Black Box Explains... TEMPEST standard and Common Criteria (EAL4+).
Common Criteria (EAL4+) defines a common set of tests regarding the process of the design, testing, verification, and shipping of new security products. Common Criteria enables customers to assess a level of trust in how a product has been designed, tested, built, and shipped.
TEMPEST testing, while classified, is regarded as a process that assesses the threat of data linking by various covert electromagnetic eavesdropping mechanisms. The TEMPEST designation is often required by military organizations. TEMPEST, as a security standard, pertains to technical security countermeasures, standards, and instrumentation that prevent or minimize the exploitation of vulnerable data
communications equipment by technical surveillance or
Both testing standards are important, they just test for different things.
TEMPEST-Secure KVM Switches
For 2 or 4 ports, with USB, and DVI-I or VGA the ServSwitch Secure KVM Switch with USB (page 382) provides control and separation of up to four PCs connected to secure and unsecure networks through just one keyboard, monitor, and mouse.
High port-to-port electrical isolation, which facilitates data separation (RED/BLACK).
NSA tested and TEMPEST approved for and by the U.S. Air Force.
The low radiated emissions profile meets the appropriate national requirements for conducted/radiated electromagnetic emissions.
Switches are permanently hard wired, preventing access from one CPU to the others or access from one network to others.
External tamper-evident seals make it easy to spot attempted tampering.
Channel-to-channel 60-dB crosstalk isolation protects against signal snooping, so software tools and applications cannot be used to access any connected computer from another connected computer.
Users can safely switch among as many as four computers operating at different classification levels.
Common Criteria Evaluation Assurance to Level 4+
A newly developed switch, the ServSwitch Secure with USB and DVI, or VGA, or VGA and a Card Reader (pages 384–385), is being evaluated for Common Criteria Evaluation Assurance to Level 4+ (EAL4+). Common Criteria is an international standardized process for information technology security evaluation, validation, and certification. The Common Criteria scheme is supported by the National Security Agency through the National Information Assurance Program (NIAP).
The ServSwitch Secure KVM Switch with USB surpasses the security profiles of most other KVM switches. Along with the tamper-evident seals and other security features already mentioned, ServSwitch Secure KVM Switch with USB models feature these security measures:
The flow of keyboard and mouse data is unidirectional, so it’s not possible for the computer to send data along the keyboard and mouse signaling channels.
Keyboard and mouse devices can only be enumerated at the keyboard and mouse ports. Any other USB peripherals connected to these ports will be prohibited from operating, preventing, for example, a USB thumb drive from uploading or downloading unauthorized data.
At each channel switchover, the USB host controller circuit, which controls shared peripherals, erases its entire RAM. This prevents residual data from remaining in the channel after a channel change and being transferred to another computer.
Every time the channel is changed, shared USB peripherals are powered down, reset, and re-enumerated.
Every time the channel is changed, the USB host controller is also powered down and reset, further ensuring no transfer of residual data.
Dedicated DDC bus and EDID memory emulation at each port prevent the shared monitor link from being used as a covert attack channel.
With only one selection button per channel, the ServSwitch Secure models enable direct and unambiguous channel selection.
Hotkey and mouse switching are excluded, preventing remote control of the switch.
Ports are powered through the computer’s USB ports, while the shared keyboard, mouse, and monitor are powered by the switch’s power supply. The lack of a common power supply minimizes electronic signaling.
The switches with card readers have additional features, including active authentication verification and active tamper detection.