Assurance Continuity - Xerox® AltaLink™ C8030 / C8035 / C8045 / C8055 / C8070
Date of Maintenance Completion:
2021.06.22
CC Certificate Product Type: Multi Function Device Conformance Claim: Protection Profile Compliant PP Identifier: Protection Profile for Hardcopy Devices Version 1.0 Original Evaluated TOE: 2019.07.22 - Xerox® AltaLink™ C8030 / C8035 / C8045 / C8055 / C8070 ![]() ![]() ![]() Administrative Guide ![]()
Please note:
The above files are for the Original Evaluated TOE.
Consequently, they do not refer to this maintained version, although they apply to the maintained version.
Security Target ![]() ![]() ![]()
Please note:
This serves as an addendum to the VR for the Original Evaluated TOE.
*
This is the Security Target (ST) associated with this latest Maintenance Release.
To view previous STs for this TOE, click here.
Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation. Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.
Product Description
Description of ASE Changes: Changes to the Security Target (since version 0.9 described in [MR1]) are as follows: a) Document version b) Copyright year c) Remove DXC.technology d) Firmware version updated with new patch 553131v3.dlm e) FMT_SMF.1.1 – remove assignment to enable/disable disk encryption (always enabled) Description of ALC Changes: The CI List was updated with the new Security Target revision. No other documentation was affected. Description of AGD Changes: Changes to the [AGD] (since version 1.7 described in [MR1]) are as follows: a) Document version b) Copyright year c) Remove configuration steps for enabling and disabling data encryption. d) State that data encryption is enabled by default at the factory and cannot be disabled. Assurance Continuity Maintenance Report: · Lightship submitted an Impact Analysis Report (IAR) on behalf of Xerox for the Xerox Multi-Factor Device Security Target Xerox® AltaLink™ C8030 / C8035 / C8045 / C8055 / C8070. · The Impact Analysis Report (IAR) document the changes incorporated into Software Patch 553131v3.dlm which addresses public vulnerabilites/CVEs as shown in the table below. The IAR indicates that the impact of all the individual changes is minor so it concludes that the sum of all the changes to the TOE have only minor impact. · There are no changes to the IT Environment · There are no changes to the Development Environment
Table: TOE Changes to address CVEs
Vendor InformationXerox Alan Sukert 585-427-1413 Alan.Sukert@Xerox.com www.xerox.com |