be on the whitelist, the CAC Reader data channel will be switched to the target
connected computer. The Data Isolation document Section 2.3 provides more details (proprietary). The
authentication procedure will start over again once a card reader insertion is detected at the USB card
reader port. When powering down, the TOE cuts the power to CAC switches. As there is no power to the
switch, the CAC channel is like a broken path (open switch). This prevents active sessions from continuing.
6.2.12
TOE Video Security Function
In addition to the Base-PP SFRs and SFRs related to the Video Function described above, the TOE video
input and output features in this section are also implemented in the TOE video subsystem (depending on
the video protocols supported by the model).
The TOE video auxiliary channel (AUX) path blocks information flows other than the minimal set required
to establish the video link. Unauthorized DisplayPort transactions are prevented by disassembling the
DisplayPort AUX channel transactions to block all unauthorized transactions. The TOE video function filters
the AUX channel by converting it to EDID only. DisplayPort video is converted into HDMI video stream.
Monitor’s EDID is, through EDID channel, read, filtered, and sent to Port’s EDID EEPROM for EDID
emulation.
All AUX channel threats are mitigated through the conversion from DisplayPort to HDMI protocols. All
types of traffic not authorized by the referenced PP are blocked by this TOE function, as the emulated
EEPROM would only support valid EDID read requests from connected computers.
6.2.12.1
DP Models
The following TOE models support DP 1.2 video input and output, and one or two displays.
Table 14: DP Models
Configuration
2-Port
4-Port
8-Port
DisplayPort
Single Head
GCS1412TAA4C
GCS1414TAA4C
GCS1418TAA4C
Dual Head
GCS1422TAA4C
GCS1424TAA4C
GCS1428TAA4C
These models accept DisplayPort for the computer video display interface. The TOE will convert the DP
signal to HDMI inside the TOE and then back to DisplayPort for output to the console display(s). The TOE
rejects communication of EDID information from computer to display, as well as CEC, HDCP, and MCCS
communications. The TOEs video EDID read procedure is
activated once during power‐on or reboot in
order to read the connected display EDID information.
EDID from display to computer, HPD from display to computer, and Link Training are allowed for the
DisplayPort interface. The TOE blocks CEC, EDID from computer to display, HDCP, and MCCS video/display
sub‐protocols.
The DP Models satisfy the following SFRs:
•
FDP_IPC_EXT.1(DP)
–
Internal Protocol Conversion