{"product_id":11270,"v_id":11270,"product_name":"Xerox® AltaLink™ EC8036 & EC8056","certification_status":"Certified","certification_date":"2022-06-14T00:00:00Z","tech_type":"Multi Function Device","vendor_id":{"name":"Xerox Corporation","website":"www.xerox.com"},"vendor_poc":"Jim Gorski","vendor_phone":"5854276774","vendor_email":"Jim.Gorski@xerox.com","assigned_lab":{"cctl_name":"Lightship Security USA, Inc."},"product_description":"<p>Product is a multi-function device that copies and prints with scan and fax capabilities.</p>","evaluation_configuration":"<p class=\"MsoBodyText\">The TOE evaluated configuration includes the Xerox&reg; AltaLink&trade; EC8036/EC8056 running system software version: 103.023.031.35105.</p>\r\n<table class=\"MsoTableGrid\" style=\"margin-left: 5.15pt; border-collapse: collapse; mso-table-layout-alt: fixed; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 1184; mso-padding-alt: 0in 5.4pt 0in 5.4pt;\" border=\"1\" width=\"569\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes;\">\r\n<td style=\"width: 129.3pt; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; background: #3771C8; padding: 0in 5.4pt 0in 5.4pt;\" width=\"172\">\r\n<p class=\"TableHeading\"><span style=\"mso-ansi-language: EN-US; mso-fareast-language: EN-GB; mso-bidi-language: HE;\">Model</span></p>\r\n</td>\r\n<td style=\"width: 120.45pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #3771C8; padding: 0in 5.4pt 0in 5.4pt;\" width=\"161\">\r\n<p class=\"TableHeading\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US; mso-fareast-language: EN-GB; mso-bidi-language: HE;\">Firmware Version</span></p>\r\n</td>\r\n<td style=\"width: 177.2pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #3771C8; padding: 0in 5.4pt 0in 5.4pt;\" width=\"236\">\r\n<p class=\"TableHeading\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-ansi-language: EN-US; mso-fareast-language: EN-GB; mso-bidi-language: HE;\">CPU / OS</span></p>\r\n</td>\r\n</tr>\r\n</thead>\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 1;\">\r\n<td style=\"width: 129.3pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"172\">\r\n<p class=\"TableText\"><span style=\"mso-fareast-language: EN-GB; mso-bidi-language: HE;\">AltaLink&trade; EC8036</span></p>\r\n</td>\r\n<td style=\"width: 120.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" rowspan=\"2\" valign=\"top\" width=\"161\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-fareast-language: EN-GB; mso-bidi-language: HE;\">103.023.031.35105</span></p>\r\n</td>\r\n<td style=\"width: 177.2pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" rowspan=\"2\" valign=\"top\" width=\"236\">\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-fareast-language: EN-GB; mso-bidi-language: HE;\">Intel Atom E3845 (Bay Trail) </span></p>\r\n<p class=\"TableText\" style=\"text-align: center;\" align=\"center\"><span style=\"mso-fareast-language: EN-GB; mso-bidi-language: HE;\">Wind River Linux 6.0 <br />(Linux 3.10 32-bit)</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2; mso-yfti-lastrow: yes;\">\r\n<td style=\"width: 129.3pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"172\">\r\n<p class=\"TableText\"><span style=\"mso-fareast-language: EN-GB; mso-bidi-language: HE;\">AltaLink&trade; EC8056</span></p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>","security_evaluation_summary":"<p class=\"TableText\">The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the <!-- [if supportFields]><span\r\nstyle='mso-element:field-begin'></span><span\r\nstyle='mso-spacerun:yes'> </span>DOCPROPERTY<span style='mso-spacerun:yes'> \r\n</span>\"TOE Name and Version\"<span style='mso-spacerun:yes'> \r\n</span>\\* MERGEFORMAT <span style='mso-element:field-separator'></span><![endif]-->Xerox Hardcopy Device (HCD)<!-- [if supportFields]><span style='mso-element:field-end'></span><![endif]--> was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 5. Lightship Security USA determined that the product is conformant to requirements for <!-- [if supportFields]><span\r\nstyle='mso-element:field-begin'></span><span\r\nstyle='mso-spacerun:yes'> </span>DOCPROPERTY<span style='mso-spacerun:yes'> \r\n</span>EAL<span style='mso-spacerun:yes'>  </span>\\* MERGEFORMAT <span\r\nstyle='mso-element:field-separator'></span><![endif]-->Protection Profile for Hardcopy Devices, Version 1.0<!-- [if supportFields]><span style='mso-element:field-end'></span><![endif]-->.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The product satisfies all of the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Lightship Security USA. The evaluation was completed in June 2022 in Austin, Texas. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11270-2022) prepared by CCEVS.</p>","environmental_strengths":"<p class=\"MsoNormal\">The TOE logical boundary is comprised of the following security functions:</p>\r\n<p class=\"MsoListParagraphCxSpFirst\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Identification and Authentication.</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\"> The TOE requires users and system administrators to authenticate before granting access to printer or system administration functions via EWS or the Control Panel. The TOE supports username/password and smartcard-based authentication.</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Security Audit.</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\"> The TOE generates logs of security relevant events. The TOE stores logs locally and is capable of sending log events to a remote audit server.</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Access Control.</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\"> The TOE enforces a system administrator defined rolebased access control policy.</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Security Management.</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\"> System administrators mange the TOE&rsquo;s security configuration via the Control Panel and/or EWS. The TOE allows filtering rules to be specified for IPv4 network connections based on IP address and port number.</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Trusted Operation.</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\"> The TOE preforms a suite of self-tests to verify correct operation during start-up and verifies the authenticity and integrity of firmware updates.</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Cryptographic Operations.</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\"> The TOE incorporates two cryptographic modules:</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: left; text-indent: -.25in; mso-list: l0 level2 lfo1; mso-layout-grid-align: none; text-autospace: none; margin: 0in 0in 0in 1.0in;\" align=\"left\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 12.0pt; font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Mocana</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">. Provides cryptographic services for hard disk encryption/decryption and encryption/decryption services for the IPSec protocol and for asymmetric key generation</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"mso-add-space: auto; text-align: left; text-indent: -.25in; mso-list: l0 level2 lfo1; mso-layout-grid-align: none; text-autospace: none; margin: 0in 0in 0in 1.0in;\" align=\"left\"><!-- [if !supportLists]--><span style=\"mso-bidi-font-size: 12.0pt; font-family: 'Courier New'; mso-fareast-font-family: 'Courier New';\"><span style=\"mso-list: Ignore;\">o<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">OpenSSL.</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\"> Provides cryptographic services for HTTPS/TLS and SSH encryption/decryption services.</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Storage Encryption</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">. The TOE stores temporary files created during a copy, print, scan and fax job on a single shared hard disk drive (HDD). All partitions of the HDD used for spooling temporary files are encrypted.</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Trusted Communication</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">. The TOE protects the integrity and confidentiality of communications as noted in section 2.2.3 of the ST.</span></p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">PSTN Fax-Network Separation</span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">. The TOE provides separation between the fax processing board and the network interface and therefore prevents an interconnection between the PSTN and the internal network. This separation is realized in software, as by design, these interfaces may only communicate via an intermediary.</span></p>\r\n<p class=\"MsoListParagraphCxSpLast\" style=\"margin-bottom: 0in; text-align: left; text-indent: -0.25in; padding-left: 40px;\" align=\"left\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">Data Clearing and Purging. </span></strong><span style=\"mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin;\">The image overwrite feature overwrites temporary image files created during a copy, print, scan or fax job when those files are no longer needed. Overwrite is also invoked at the instruction of a job owner or administrator and at start-up. The purge feature allows an authorized administrator to permanently delete all customer-supplied data on the TOE. This addresses residual data concerns when the TOE is decommissioned from service or redeployed to a different environment.</span></p>","features":[]}