PRODUCT DESCRIPTION

The Lexmark MFP is a multi-functional printer system with scanning, fax, and networked capabilities. Its capabilities extend to walk-up scanning and copying, scanning to fax, scanning to email, and servicing print jobs through the network. The MFP also enables users to insert a USB Drive, which can be used as the source for print operations or the destination for scan operations. The MFP includes print, fax and scan functionality with an integrated touch-sensitive operator panel.

The Lexmark MFP family included within this TOE includes an array of products that share a common set of functionality. Each of the MFPs included in the TOE includes a Hard Disk Drive (HDD) and security relevant functions relevant to the HDD.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Lexmark X646dte (firmware revision LC2.MC.P239b), X646e (firmware revision LC2.MC.P239b), X646ef (firmware revision LC2.TI.P239b), X772e (firmware revision LC2.TR.P275), X850e (firmware revision LC2.BE.P238b), X852e (firmware revision LC2.BE.P238b), X854e (firmware revision LC2.BE.P238b), X940e (firmware revision LC.BR.P060) and X945e (firmware revision LC.BR.P060) Multifunction Printers (MFPs) meet the security requirements contained in the Security Target.

The criteria against which the Lexmark X646dte (firmware revision LC2.MC.P239b), X646e (firmware revision LC2.MC.P239b), X646ef (firmware revision LC2.TI.P239b), X772e (firmware revision LC2.TR.P275), X850e (firmware revision LC2.BE.P238b), X852e (firmware revision LC2.BE.P238b), X854e (firmware revision LC2.BE.P238b), X940e (firmware revision LC.BR.P060) and X945e (firmware revision LC.BR.P060) Multifunction Printers (MFPs) were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the Lexmark X646dte (firmware revision LC2.MC.P239b), X646e (firmware revision LC2.MC.P239b), X646ef (firmware revision LC2.TI.P239b), X772e (firmware revision LC2.TR.P275), X850e (firmware revision LC2.BE.P238b), X852e (firmware revision LC2.BE.P238b), X854e (firmware revision LC2.BE.P238b), X940e (firmware revision LC.BR.P060) and X945e (firmware revision LC.BR.P060) Multifunction Printers (MFPs) is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.

A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in June 2007. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.

ENVIRONMENTAL STRENGTHS

The TOE’s Security Functions are summarized as follows:

Fax Communications Control
The Fax Communications Control security function assures that the information on the TOE, and the information on the network to which the TOE is attached, is not exposed through the phone line that provides connectivity for the analog fax function. Control of the fax functionality is incorporated directly into the TOE’s firmware. There is no mechanism by which telnet, FTP, or other network protocols can be sent or received over the analog fax line.

User Authentication
The TOE’s display interface allows access to the print-from USB operation and the following types of scan-based operations to touch screen users: scan-to-fax, scan-to-copy, scan-to-USB, and scan-to-email. Each of these operations is restricted with the User Authentication function, which requires the touch screen user’s credentials to be submitted and validated before the TOE gives the touch screen user access to the operation. No identification or authentication is performed for network print users or inbound fax users.

Device Configuration Protection
The configurable settings that control the behaviour of the MFP can only be modified after authentication with the TOE’s administrative credentials. In addition, management of the MFP occurs primarily via remote access utilizing HTTPS. These sessions provide protection against disclosure and modification via SSL v2 and v3 and TLS v1. In addition, the Hard Disk Sanitization function can only be invoked upon a special key sequence upon startup of the MFP.

Hard Disk Encryption & Sanitization
All user data files stored on the hard disk are automatically encrypted when files are saved and decrypted when files are retrieved. The encryption key is specific to the MFP and hard disk, therefore, all user data files on the hard disk are lost when the encryption key is destroyed. When directed by the System Administrator, the TOE will also sanitize the hard disk. This functionality ensures that any data present on the hard disk could not be recovered even if the encryption key was compromised

TSF Self Protection
The MFP protects itself by ensuring that security functions may not be bypassed by activities within the TSC and by implementing security domains that protect it from interference and tampering by untrusted subjects within the TSC.

Vendor Information

Lexmark International, Inc
Sean Gibbons
859-232-2000
859-232-2000 (Fax)
gibbonss@lexmark.com

http://www.lexmark.com