NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Xerox® AltaLink™ C8030, C8035, C8045, C8055, C8070

Certificate Date:  2017.11.20

Validation Report Number:  CCEVS-VR-VID10788-2017

Product Type:    Multi Function Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Hardcopy Devices Version 1.0

CC Testing Lab:

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The Target of Evaluation (TOE) is a multi-function device, Xerox® Multi-Function Device AltaLink™ C8030/C8035/C8045/C8055/C8070, that copies and prints with scan and fax capabilities.

The TOE copies and prints with scan and fax capabilities.  The Xerox Embedded Fax Accessory provides local analog fax capability over Public Switched Telephone Network (PSTN) connections and also enables LanFax .

Xerox’s Workflow Scanning Accessory is part of the TOE configuration. This accessory allows documents to be scanned at the device with the resulting image being sent via email, transferred to a remote file repository, kept in a private (scan) mailbox or placed on a personal USB storage device.

The TOE can integrate with an IPv4 network with native support for DHCP.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the Xerox HCD  was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4. Computer Sciences Corporation determined that the product is conformant to requirements for Protection Profile for Network Hardcopy Devices, Version 1.0, version 3.0.  The product satisfies all of the security functional requirements stated in the Security Target. Two validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by DXC Technology. The evaluation was completed in Annapolis Junction, MD. Results of the evaluation can be found in Assurance Activity Report for  Xerox HCD  prepared by DXC Technology.

Environmental Strengths

Identification and Authentication

In the evaluated configuration, the TOE requires users and system administrators to authenticate before granting access to user (copy, print, fax, etc.) or system administration functions via the Web User Interface (Web UI) or the Local User Interface (LUI). The user or system administrator must enter a username and password at either the Web UI or the LUI. The password is obscured as it is being entered. The TOE provides role based access control as configured by the system administrator.

The TOE also supports smart card, Kerberos and Lightweight Directory Access Protocol (LDAP) for network authentication.

Security Audit

The TOE generates audit logs that track events/actions (e.g., print/scan/fax job submission) to identified users.  The audit logs, which are stored locally in a 15000 entry circular log, are available to TOE administrators and can be exported in comma separated format for viewing and analysis.

Access Control

The TOE enforces a system administrator defined role based access control policy. Only authenticated users assigned to roles with the necessary privileges are allowed to perform copy, print, scan or fax on the TOE via the Web UI or the LUI.

Unauthenticated users can submit print or LanFax jobs to the TOE via printing protocols. Release of unauthenticated print jobs to the hardcopy output handler is dependent on the system administrator defined policy.

The TOE allows filtering rules to be specified for IPv4 network connections based on IP address and port number.

Security Management

A Local User, via the local user interface, or a Remote User, via the browser-based interface, with administrative privileges can configure the security settings of the TOE. The TOE has the capability to assign Users to roles that distinguish Users who can perform administrative functions from Users who can perform User functions via a role based access control policy. The TOE also has the capability to protect its security settings from unauthorized disclosure and alteration when they are stored in the TOE and in transit to or from the browser-based interface.

Trusted Operation

The TOE includes a software image verification feature and Embedded Device Security which employs McAfee software to detect and prevent unauthorized execution and  modification of TOE software.


The TOE utilizes digital signature generation and verification (RSA), data encryption (AES), key establishment (RSA) and cryptographic checksum generation and secure hash computation (HMAC, SHA-1) in support of disk encryption, SSH, TLS, TLS/HTTPS, TLS/SMTP and IPsec. The TOE also provides random bit generation in support of cryptographic operations.

The TOE stores temporary image data created during a copy, print, scan and fax job on the single shared hard disk drive (HDD) that is field replaceable.  This temporary image data consists of the original data submitted and additional files created during a job.  All partitions of the HDD used for spooling temporary files are encrypted.  The hard drive encryption key is derived from a BIOS saved passphrase and is the same value after each power-up (see KMD for details).

Trusted Communication

The TOE provides support for several secure communication protocols:

·         Transport Layer Security (TLS) support is available for protecting communication over the Web User Interface (Web UI) and SMTP email communications.

·         Secure Shell (SSH) File Transfer Protocol (SFTP) and TLS are available for protecting document transfers to a remote file depository.

·         Internet Protocol Security (IPsec) support is available for protecting communication over IPv4 networks.

·         TLS support is available for protecting communication with a remote authentication server.

PSTN Fax-Network Separation

The TOE provides separation between the fax processing board and the network interface and therefore prevents an interconnection between the PSTN and the internal network.  This separation is realized in software, as by design, these interfaces may only communicate via an intermediary.

Data Clearing and Purging

The image overwrite feature overwrites temporary image files created during a copy, print, scan or fax job when those files are no longer needed. Overwrite is also invoked at the instruction of a job owner or administrator and at start-up. The purge feature allows an authorized administrator to permanently delete all customer-supplied data on the TOE. This addresses residual data concerns when the TOE is decommissioned from service or redeployed to a different environment.

Vendor Information

Alan Sukert
Site Map              Contact Us              Home