Validated Protection Profile - U.S. Government Protection Profile for Hardcopy Devices in Basic Robustness Environments (IEEE Std. 2600.1-2009) Version 1.0

Short Name: pp_hcd_br_v1.0

Technology Type: Multi Function Device

CC Version: 3.1

Date: 12 June 2009

Conformance Claim: Basic Robustness

Protection Profile [PDF]
Validation Report [PDF]
CC Certificate [PDF]

 

PP OVERVIEW

The Hardcopy Devices (HCDs) considered in this Protection Profile are used for the purpose of converting hardcopy documents into digital form (scanning), converting digital documents into hardcopy form (printing), transmitting hardcopy documents over telephone lines (faxing), or duplicating hardcopy documents (copying). Hardcopy documents are commonly in paper form, but they can also take other forms such as positive or negative transparencies or film.

HCDs can be implemented in many different configurations, depending on their intended purpose or purposes. Simple devices have a single purpose implemented by a single function, such as a printer, scanner, copier, or fax machine. Other devices augment a single primary purpose with additional secondary functions, such as a fax machine that can also be used to make copies, or a copier that can also be used as a printer. Complex multifunction devices fulfill multiple purposes by using multiple functions in different combinations to perform the operations of several single-function devices.

Some HCDs have additional functions that enhance their capabilities, such as hard disk drives or other nonvolatile storage systems, document server functions, or mechanisms for manually or automatically updating the HCD’s operating software. All HCDs considered in this Protection Profile are assumed to provide the capability for appropriately authorized users to manage the security features of the HCD.

SECURITY EVALUATION SUMMARY

The major security features of the TOE are:

  1. All Users are identified and authenticated, and are authorized before being granted permission to perform TOE functions.
  2. Administrators authorize Users to use the functions of the TOE.
  3. User Document Data are protected from unauthorized disclosure or alteration.
  4. User Function Data are protected from unauthorized alteration.
  5. TSF Data, of which unauthorized disclosure threatens operational security, are protected from unauthorized disclosure.
  6. TSF Data, of which unauthorized alteration threatens operational security, are protected from unauthorized alteration.
  7. Document processing and security-relevant system events are recorded, and such records are protected from disclosure or alteration by anyone except for authorized personnel.

ENVIRONMENTAL STRENGTHS

This Protection Profile has been developed for Hardcopy Devices used in restrictive commercial information processing environments that require a relatively high level of document security, operational accountability and information assurance. The TOE environment will be exposed to only a low level of risk because it is assumed that the TOE will be located in a restricted or monitored environment that provides almost constant protection from unauthorized and unmanaged access to the TOE and its data interfaces. Agents cannot physically access any nonvolatile storage without disassembling the TOE except for removable nonvolatile storage devices, where protection of user and TSF data is provided when such devices are removed from the TOE environment. Agents have limited or no means of infiltrating the TOE with code to effect a change and the TOE self-verifies its executable code to detect unintentional malfunctions.

This Validated Protection Profile is not assigned to any Validated Products

Please forward any questions or comments to pp-comments@niap-ccevs.org

--->