Compliant Product - Xerox® AltaLink™ C8030 / C8035 / C8045 / C8055 / C8070
Certificate Date: 2019.07.22CC Certificate Security Target * Validation Report
Validation Report Number: CCEVS-VR-VID10955-2019
Product Type: Multi Function Device
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Hardcopy Devices Version 1.0
CC Testing Lab: DXC.technology
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
Product is a multi-function device that copies and prints with scan and fax capabilities.
The Target of Evaluation (TOE) is the Xerox multi-function device (MFD) Xerox® AltaLink™ C8030 / C8035 / C8045 / C8055 / C8070. The TOE copies and prints with scan and fax capabilities. The Xerox Embedded Fax Accessory provides local analog fax capability over Public Switched Telephone Network (PSTN) connections and also enables LanFax.
Xerox’s Workflow Scanning Accessory is part of the TOE configuration. This accessory allows documents to be scanned at the device with the resulting image being sent via email, transferred to a remote file repository or kept in a private (scan) mailbox.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the Xerox HCD was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4. Computer Sciences Corporation determined that the product is conformant to requirements for Protection Profile for Network Hardcopy Devices, Version 1.0, version 3.0. The product satisfies all of the security functional requirements stated in the Security Target. Two validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by DXC Technology. The evaluation was completed in Annapolis Junction, MD. Results of the evaluation can be found in Assurance Activity Report for Xerox HCD prepared by DXC Technology.
The TOE logical boundary is comprised of the following security functions:
· Identification and Authentication
· Security Audit
· Access Control
· Security Management
· Trusted Operation
· Trusted Communication
· PSTN Fax-Network Separation
· Data Clearing and Purging