Compliant Product - Xerox ColorQube 9201/9202/9203 Multifunction Systems
Certificate Date: 20 December 2012
Validation Report Number: CCEVS-VR-VID10371-2012
Product Type: Multi Function Device
Conformance Claim: EAL2 Augmented with ALC_FLR.3
CC Testing Lab: Computer Sciences Corporation
The TOE is a multi-function device (MFD) that copies, prints, scans and faxes. The MFD contains an internal hard disk drive. Standard security functions include SSL, IPSec, SNMPv3, a host-based firewall, and an internal audit log. Users may be authenticated to the network or locally at the device. The evaluated configuration includes the Image Overwrite Security package, a consumer option. The Image Overwrite Security package causes any temporary image files to be erased from the internal hard disk drive when those files are no longer needed or on demand at the discretion of the system administrator.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the Xerox ColorQube™ 9201/9202/9203 were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 2. Computer Sciences Corporation determined that the evaluation assurance level (EAL) for the product is EAL 2+. The product satisfies all of the security functional requirements stated in the Security Target. Two validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Computer Sciences Corporation. The evaluation was completed in June 2012. Results of the evaluation can be found in the Evaluation Technical Report for a Target of Evaluation for Xerox ColorQube™ 9201/9202/9203 prepared by Computer Sciences Corporation.
The TOE provides the following security features:
The TOE provides secure communications over the SSL, IPSec, and SNMPv3 protocols. Remote management of the device is secured from the Web User Interface using HTTPS/SSL. Alternatively secure remote management is provided using a manager that supports SNMPv3. Secure scanning to a repository is provided using HTTPS/SSL. Secure printing is provided by using IPSec.
AES data encryption is used to protect all areas of the hard drive where user jobs are temporarily stored for processing.
The TOE can be configured to automatically overwrite files created during job processing. The TOE also has an on-demand function that overwrites the hard drive(s) on-demand of the system administrator. Contents stored on the hard disk are overwritten using a three pass overwrite procedure.
A user must authenticate prior to being granted access to the Local User Interface or the Web User Interface. Upon successful authentication, users are granted access based on their role and predefined privileges. The system administrator can configure session timeouts to terminate an inactive session after some period of time. TOE supports password and usernames, smart card authentication, LDAP v4, Kerberos v5 (Solaris) and Kerberos v5 (Windows 2000/2003).
The TOE generates audit logs that track events/actions (e.g., copy/print/scan/fax job completion) to identified users.
The TOE provides the ability for the system administrator to configure IPv4 filtering rules.
Fax / Network Separation
The TOE ensures separation between the optional fax processing board and the network controller. This architecture ensures that a malicious user cannot access network resources from the telephone line via the system’s optional fax modem.
The TOE restricts access to management functions and is capable of performing self-tests to verify integrity.