![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0041: Use of an Intelligent Printer (PCL) in an Evaluated Product
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
A question was raised as to whether there are security implications regarding the use of a printer control language, which does not present a TCB interface.
An evaluated configuration contains a printer that may be controlled via commands embedded in the print job. The commands comprise a functional extension to a printer control language and consist of page layout, cursor positioning, font selection, and raster graphic commands.
Print jobs are printed serially (i.e., only one job can be printed at a time). The commands from any one print job do not affect the output of any other print job. There is no mechanism for returning the contents of internal buffers to a user. There is no provision for collecting and storing print data into a separate job and then re-outputing it as another user's print job. There are no provisions for retrieving the data from another user's process. The language used is a one way formatting language and is not a general purpose programming language.
Resolution
The analysis mandated by the security requirements resulting from this issue include object reuse, system architecture, testing, and possibly Discretionary Access Control. These requirements must be considered and appropriate analysis performed with respect to the evaluated configuration. It must be shown that any such capability does not introduce vulnerabilities or violations of the security requirements. The evaluation report should include a description of the printer control language, including why it does not present a security concern.
Support
This decision is based on past precedent and is consistent with previous guidance.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- None
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0020