- Product Name :
- Xerox VersaLink C7020/C7025/C7030 Color Multifunction Printer Diskless models
- Version of TOE :
- Controller ROM Ver. 1.11.33, FAX ROM Ver. 2.0.8
- Product Type :
- Multi-Function Device
- Certification No. :
- Date :
- Version of Common Criteria:
- 3.1 Release4
- Conformance Claim :
- EAL2 Augmented by ALC_FLR.2
- PP Identifier :
- Vendor :
- Xerox Corporation
- POC :
- Tim Hinton
- Division :
- Mid Products Business Unit, Workplace Solutions Business Group
- Phone :
- E-mail :
- Evaluation Facility :
- Information Technology Security Center
Description of TOE
The TOE is the Multi-Function Device (MFD) that provides such functions as copy, print, network scan, and fax.
The TOE is assumed to be used at general office, from the control panel, public telephone line, clients (for general user and system administrator) and servers which are connected to the TOE via internal network, and general user client which is directly connected to the TOE.
TOE security functionality
To ensure the security of assets to be protected, the TOE provides the following security functions for using the above basic functions:
|-||Flash Memory Data Encryption
A function to encrypt the document data before the data is stored into the internal SD memory.
A function to identify and authenticate users. This function also allows only owners of document data and system administrators to handle document data stored in the TOE.
|-||System Administrator's Security Management
A function to allow only system administrators to configure the settings of security functions.
|-||Customer Engineer Operation Restriction
A function to allow only system administrators to configure the settings for restricting customer engineer operations.
|-||Security Audit Log
A function to generate audit logs of security events and allow only system administrators to refer to them.
|-|| Internal Network Data Protection
A function to protect communication data by using encryption communication protocols.
|-||Fax Flow Security
A function to restrict the unpermitted communication between public telephone line and internal network.
A function to verify the integrity of TSF executable code and TOE setting data.
Security functional requirements
This TOE implements the following security functional requirements.
|Security audit||Non-repudiation of origin/receipt||Cryptographic functionality||Access control|
|Data authentication||Export data protection||Information flow control||Import data protection|
|Internal transfer data protection||Residual information protection||Rollback||Stored data integrity|
|Transfer data confidentiality||Transfer data integrity||Identification and authentication||Security management|
|Privacy Control||Security functionality protection||Resource utilisation management||TOE access control|
|Trusted path/channels||Random number generation|