Security Target
Version 1.1
2022-03-08
43
The TOE provides a security management function to Reset to Factory Default
3
(not to be confused with
the front panel reset button). When a successfully authenticated authorized Administrator performs
Reset to Factory Default, settings previously configured by the Administrator (such as USB device
whitelist/blacklist) will be cleaned and reset to factory default settings. Once the Reset to Factory Default
function has been completed, the Secure KVM will terminate the Administrator Logon mode, purge
keyboard/mouse buffer, and power cycle the Secure KVM automatically. After a successful self-test, the
KVM port focus will be switched to Port 1, and the CAC function of each port will be set to factory default
(enabled).
The Reset to Factory Default does not affect or erase Log data nor does it affect the previously changed
Administrator password.
6.4.3
FMT_SMR.1
–
Security Roles
The TOE maintains a single administrator role. All other users are non-administrative users. A properly
authenticated administrator has the ability to view audit records, Reset to factory defaults, change
password, and configure user authentication device/ keyboard/ mouse filtering (i.e. CDF). Users without
an administrator role cannot use these function and are not required to authenticate.
6.5
Protection of the TSF
In order to mitigate potential tampering and replacement, the TOE is designed to ensure that any
replacement may be detected, any physical modification is evident, and any logical modification may be
prevented. Access to the TOE firmware, software, or its memory via its accessible ports is prevented. No
access is available to modify the TOE or its memory. To mitigate the risk that a potential attacker will
tamper with a TOE and then reprogram it with altered functionality, the TOE software is contained in one-
time-programmable read-only memory permanently attached (non-socketed) to a circuit assembly. The
TOE’s operational code is not upgradeable through any of the TOE external or internal ports.
The TOE
’s KVM
has two tamper-evident labels printed with the TOEs unique product serial number and
the vendor’s specific design. One label is applied to the
side of the device and the other to the bottom of
the chassis, over the screw used to secure the front-top cover to the enclosure. The side-label is clearly
visible to the user operating the TOE and the other label can be clearly seen when the device is turned
over. The optional Remote Port Selector (RPS) includes its own tamper-evident tape to provide visual
indications of intrusion to the RPS enclosure. Any attempt to open the KVM or RPS enclosures sufficient
to gain access to internal components will change the labels to a tampered state.
6.5.1
FPT_FLS_EXT.1
–
Failure with Preservation of Secure State
The TOE preserves a secure state by disabling the TOE when the following types of failures occur: failure
of the power on self-test and failure of the anti-tampering function. The behavior as described below for
FPT_PHP.1 and FPT_PHP.3 will occur if the Secure KVM Switch self-test fails or its security function detects
a breach.
3
Vendor guidance documents also refer to this as ‘
Reset KVM to Default
’.