The Lexmark MFP is a multi-functional printer system with scanning, fax, and networked capabilities. Its capabilities extend to walk-up scanning and copying, scanning to fax, scanning to email, and servicing print jobs through the network. The MFP also enables users to insert a USB Drive, which can be used as the source for print operations or the destination for scan operations. The MFP includes print, fax and scan functionality with an integrated touch-sensitive operator panel.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Lexmark X642e (firmware revision LC2.MB.P237) and X644e (firmware revision LC2.MC.P239b) Multifunction Printers (MFPs) meet the security requirements contained in the Security Target.
\r\n
\r\nThe criteria against which the Lexmark X642e (firmware revision LC2.MB.P237) and X644e (firmware revision LC2.MC.P239b) Multifunction Printers (MFPs) were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the Lexmark X642e (firmware revision LC2.MB.P237) and X644e (firmware revision LC2.MC.P239b) Multifunction Printers (MFPs) is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nA Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in June 2007. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
The TOE’s Security Functions are summarized as follows:
\r\n
\r\nFax Communications Control
\r\nThe Fax Communications Control security function assures that the information on the TOE, and the information on the network to which the TOE is attached, is not exposed through the phone line that provides connectivity for the analog fax function. Control of the fax functionality is incorporated directly into the TOE’s firmware. There is no mechanism by which telnet, FTP, or other network protocols can be sent or received over the analog fax line.
\r\n
\r\nUser Authentication
\r\nThe TOE’s display interface allows access to the print-from USB operation and the following types of scan-based operations to touch screen users: scan-to-fax, scan-to-copy, scan-to-USB, and scan-to-email. Each of these operations is restricted with the User Authentication function, which requires the touch screen user’s credentials to be submitted and validated before the TOE gives the touch screen user access to the operation. No identification or authentication is performed for network print users or inbound fax users.
\r\n
\r\nDevice Configuration Protection
\r\nThe configurable settings that control the behaviour of the MFP can only be modified after authentication with the TOE’s administrative credentials. In addition, management of the MFP occurs primarily via remote access utilizing HTTPS. These sessions provide protection against disclosure and modification via SSL v2 and v3 and TLS v1.
\r\n
\r\nTSF Self Protection
\r\nThe MFP protects itself by ensuring that security functions may not be bypassed by activities within the TSC and by implementing security domains that protect it from interference and tampering by untrusted subjects within the TSC.