Xerox WorkCentre 5845 Operation manual
Document Version 2.0, Revision 2.0
Xerox Multi-Function Device
Security Target
WorkCentre 5845, 5855, 5865, 5875,
5890, 7220, 7225, 7830, 7835, 7845, 7855
& ColorQube 9301, 9302, 9303
Prepared by:
Xerox Corporation
Computer Sciences Corporation
800 Phillips Road
7231 Parkway Drive
Webster, New York 14580
Hanover, Maryland 21076
ii
Copyright2013 Xerox Corporation. All rights reserved.
©2013 Xerox Corporation. All rights reserved. Xerox and the sphere of connectivity design are
trademarks of Xerox Corporation in the United States and/or other counties.
All copyrights referenced herein are the property of their respective owners. Other company trademarks
are also acknowledged.
Document Version: 2.0 (November 2013).
Xerox Multi-Function Device Security Target
3
Copyright2013 Xerox Corporation. All rights reserved.
Table of Contents
1. INTRODUCTION........................................................................................................6
1.1. ST AND TOE IDENTIFICATION.......................................................................................................6
1.2. TOE OVERVIEW ........................................................................................................................7
1.2.1. Usage and Security Features............................................................................................7
1.2.2. TOE Type ........................................................................................................................10
1.2.3. Required Non-TOE Hardware, Software and Firmware .................................................10
1.3. TOE DESCRIPTION ...................................................................................................................11
1.3.1. Physical Scope of the TOE ..............................................................................................11
1.3.2. Logical Scope of the TOE ................................................................................................12
1.4. EVALUATED CONFIGURATION.....................................................................................................15
2. CONFORMANCE CLAIMS......................................................................................16
2.1. COMMON CRITERIA CONFORMANCE CLAIMS ................................................................................16
2.2. PROTECTION PROFILE CLAIMS ....................................................................................................16
2.3. PACKAGE CLAIMS ....................................................................................................................16
2.4. RATIONALE .............................................................................................................................17
3. SECURITY PROBLEM DEFINITION.......................................................................19
3.1. DEFINITIONS ...........................................................................................................................19
3.1.1. Users ..............................................................................................................................19
3.1.2. Objects (Assets) ..............................................................................................................19
3.1.3. Operations......................................................................................................................21
3.1.4. Channels.........................................................................................................................21
3.2. ASSUMPTIONS.........................................................................................................................22
3.3. THREATS ................................................................................................................................23
3.3.1. Threats Addressed by the TOE .......................................................................................23
3.3.2. Threats Addressed by the IT Environment......................................................................23
3.4. ORGANIZATIONAL SECURITY POLICIES ..........................................................................................24
4. SECURITY OBJECTIVES........................................................................................25
4.1. SECURITY OBJECTIVES FOR THE TOE............................................................................................25
4.2. SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT ..........................................................26
4.3. SECURITY OBJECTIVES FOR THE NON-IT ENVIRONMENT ..................................................................27
4.4. RATIONALE FOR SECURITY OBJECTIVES .........................................................................................27
5. EXTENDED COMPONENTS DEFINITION..............................................................33
5.1. FPT_FDI_EXP RESTRICTED FORWARDING OF DATA TO EXTERNAL INTERFACES ....................................33
6. SECURITY REQUIREMENTS .................................................................................36
6.1. CONVENTIONS ........................................................................................................................36
6.2. TOE SECURITY POLICIES............................................................................................................37
6.2.1. IP Filter SFP.....................................................................................................................37
6.2.2. User Access Control SFP .................................................................................................37
6.2.3. TOE Function Access Control SFP ...................................................................................39
6.3. SECURITY FUNCTIONAL REQUIREMENTS .......................................................................................40
6.3.1. Class FAU: Security audit................................................................................................41
6.3.2. Class FCO: Communication ............................................................................................43
6.3.3. Class FCS: Cryptographic support...................................................................................43
Xerox Multi-Function Device Security Target
4
Copyright2013 Xerox Corporation. All rights reserved.
6.3.4. Class FDP: User data protection.....................................................................................45
6.3.5. Class FIA: Identification and authentication ..................................................................48
6.3.6. Class FMT: Security management ..................................................................................50
6.3.7. Class FPR: Privacy...........................................................................................................54
6.3.8. Class FPT: Protection of the TSF .....................................................................................54
6.3.9. Class FTA: TOE access.....................................................................................................55
6.3.10. Class FTP: Trusted paths/channels ............................................................................55
6.4. EXPLICITLY STATED REQUIREMENTS FOR THE TOE..........................................................................56
6.4.1. FPT_FDI_EXP.1 Restricted forwarding of data to external interfaces ............................56
6.5. TOE SECURITY ASSURANCE REQUIREMENTS .................................................................................56
6.6. RATIONALE FOR SECURITY FUNCTIONAL REQUIREMENTS .................................................................57
6.7. RATIONALE FOR SECURITY ASSURANCE REQUIREMENTS...................................................................64
6.8. RATIONALE FOR DEPENDENCIES..................................................................................................65
6.8.1. Security Functional Requirement Dependencies ............................................................65
6.8.2. Security Assurance Requirement Dependencies ............................................................67
7. TOE SUMMARY SPECIFICATION..........................................................................69
7.1. TOE SECURITY FUNCTIONS........................................................................................................69
7.1.1. Image Overwrite (TSF_IOW) ..........................................................................................69
7.1.2. Information Flow Security (TSF_FLOW)..........................................................................70
7.1.3. Authentication (TSF_ AUT) .............................................................................................71
7.1.4. Network Identification (TSF_NET_ID).............................................................................71
7.1.5. Security Audit (TSF_FAU)................................................................................................72
7.1.6. Cryptographic Operations (TSF_FCS) .............................................................................72
7.1.7. User Data Protection –Disk Encryption (TSF_FDP_UDE) ...............................................73
7.1.8. User Data Protection –IP Filtering (TSF_FDP_FILTER) ...................................................73
7.1.9. Network Security (TSF_NET_SEC)...................................................................................73
7.1.10. Security Management (TSF_FMT) .............................................................................73
8. GLOSSARY..............................................................................................................77
9. ACRONYMS.............................................................................................................81
10. BIBLIOGRAPHY......................................................................................................83
Xerox Multi-Function Device Security Target
5
Copyright2013 Xerox Corporation. All rights reserved.
List of Figures
FIGURE 1: XEROX WORKCENTRE 5845/5855/5865/5875/5890......................................................................7
FIGURE 2: XEROX WORKCENTRE 7220/7225 ..................................................................................................8
FIGURE 3: XEROX WORKCENTRE 7830/7835/7845/7855 ...............................................................................8
FIGURE 4: XEROX COLORQUBE 9301/9302/9303 ...........................................................................................8
List of Tables
TABLE 1: ST AND TOE IDENTIFICATION .............................................................................................................6
TABLE 2: MODELS AND CAPABILITIES ...............................................................................................................9
TABLE 3: EVALUATED SOFTWARE VERSION ......................................................................................................11
TABLE 4: SYSTEM USER AND ADMINISTRATOR GUIDANCE..................................................................................11
TABLE 5: IEEE STD.2600.2-2009 COMMON SFR AUGMENTATIONS ..................................................................17
TABLE 6: IEEE STD.2600.2-2009 PACKAGE AUGMENTATIONS ..........................................................................18
TABLE 7: USERS.........................................................................................................................................19
TABLE 8: USER DATA ..................................................................................................................................20
TABLE 9: TSF DATA ....................................................................................................................................20
TABLE 10: TSF DATA CATEGORIZATION ..........................................................................................................20
TABLE 11: SFR PACKAGE FUNCTIONS FOR IEEE STD.2600.2-2009 ...................................................................21
TABLE 12: ASSUMPTIONS FOR THE TOE .........................................................................................................22
TABLE 13: THREATS TO USER DATA................................................................................................................23
TABLE 14: THREATS TO TSF DATA .................................................................................................................23
TABLE 15: ORGANIZATIONAL SECURITY POLICIES..............................................................................................24
TABLE 16: SECURITY OBJECTIVES FOR THE TOE................................................................................................25
TABLE 17: SECURITY OBJECTIVES FOR THE IT ENVIRONMENT...............................................................................26
TABLE 18: SECURITY OBJECTIVES FOR THE NON-IT ENVIRONMENT .......................................................................27
TABLE 19: COMPLETENESS OF SECURITY OBJECTIVES .........................................................................................28
TABLE 20: SUFFICIENCY OF SECURITY OBJECTIVES .............................................................................................28
TABLE 21: USER ACCESS CONTROL SFP ..........................................................................................................37
TABLE 22: ATTRIBUTES DEFINITION................................................................................................................38
TABLE 23: TOE SECURITY FUNCTIONAL REQUIREMENTS .....................................................................................40
TABLE 24: AUDIT DATA REQUIREMENTS ..........................................................................................................42
TABLE 25: CRYPTOGRAPHIC OPERATIONS ........................................................................................................43
TABLE 26: CRYPTOGRAPHIC KEY GENERATION ..................................................................................................44
TABLE 27: CRYPTOGRAPHIC KEY DISTRIBUTION .................................................................................................45
TABLE 28: IEEE 2600.2 SECURITY ASSURANCE REQUIREMENTS...........................................................................56
TABLE 29: COMPLETENESS OF SECURITY FUNCTIONAL REQUIREMENTS...................................................................58
TABLE 30: SUFFICIENCY OF SECURITY FUNCTIONAL REQUIREMENTS.......................................................................59
TABLE 31: SFR DEPENDENCIES SATISFIED ........................................................................................................65
TABLE 32: EAL2 (AUGMENTED WITH ALC_FLR.3) SAR DEPENDENCIES SATISFIED..................................................67
TABLE 33: ACRONYMS.................................................................................................................................81
Xerox Multi-Function Device Security Target
6
Copyright2013 Xerox Corporation. All rights reserved.
1. Introduction
This Security Target (ST) specifies the security claims of the WorkCentre
5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 &
ColorQube 9301, 9302, 9303 in accordance with the requirements of the
Common Criteria (CC).
1.1. ST and TOE Identification
Table 1 below presents key identification details relevant to the CC evaluation
of the WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835,
7845, 7855 & ColorQube 9301, 9302, 9303.
Table 1: ST and TOE identification
ST Title:
Xerox Multi-Function Device Security Target, WorkCentre 5845,
5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 &
ColorQube 9301, 9302, 9303
ST Version:
2.0
Revision Number:
2.0
Publication Date:
25 November 2013
Authors:
CSC Security Testing/Certification Laboratories, Xerox
Corporation
TOE Identification:
WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830,
7835, 7845, 7855 & ColorQube 9301, 9302, 9303
(see section 1.3.1 for software version numbers)
EAL:
EAL2+ (ALC_FLR.3)
ST Evaluator:
CSC Security Testing/Certification Laboratories
Keywords:
Xerox, Multi-Function Device, Image Overwrite, WorkCentre™,
ColorQube™, Printer, Scanner, Copier, Facsimile, Fax,
Document Server, Document Storage and Retrieval, Disk
overwrite, All-In-One, MFD, MFP, ISO/IEC 15408, Common
Criteria, FIPS, Protection Profile, Security Target
Xerox Multi-Function Device Security Target
7
Copyright2013 Xerox Corporation. All rights reserved.
1.2. TOE Overview
1.2.1. Usage and Security Features
The WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835,
7845, 7855 & ColorQube 9301, 9302, 9303, the Target of Evaluation (TOE),
is a multi-function device (MFD) that copies and prints with scan and fax
options. The optional Xerox Embedded Fax Accessory provides local analog
fax capability over Public Switched Telephone Network (PSTN) connections
and also enables LanFax1.
Xerox’s Workflow Scanning Accessory is part of the TOE configuration. This
accessory allows documents to be scanned at the device with the resulting
image being sent via email, transferred to a remote file repository, kept in a
private (scan) mailbox or placed on a personal USB storage device.
The TOE can integrate with an IPv4 or IPv6 network with native support for
DHCP/DHCPv6. The hardware included in the TOE is shown in the following
figures.
Figure 1: Xerox WorkCentre 5845/5855/5865/5875/5890
1LanFax enables fax jobs to be submitted from the desktop via printing protocols.
Xerox Multi-Function Device Security Target
8
Copyright2013 Xerox Corporation. All rights reserved.
Figure 2: Xerox WorkCentre 7220/7225
Figure 3: Xerox WorkCentre 7830/7835/7845/7855
Figure 4: Xerox ColorQube 9301/9302/9303
Xerox Multi-Function Device Security Target
9
Copyright2013 Xerox Corporation. All rights reserved.
Table 2 below shows the various models and capabilities of the TOE. The
models vary in printing speed, paper capacity and available finsher options.
Table 2: Models and capabilities
WC58xx
WC72xx
WC78xx
CQ93xx
Copy
X
X
X
X
Print
X
X
X
X
Scan
X
X
X
X
Fax
Optional
CAC reader
Optional
Differences
Printing speed, paper capacity and available finsher options.
The TOE provides the following security features:
Image overwrite. This feature overwrites temporary image files
created during a copy, print, scan or fax job when those files are no
longer needed. Overwrite is also invoked at the instruction of a job
owner or administrator and at start-up.
Hard disk encryption. The TOE stores temporary image data created
during a copy, print, scan and fax job on the single shared hard disk
drive (HDD). This temporary image data consists of the original data
submitted and additional files created during a job. All partitions of the
HDD used for spooling temporary files are encrypted. The encryption
key is created on each power-up.
Audit. The TOE generates audit logs that track events/actions (e.g.,
print/scan/fax job submission) to identified users. The audit logs,
which are stored locally in a 15000 entry circular log, are available to
TOE administrators and can be exported in comma separated format
for viewing and analysis.
Network filtering. The TOE allows filtering rules to be specified for
IPv4 network connections based on IP address and port number.
Secure communication. The TOE provides support for a number of
secure communication protocols:
oTransport Layer Security (TLS) support is available for
protecting communication over the Web User Interface (Web
UI).
oSecure Shell (SSH) File Transfer Protocol (SFTP) and TLS are
available for protecting document transfers to a remote file
depository.
oInternet Protocol Security (IPsec) support is available for
protecting communication over IPv4 and IPv6 networks.
Xerox Multi-Function Device Security Target
10
Copyright2013 Xerox Corporation. All rights reserved.
oKerberos and TLS support are available for protecting
communication with a remote authentication server.
Authentication & access control. In the evaluated configuration, the
TOE requires users and system administrators to authenticate before
granting access to user (copy, print, fax etc) or system administration
functions via the Web User Interface (Web UI) or the Local User
Interface (LUI). The user or system administrator must enter a
username and password at either the Web UI or the LUI. The
password is obscured as it is being entered. The TOE provides role
based access control as configured by the system administrator.
Network authentication. The TOE supports smart card, Kerberos and
Lightweight Directory Access Protocol (LDAP) for network
authentication.
1.2.2. TOE Type
The TOE is an MFD that provides copy and print, document scanning and
optional fax services.
1.2.3. Required Non-TOE Hardware, Software and
Firmware
The TOE does not require any additional hardware, software or firmware in
order to function as a multi-function device. Additional features require non-
TOE support as follows:
Network security and fax flow features are only useful in environments
where the TOE is connected to a network or PSTN.
Network identification is only available when LDAP or Kerberos remote
authentication services are present in the environment.
Smart card authentication requires Federal Information Processing
Standard (FIPS) 201 Personal Identity Verification Common Access
Card (PIV-CAC) compliant smart cards and readers or equivalent. In
support of smart card authentication, a Windows Domain Controller
must also be present in the environment.
Xerox Multi-Function Device Security Target
11
Copyright2013 Xerox Corporation. All rights reserved.
1.3. TOE Description
1.3.1. Physical Scope of the TOE
The TOE is an MFD (WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225,
7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303) that consists of a
printer, copier, scanner, fax (if installed) and associated administrator and
user guidance. The difference between the models is shown in Table 2. The
hardware included in the TOE is shown in Figure 2 above without optional
paper feeders.
The software and firmware that comprise the TOE are listed in Table 3. A
system administrator can ensure that they have a TOE by printing a
configuration report and comparing the version numbers on the report to
Table 3 below.
Table 3: Evaluated software version
Model
System Software
Network Controller
WorkCentre 5845/5855/5865/5875/5890
071.190.103.06400
071.193.06410.LL*
WorkCentre 7220 / 7225
071.030.103.06400
071.033.06410.LL*
WorkCentre
7830 / 7835
071.010.103.06400
071.043.06410.LL*
7845 / 7855
071.040.103.06400
071.013.06410.LL*
ColorQube 9301 / 9302 / 9303
071.180.203.06400
071.183.06410.LL*
*Requires patch LLConnectKeyV1_.dlm
Users can determine version numbers and whether the Xerox Embedded Fax
Accessory, Xerox Workflow Scan Accessory and Image Overwrite Security
Package are installed by reviewing the TOE configuration report.
The administrator and user guidance included in the TOE are listed in Table
4.
Table 4: System User and Administrator Guidance
Title
Version
Date
Xerox WorkCentre
5845/5855/5865/5875/5890 System
Administrator Guide
1.0
February 2013
Xerox WorkCentre 7220/7225 System
Administrator Guide
1.0
April 2013
Xerox WorkCentre 7800 Series System
Administrator Guide
1.0
February 2013
Xerox ColorQube 9301/9302/9303 System
Administrator Guide
1.0
February 2013
Xerox Multi-Function Device Security Target
12
Copyright2013 Xerox Corporation. All rights reserved.
Title
Version
Date
Xerox WorkCentre
5845/5855/5865/5875/5890 User Guide
1.0
January 2013
Xerox WorkCentre 7220/7225 User Guide
1.0
April 2013
Xerox WorkCentre 7800 Series User Guide
1.0
February 2013
Xerox ColorQube 9301/9302/9303
ConnectKey Controller User Guide
1.0
February 2013
Secure Installation and Operation of Your
Xerox WorkCentre 5845, 5855, 5865, 5875,
5890, 7220, 7225, 7830, 7835, 7845, 7855 &
ColorQube 9301, 9302, 9303
1.3
May 2013
The TOE’s physical interfaces include a power port, an ethernet port, USB
ports, serial ports, fax ports (if fax accessory is installed), LUI with keypad, a
document scanner, a document feeder and a document output.
1.3.2. Logical Scope of the TOE
The logical scope of the TOE includes all software and firmware that are
installed on the product (see Table 3). The TOE logical boundary is
composed of the security functions provided by the product.
The following security functions are controlled by the TOE:
Image Overwrite (TSF_IOW)
Authentication (TSF_ AUT)
Network Identification (TSF_NET_ID)
Security Audit (TSF_FAU)
Cryptographic Operations (TSF_FCS)
User Data Protection –IP Filtering (TSF_FDP_FILTER)
Network Security (TSF_NET_SEC)
Information Flow Security (TSF_ FLOW)
Security Management (TSF_FMT)
User Data Protection –Disk Encryption (TSF_FDP_UDE)
1.3.2.1. Image Overwrite (TSF_IOW)
The Immediate Image Overwrite (IIO) function overwrites files created during
job processing. The IIO function automatically starts for all abnormally
terminated copy, print, scan and fax jobs stored on the HDD prior to coming
on-line at reboot or after a power failure/disorderly shutdown.
Xerox Multi-Function Device Security Target
13
Copyright2013 Xerox Corporation. All rights reserved.
The On-Demand Image Overwrite (ODIO) function overwrites the hard
drive(s) on-demand of the system administrator. The ODIO function operates
in two modes: full ODIO and standard ODIO. A standard ODIO overwrites all
files written to temporary storage areas of the HDD. A full ODIO overwrites
those files as well as the fax mailbox/dial directory and scan-to-mailbox data.
1.3.2.2. Authentication (TSF_AUT)
A user must authenticate by entering a username and password prior to
being granted access to the LUI or the Web UI. While the user is typing the
password, the TOE obscures each character entered.
Upon successful authentication, users are granted access to functions based
on their role. The system administrator defines the privileges associated to
each role.
If configured for local authentication the system requires the system
administrator to create each user and assign associated credentials. The
system will authenticate the user against an internal database. The TOE may
alternatively be configured to use an external authentication store as
described by section 1.3.2.3.
The TOE enforces administrator defined session timeout periods for the LUI
and Web UI.
1.3.2.3. Network Identification (TSF_NET_ID)
As an alternative to local authentication, the TOE may be configured to refer
to an external identity server (a trusted remote IT entity). User credentials
entered at the LUI or Web UI are authenticated at the server instead of the
TOE. The network authentication services supported by the TOE include:
smart card authentication, LDAP v4, Kerberos v5 (Solaris) and Kerberos v5
(Windows 2000/2003/2008).
1.3.2.4. Security Audit (TSF_FAU)
The TOE generates audit logs that record events (e.g. copy/print/scan/fax job
completion) and associated users. The audit logs, which are stored locally in
a 15000 entry circular log, are available to TOE administrators and can be
exported for viewing and analysis. The downloaded audit records are in
comma separated format.
1.3.2.5. Cryptographic Operations (TSF_FCS)
The TOE utilizes digital signature generation and verification (RSA), data
encryption (TDES, AES), key establishment (RSA) and cryptographic
checksum generation and secure hash computation (HMAC, SHA-1) in
support of disk encryption, SFTP, TLS and IPsec.
Xerox Multi-Function Device Security Target
14
Copyright2013 Xerox Corporation. All rights reserved.
1.3.2.6. User Data Protection –Disk Encryption
(TSF_FDP_UDE)
The TOE utilizes data encryption (AES) to support encryption and decryption
of designated portions of the hard disk where user image data files may be
temporarily stored.
1.3.2.7. User Data Protection –IP Filtering (TSF_FDP_FILTER)
The TOE enforces administrator defined IPv4 filtering rules. IP filtering is not
available for IPv6.
1.3.2.8. Network Security (TSF_NET_SEC)
The TOE supports the following secure communication protocols: TLS for
Web UI; SFTP and TLS for document transfers to the remote file depository;
IPsec for communication over IPv4 and IPv6; and Kerberos and TLS for
remote authentication.
1.3.2.9. Information Flow Security (TSF_FLOW)
The TOE prevents unintentional transmission of data between its interfaces
and the network and/or PSTN to which the TOE is connected.
1.3.2.10. Security Management (TSF_FMT)
The security functions of the TOE are managed by the system administrator
from both the LUI and WebUI. User and role management is only accessible
via the Web UI.
The TOE is capable of verifying the integrity of the TSF at the request of the
administrator.
Xerox Multi-Function Device Security Target
15
Copyright2013 Xerox Corporation. All rights reserved.
1.4. Evaluated Configuration
The following features are enabled in the evaluated configuration:
IIO and ODIO (the Image Overwrite Security Package)
HTTPS (TLS\SSL)
User Authorization
The following features are not included in the evaluated configuration:
IPX. Network communication protocol.
AppleTalk. Network communication protocol.
Internet Fax. Allows the user to scan documents at the control panel,
send them to destination email addresses, or receive and print emails
with attachments.
Network Domain Security (NDS). Network authentication protocol.
Server Message Block (SMB). Network authentication protocol.
Network Accounting. Allows users to manage printer usage with
detailed cost analysis capabilities.
Network Authorization. When configured, the printer references an
anauthorization server for authorization information, such as role, for
the authenticated user.
Reprint Saved Jobs. The Reprint Saved Jobs feature allows you to
save your print job on the printer so that you can print it at any time.
Smart eSolutions. Suite of features that provide free services to
enable administration of metered billing and supplies replenishment
plans for printers on a network.
Xerox Extensible Interface Platform (EIP). Allows independent
software vendors and partners to develop personalized and
customized document management solutions. These solutions can be
integrated and accessed directly from the printer control panel.
McAfee Embedded Control. Allows monitoring of system files to
detect and prevent unauthorized modification or execution.
Please see http://www.xerox.com/information-security/product/enus.html for
more specific information about maintaining the security of this TOE.
Xerox Multi-Function Device Security Target
16
Copyright2013 Xerox Corporation. All rights reserved.
2. Conformance Claims
2.1. Common Criteria Conformance
Claims
The ST is based upon the following, referenced hereafter as [CC]:
Common Criteria for Information Technology Security Evaluation, Part
1: Introduction and General Model; Version 3.1, Revision 3, CCMB-
2009-07-001,
Common Criteria for Information Technology Security Evaluation, Part
2: Security Functional Components; Version 3.1, Revision 3, CCMB-
2009-07-002,
Common Criteria for Information Technology Security Evaluation, Part
3: Security Assurance Components; Version 3.1, Revision 3, CCMB-
2009-07-003
This ST claims the following CC conformance:
Part 2 extended
Part 3 conformant
Evaluation Assurance Level (EAL) 2+
2.2. Protection Profile Claims
This ST claims demonstrable conformance to the IEEE Standard Protection
Profile for Hardcopy Devices in IEEE Std 2600™ -2008 Operational
Environment B (IEEE Std. 2600.2-2009).
2.3. Package Claims
This ST claims conformance to the EAL2 package augmented with
ALC_FLR.3, and the following additional packages from IEEE Standard
Protection Profile for Hardcopy Devices in IEEE Std 2600™ -2008
Operational Environment B (IEEE Std. 2600.2-2009):
2600.2-PRT, SFR Package for Hardcopy Device Print Functions,
Operational Environment B
Xerox Multi-Function Device Security Target
17
Copyright2013 Xerox Corporation. All rights reserved.
2600.2-SCN, SFR Package for Hardcopy Device Scan Functions,
Operational Environment B
2600.2-CPY, SFR Package for Hardcopy Device Copy Functions,
Operational Environment B
2600.2-fax, SFR Package for Hardcopy Device Fax Functions,
Operational Environment B
2600.2-DSR, SFR Package for Hardcopy Device Document Storage
and Retrieval Functions, Operational Environment B
2600.2-SMI, SFR Package for Hardcopy Device Shared-medium
Interface Functions, Operational Environment B
2.4. Rationale
The TOE type in this ST (MFD) is the same as the TOE type for IEEE 2600.2.
The Security Problem Definition and Objectives have been copied directly
from IEEE Std. 2600.2-2009 and have not been modified. One security
objective for the TOE (O.AUDIT_STORAGE.PROTECTED) has been added
in accordance to application note 7 from IEEE Std. 2600.2-2009. One security
objective for the IT environment (OE.USER.AUTHENTICATED) has been
added in accordance to application notes 37, 42 and 43 from IEEE Std.
2600.2-2009.
The statement of Security Requirements contains the Security Functional
Requirements (SFRs) from IEEE Std. 2600.2-2009 as well as additional
SFRs that are taken from CC Part 2. By including all of the SFRs from IEEE
Std. 2600.2-2009 and including additional SFRs (none of which conflict with
each other), the statement of Security Requirements is necessarily at least as
strict as the statement in IEEE Std. 2600.2-2009, if not more strict.
The rationales for objectives, threats, assumptions, organizational security
policies and security requirements have been copied from IEEE Std. 2600.2-
2009 and have been augmented to address the requirements that have been
added from CC Part 2.
The IEEE Std. 2600.2-2009 statement of Common SFRs has been
augmented with additional (including iterated) SFRs from CC Part 2 shown in
Table 5.
Table 5: IEEE Std. 2600.2-2009 common SFR augmentations
Family
Augmentation
Audit
FAU_STG.1, FAU_STG.4
Cryptographic Support
FCS_COP.1, FCS_CKM.1, FCS_CKM.2, FCS_CKM.4
Xerox Multi-Function Device Security Target
18
Copyright2013 Xerox Corporation. All rights reserved.
Family
Augmentation
Identification and
Authentication
FIA_UAU.7
The packages shown in Table 6 from IEEE Std. 2600.2-2009 have been
augmented with additional (including iterated) SFRs from CC Part 2.
Table 6: IEEE Std. 2600.2-2009 package augmentations
Package
Augmentation
PRT
SCN
CPY
FAX
DSR
SMI
FDP_IFC.1 (FILTER), FDP_IFF.1 (FILTER)
Xerox Multi-Function Device Security Target
19
Copyright2013 Xerox Corporation. All rights reserved.
3. Security Problem
Definition
3.1. Definitions
3.1.1. Users
Users are entities that are external to the TOE and which interact with the
TOE. There may be two types of Users: Normal and Administrator, as shown
in Table 7.
Table 7: Users
Designation
Definition
U.USER
Any authorized User.
U.NORMAL
A User who is authorized to perform User Document Data
processing functions of the TOE
U.ADMINISTRATOR
A User who has been specifically granted the authority to
manage some portion or all of the TOE and whose actions
may affect the TOE security policy (TSP). Administrators may
possess special privileges that provide capabilities to override
portions of the TSP.
This ST specifies:
U.ADMINISTRATOR (System Administrator)
U.ADMINISTRATOR (Accounting Administrator)
If U.ADMINISTRATOR is specified without identifying the
above, then it refers to both roles.
3.1.2. Objects (Assets)
Objects are passive entities in the TOE, that contain or receive information,
and upon which Subjects perform Operations. In this Security Target, Objects
are equivalent to TOE Assets. There are three types of Objects: User Data,
TSF Data, and Functions.
3.1.2.1. User Data
User Data are data created by and for Users and do not affect the operation
of the TOE Security Functionality (TSF). This type of data is composed of two
objects: User Document Data, and User Function Data, as shown in Table 8.
Xerox Multi-Function Device Security Target
20
Copyright2013 Xerox Corporation. All rights reserved.
Table 8: User data
Designation
Definition
D.DOC
User Document Data consists of the information contained in a user’s
document. This includes the original document itself in either hardcopy or
electronic form, image data, or residually-stored data created by the
hardcopy device while processing an original document and printed
hardcopy output.
D.FUNC
User Function Data are the information about a user’s document or job to
be processed by the TOE.
3.1.2.2. TSF Data
TSF Data is data created by and for the TOE and might affect the operation
of the TOE. This type of data is composed of two objects: TSF Protected
Data and TSF Confidential Data. The TSF Data assets for this TOE has been
categorized according to whether they require protection from unauthorized
alteration (TSF Protected Data) or protection from both unauthorized
disclosure and unauthorized alteration (TSF Confidential Data). The data
assets have been identified and categorized in Table 9 and Table 10 below.
Table 9: TSF data
Designation
Definition
D.PROT
TSF Protected Data are assets for which alteration by a User who is
neither an Administrator nor the owner of the data would have an effect
on the operational security of the TOE, but for which disclosure is
acceptable.
D.CONF
TSF Confidential Data are assets for which either disclosure or
alteration by a User who is neither an Administrator nor the owner of
the data would have an effect on the operational security of the TOE.
Table 10: TSF data categorization
TSF Protected Data
TSF Confidential Data
Configuration data
Audit Log
Device and network status information and
configuration settings
Cryptographic keys
Device service and diagnostic data
X.509 Certificate (TLS)
User IDs and Passwords
User Access Permissions
802.1x Credentials and Configuration
IP filter table (rules)
Email Addresses for fax forwarding
Other manuals for WorkCentre 5845
8
This manual suits for next models
13
Table of contents
Other Xerox All In One Printer manuals
Xerox
Xerox WorkCentre 490cx User manual
Xerox
Xerox WorkCentre BookMark 40 User manual
Xerox
Xerox Dcc240 User manual
Xerox
Xerox WORKCENTRE 5735 User manual
Xerox
Xerox WorkCentre 7525 User manual
Xerox
Xerox WORKCENTRE 5735 Technical manual
Xerox
Xerox WorkCentre Pro C2128 User manual
Xerox
Xerox Phaser 3200 User manual
Xerox
Xerox PHASER 8560MFP Operating manual
Xerox
Xerox WORKCENTRE 7775 User manual
Xerox
Xerox B205 Operating manual
Xerox
Xerox Phaser 6115 MFP User manual
Xerox
Xerox Nuvera 100 EA User manual
Xerox
Xerox Color Qube 9201 User manual
Xerox
Xerox WorkCentre 6025 User manual
Xerox
Xerox VersaLink B7025 Operating manual
Xerox
Xerox FaxCentre FC2218 User manual
Xerox
Xerox WorkCentre 3615 Service manual
Xerox
Xerox 4150 - WorkCentre B/W Laser User manual
Xerox
Xerox VersaLink C505S User manual
