The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the Xerox WorkCentre M35/M45/M55 / WorkCentre Pro 35/45/55 Advanced Multifunction System with Image Overwrite Security was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Computer Sciences Corporation determined that the evaluation assurance level (EAL) for the product is EAL 2. The product, when configured and installed according to supplied guidance, satisfies all of the security functional requirements stated in the Security Target. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Computer Sciences Corporation. The evaluation was completed in May 2004. Results of the evaluation can be found in the Evaluation Technical Report for a Target of Evaluation for Xerox WorkCentre M35/M45/M55 / WorkCentre Pro 35/45/55 Advanced Multifunction System with Image Overwrite Security prepared by Computer Sciences Corporation.
","environmental_strengths":"The TOE provides the following security features:
\r\nImage Overwrite: The TOE implements an image overwrite function to overwrite temporary files created during the printing, network scan, or scan to e-mail processes. The network controller spools and processes the documents that are to be printed or scanned. Temporary files are created as a result of this processing on a reserved section of the hard disk drive. Once the job has completed, the files are overwritten using a three pass overwrite procedure as described in DOD 5800.28-M (Immediate Image Overwrite (IIO)). The overwrite function can also be invoked manually by the system administrator ("On Demand" Image Overwrite (ODIO)).
\r\nODIO is invoked by the system administrator via the tools/web interface. Once invoked, ODIO cancels all print and scan jobs, halts the printer interface (network), overwrites the contents of the reserved section on the hard disk, and then the network controller reboots.
\r\nCopy and fax data do not get written to disk, making overwriting of these jobs unnecessary.
\r\nSecurity Management: The TOE utilizes a simple authentication function through the front panel or web interface. Only authenticated system administrators have the capability to invoke or abort the ODIO function, enable or disable the IIO function, and change the system administrator PIN.
\r\nFax-Network Separation: The TOE has an architecture that provides separation between the optional FAX processing board and the network controller. This architecture ensures that a malicious user cannot access network resources from the telephone line via the TOE's optional FAX modem.
","features":[]}