NIAP PP 4.0: isolating networks at one desk
NIAP PP 4.0 KVM: Meeting Your Security Certification Needs
Data centre managers face a complex landscape of security certifications when selecting KVM solutions. Understanding the differences between NIAP, Common Criteria, and FIPS 140-3 is critical—choosing the wrong certification for your environment wastes budget, while missing the right one risks audit failures and compliance violations.
NIAP PP 4.0 KVM switches provide isolated network access control at the console level, protecting sensitive environments from unauthorized access and lateral movement threats. By aligning your KVM certification requirements with your specific deployment needs and threat model, you ensure your infrastructure meets regulatory requirements while optimizing security spending across your data centre operations.
Three security certifications turn up on KVM datasheets: NIAP, Common Criteria, and FIPS 140-3. They are not ranked against each other. Each was written for a different deployment and a different threat. Buying the one that does not match your environment is wasted budget. Missing the one that does is an audit failure.
The question on a tender is rarely which vendor is most secure. It is which certification answers the threat you actually face. Three schemes, three answers.
Peripheral Sharing Device (PSD): a device that lets one set of peripherals, keyboard, mouse, monitor, and card reader, be shared across several connected computers. A secure KVM switch is a PSD. The NIAP Protection Profile defines the security requirements a PSD must meet to keep data isolated between computers of different security classifications.
NIAP PP 4.0: isolating networks at one desk
The NIAP Protection Profile for Peripheral Sharing Devices is the US and Canadian government standard for a secure desktop KVM. It answers one threat: an operator switching between networks of different classification on a single set of peripherals, where data must never cross between them.
The mechanism is physical. Hardware data-path isolation, unidirectional data flow, tamper-evident construction, no data retention, and optional CAC authentication. Version 4.0 replaced the older PP 3.0 and the EAL-based route for these devices. Raritan Secure Switch and the Adder ADDERView Secure range are certified to it.
Common Criteria EAL2+ and DoDIN APL: securing a networked matrix
A KVM-over-IP matrix is a different problem. It runs on a network, so the threat is network-borne attack on a distributed system, not data leakage across one desk.
G&D completed Common Criteria EAL2+ evaluation of its KVM-over-IP matrix systems under the Italian Scheme. With the SecureCert feature, those systems are listed on the US Department of Defense Information Network Approved Products List, and the same build carries FIPS 140-3. This is the certification set to look for when the KVM itself lives on the production or management network.
FIPS 140-3 and SOC 2: the cryptography and the vendor behind it
FIPS 140-3 validates the cryptographic module itself, the algorithms protecting the management channel. SOC 2 audits the vendor that builds and operates the platform. Together they answer a question the other two do not: can you trust the encryption, and the company behind it, for out-of-band and remote management.
ZPE Systems carries FIPS 140-3, SOC 2 Type 2, and ISO 27001 for its Nodegrid platform. This is the set that matters when the device is your recovery channel for everything else.
Match the certification to the deployment
Air-gapped desk
Two networks, one operator
Look for
NIAP PP 4.0 secure desktop KVM. Raritan RSS, Adder ADDERView Secure.
Networked matrix
KVM-over-IP, DoD or equivalent
Look for
Common Criteria EAL2+ with a DoDIN APL listing. G&D ControlCenter-IP with SecureCert.
Management plane
Out-of-band recovery channel
Look for
FIPS 140-3 with SOC 2 Type 2 and ISO 27001. ZPE Nodegrid.
A vendor with all three certifications is not three times safer. It supports three different deployments. Regulated buyers should check which scheme the auditor names, MAS, CSA, or a defence standard, rather than the vendor’s headline. A mixed estate can need more than one: an air-gap desk and a networked matrix are separate certifications. Specify the one your environment actually runs, and the shortlist sorts itself out.
Not sure which certification your deployment calls for?
Ask Enova which certification fitsFrequently asked questions
Is a KVM with three security certifications more secure than one with a single certification?
No. The three common KVM certifications, NIAP PP 4.0, Common Criteria EAL2+, and FIPS 140-3, are not ranked against each other. Each was written for a different deployment and threat model. A device with all three supports more deployment types, not a higher level of security for any one of them.
What does NIAP Protection Profile 4.0 certify on a KVM switch?
NIAP PP 4.0 is the US and Canadian government standard for Peripheral Sharing Devices, used for secure desktop KVM switches. It certifies physical data-path isolation, unidirectional data flow, tamper-evident construction, and no data retention, so an operator can switch between networks of different classification at one desk without data crossing between them. Raritan Secure Switch and Adder ADDERView Secure are certified to it.
What is the difference between NIAP PP 4.0 and Common Criteria EAL2+ for KVM?
NIAP PP 4.0 covers air-gapped secure desktop KVM, where the threat is data crossing classification boundaries at one workstation. Common Criteria EAL2+ covers networked KVM-over-IP matrix systems, where the threat is network-borne attack on a distributed system. G&D evaluated its KVM-over-IP matrix under Common Criteria EAL2+ via the Italian Scheme.
What is DoDIN APL and why does it matter for KVM-over-IP?
DoDIN APL is the US Department of Defense Information Network Approved Products List. A listing confirms a product is approved for use on DoD networks. G&D KVM-over-IP matrix systems with the SecureCert feature are listed on the DoDIN APL, which is the relevant approval when the KVM itself runs on the network rather than being air-gapped.
What does FIPS 140-3 with SOC 2 cover that NIAP and Common Criteria do not?
FIPS 140-3 validates the cryptographic module that protects the management channel, and SOC 2 audits the vendor that builds and operates the platform. Together they address out-of-band and remote management infrastructure. ZPE Systems carries FIPS 140-3, SOC 2 Type 2, and ISO 27001 for its Nodegrid platform.
How do I choose the right KVM certification for my environment?
Match the certification to the deployment. Two classified networks at one desk call for a NIAP PP 4.0 secure desktop KVM. A networked KVM-over-IP matrix on a DoD or equivalent network calls for Common Criteria EAL2+ with a DoDIN APL listing. Out-of-band management as a recovery channel calls for FIPS 140-3 with SOC 2 Type 2. A mixed estate can require more than one.
Published by
eNOVA Technologies is Singapore's specialist distributor for data centre IT management solutions, representing Adder, Guntermann & Drunck, Raritan, Sunbird, ZPE Systems, and VuWall across Singapore and Southeast Asia. Our technical content is produced with AI assistance and reviewed by our in-house team before publication.
This article was produced with AI assistance and reviewed by the eNOVA Technologies team. All technical claims are verified against manufacturer documentation.
