Compliant Product - WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303

Certificate Date: 29 May 2013

Validation Report Number: CCEVS-VR-VID10499-2013

Product Type: Multi Function Device

Conformance Claim: EAL2 Augmented with ALC_FLR.3

PP Identifier: U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std. 2600.2™-2009)

CC Testing Lab: Computer Sciences Corporation


Maintenance Releases:


PRODUCT DESCRIPTION

The Xerox WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303 are multi-function devices (MFD) that copy, print, scan and fax. Each MFD contains an internal hard disk drive. Standard security functions include SSL, IPSec, a host-based firewall, and an internal audit log. Users may be authenticated to the network or locally at the device. The evaluated configuration includes the Image Overwrite Security package that causes any temporary image files to be erased from the internal hard disk drive when those files are no longer needed or on demand at the discretion of the system administrator.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against that the Xerox WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303 were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 3. Computer Sciences Corporation determined that the evaluation assurance level (EAL) for the product is EAL 2+.  The product satisfies all of the security functional requirements stated in the Security Target. Two validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Computer Sciences Corporation. The evaluation was completed in April 2013. Results of the evaluation can be found in the Evaluation Technical Report for Xerox WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303 prepared by Computer Sciences Corporation.

ENVIRONMENTAL STRENGTHS

The TOE provides the following security features:

Communications Security

The TOE supports the following secure communication protocols: TLS for Web UI; SFTP and TLS for document transfers to the remote file depository; IPsec for communication over IPv4 and IPv6; and Kerberos and TLS for remote authentication.

Disk Encryption

AES data encryption is used to protect all areas of the hard drive where user jobs are temporarily stored for processing.

Image Overwrite

The TOE implements an image overwrite security function to overwrite all temporary files created during processing of jobs.

Authentication

A user must authenticate prior to being granted access to the Local User Interface or the Web User Interface. Upon successful authentication, users are granted access based on their role and predefined privileges. The system administrator can configure session timeouts to terminate an inactive session after some period of time. TOE supports password and usernames, smart card authentication, LDAP v4, Kerberos v5 (Solaris) and Kerberos v5 (Windows 2000/2003/2008).

Security Audit

The TOE generates audit logs that track events/actions (e.g., copy/print/scan/fax job completion) to identified users. 

IP Filtering

The TOE provides the ability for the system administrator to configure IPv4 filtering rules.

Information Flow Security

The TOE prevents unintentional transmission of data between its interfaces and the network and/or PSTN to which the TOE is connected.

Security Management

The TOE restricts access to management functions and is capable of performing self-tests to verify integrity.

Vendor Information

logo
Xerox Corporation
Alan Sukert
585-427-1413
alan.sukert@xerox.com

http://www.xerox.com