{"product_id":10510,"v_id":10510,"product_name":"Lexmark MX511h(LW20.SB4.P231CC), MX611h(LW20.SB7.P231CC), MX710h(LW20.TU.P231CC), MX711h(LW20.TU.P231CC), MX810(LW20.TU.P231CC), MX811(LW20.TU.P231CC), MX812(LW20.TU.P231CC), XM7155(LW20.TU.P231CC), XM7163(LW20.TU.P231CC), XM7170(LW20.TU.P231CC), CX510h(LW20.GM7.P231CC) and XC2132(LW20.GM7.P231CC) Multi-Function Printers","certification_status":"Not Certified","certification_date":"2014-01-31T00:01:00Z","tech_type":"Miscellaneous, Multi Function Device","vendor_id":{"name":"Lexmark International, Inc.","website":"http://www.lexmark.com"},"vendor_poc":"Sean Gibbons","vendor_phone":"859-232-2000","vendor_email":"gibbonss@lexmark.com","assigned_lab":{"cctl_name":"COACT, Inc. Labs"},"product_description":"<p>The TOE provides the following functions related to MFPs:</p>\r\n<p>A)&nbsp;&nbsp;&nbsp; Printing &ndash; producing a hardcopy document from its electronic form</p>\r\n<p>B)&nbsp;&nbsp;&nbsp; Scanning &ndash; producing an electronic document from its hardcopy form</p>\r\n<p>C)&nbsp;&nbsp;&nbsp; Copying &ndash; duplicating a hardcopy document</p>\r\n<p>D)&nbsp;&nbsp;&nbsp; Faxing &ndash; scanning documents in hardcopy form and transmitting them in electronic form over telephone lines, and receiving documents in electronic form over telephone lines and printing them in hardcopy form</p>\r\n<p>All of the MFPs included in this evaluation provide the same security functionality. Their differences are in the speed of printing and support for color operations.</p>","evaluation_configuration":null,"security_evaluation_summary":"<p>The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. &nbsp;The evaluation demonstrated that the Lexmark MX511h(LW20.SB4.P231CC), MX611h(LW20.SB7.P231CC), MX710h(LW20.TU.P231CC), MX711h(LW20.TU.P231CC), MX810(LW20.TU.P231CC), MX811(LW20.TU.P231CC), MX812(LW20.TU.P231CC), XM7155(LW20.TU.P231CC), XM7163(LW20.TU.P231CC), XM7170(LW20.TU.P231CC), CX510h(LW20.GM7.P231CC) and XC2132(LW20.GM7.P231CC) Multi-Function Printers meet the security requirements contained in the Security Target.</p>\r\n<p>The criteria against which the Lexmark Multi-Function Printers were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. &nbsp;The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1.</p>\r\n<p>The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the Lexmark Multi-Function Printers is EAL 2 augmented with ALC_FLR.2.&nbsp;&nbsp;&nbsp; The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.</p>\r\n<p>A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in January 2014. &nbsp;Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.</p>","environmental_strengths":"<p>The TOE&rsquo;s Security Functions are:</p>\r\n<p><strong>Audit Generation</strong> - The TOE generates audit event records for security-relevant events and transmits them to a remote IT system using the syslog protocol.</p>\r\n<p><strong>Identification and Authentication</strong> - The TOE supports I&amp;A with a per-user selection of internal accounts (processed by the TOE) or integration with an external LDAP server (in the operational environment).&nbsp; PKI authentication may also be specified, in which case all authentication must use PKI.&nbsp; A Backup Password mechanism may also be enabled.</p>\r\n<p><strong>Access Controls</strong> - Access controls configured for functions (e.g. fax usage) and menu access are enforced by the TOE.</p>\r\n<p><strong>Management</strong> - Through web browser sessions, authorized administrators may configure access controls and perform other TOE management functions.</p>\r\n<p><strong>Operator Panel Lockout</strong> - Authorized users may lock and unlock the touch panel.&nbsp; When the touch panel is locked, print jobs are still accepted but they are queued on the disk drive until the touch panel is unlocked.</p>\r\n<p><strong>Fax Separation</strong> - The TOE ensures that only fax traffic is sent or received via the attached phone line.&nbsp; Incoming traffic is processed as fax data only; no management access or other data access is permitted.&nbsp; In the evaluated configuration, the only source for outgoing faxes is the scanner.</p>\r\n<p><strong>Hard Disk Encryption</strong> - All use data submitted to the TOE and stored on the hard disk is encrypted to protect its confidentiality in the event the hard drive was to be removed from the TOE.</p>\r\n<p><strong>Disk Wiping</strong> - In the evaluated configuration, the TOE automatically overwrites disk blocks used to store user data as soon as the data is no longer required.&nbsp; The mechanism used to perform the overwrite complies with NIST SP800-88, and the DSS \"Clearing and Sanitization Matrix\" (C&amp;SM)</p>\r\n<p><strong>Secure Communication</strong> - The TOE protects the confidentiality and integrity of all information exchanged over the attached network by using IPSec with ESP for all network communication.</p>\r\n<p><strong>Self Test</strong> - During initial start-up, the TOE performs self tests on its hardware components and the integrity of the building blocks and security templates.</p>","features":[]}