{"product_id":1010,"v_id":1010,"product_name":"Canon imageRUNNER 2200/2800/3300 Series Software Version iR2200N-USen50.06 with Security Kit B1 ","certification_status":"Not Certified","certification_date":"2004-06-16T00:06:00Z","tech_type":"Miscellaneous","vendor_id":{"name":"Canon U.S.A., Inc.","website":"http://www.canonusa.com/html/canonindex.html"},"vendor_poc":"Chris Sedlacek","vendor_phone":"516.328.5642","vendor_email":"csedlacek@cusa.canon.com","assigned_lab":{"cctl_name":"COACT, Inc. Labs"},"product_description":"<p>The TOE is the software that drives the imageRUNNER copier and contains the Complete Erase feature. During print, scan, fax, and copy job processing, the imageRUNNER stores images as files on the hard disk drive. Consequently, there is a risk that these images could be disclosed during subsequent jobs. To mitigate this risk, the Complete Erase feature provides the capability to completely overwrite files on the imageRUNNER hard disk drive once the images are no longer needed.</p>\r\n<p>It should be noted that the imageRUNNER devices are not delivered with the &ldquo;Complete Erase&rdquo; functionality enabled; it is the responsibility of the consumer to ensure an authorized Canon Service Technician (CST) applies Security Kit B1 and sets the erase mode. Once this Security Kit is installed, the consumer must ensure that the &ldquo;Complete Erase&rdquo; function is enabled using the System Manager interface. If these steps are not taken by the consumer, the residual information protection offered by this TOE will not be employed.<br />\r\n</p>","evaluation_configuration":null,"security_evaluation_summary":"<p>The evaluation was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the Canon imageRUNNER 2200/2800/3300 Software Version 50.06 with Security Kit B1 Sensitive Data Protection product meets the EAL3 security assurance requirements according to the Common Criteria for Information Technology Security Evaluation, Version 2.1 and Part 2 of the Common Methodology for Information Technology Security Evaluation, Version 1.0. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by COACT, Inc. CAFE Lab. The evaluation was completed on 10 May 2004. The results of the Canon imageRUNNER 2200/2800/3300 Software Version 50.06 with Security Kit B1 Sensitive Data Protection product evaluation can be found in Canon imageRUNNER 2200/2800/3300 Software Version 50.06 with Security Kit B1 Validation Report, CCEVS-VR-04-0063, prepared by the CCEVS Validation Team.</p>","environmental_strengths":"<p>The TOE provides a Residual Information Protection Security Policy through the implementation of the following security functions:</p>\r\n<p><strong>Complete Erase: </strong>Eliminates residual information by overwriting the data memory space with either: NULL data once, random data once, or random data three times.\r\n</p>\r\n<p><strong>System Manager Logon: </strong>The System Manager Logon feature ensures that only authorized System Managers can access the interface used to activate and deactivate the Complete Erase function. The System Manager credentials, a seven digit password and a numeric user id, are set using the System Manager Settings user interface. Once set, the credentials can only be changed by an authorized System Manager. The System Manager Logon feature is invoked before access to the Complete Erase feature settings is allowed. Entering invalid credentials results in a failed logon attempt and a redisplay of the logon screen after a one second delay.</p>\r\n<p><strong>Security Management:</strong> Once the System Manager successfully logs in to the administrative interface, the System Manager has the ability to activate or deactivate the Complete Erase functionality.</p>","features":[]}