Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5135</strong>/<strong>5150</strong><br />
<strong>Multifunction</strong> Systems Security Target<br />
User image files associated with the Copy/Print, Store and Reprint feature<br />
may be stored long term for later reprinting. When a job is selected for<br />
reprint, the stored job is resubmitted to the system. Temporary files<br />
created during processing are overwritten at the completion of the job<br />
using the 5200.28-M algorithm. The stored jobs are not overwritten until<br />
the jobs are deleted by the user, or when the System Administrator<br />
executes a full on-demand image overwrite.<br />
<strong>Xerox</strong>’s optional Network Scanning Accessory may be purchased and<br />
added to the TOE configuration. This accessory allows documents to be<br />
scanned at the device with the resulting image being stored on a remote<br />
server/repository. The connection between the device and the remote<br />
server is secured when the TOE’s SSL support is enabled; the transfer of<br />
the data is through an HTTPS connection. The TOE supports network<br />
scanning using FTP, HTTPS (SSL), SMTP over IPv4 and IPv6 with<br />
support for utilizing LDAP over IPv4 and IPv6. The cryptography used to<br />
protect this connection has been scoped out of the evaluation.<br />
All models of the TOE support both auditing and network security. The<br />
system administrator can enable and configure the network security<br />
support. The network security support is based on SSL. When SSL<br />
support is enabled on the device, the following network security features<br />
can be enabled/configured: HTTPS support over both IPv4 and IPv6 (for<br />
both the device’s Web UI and secure network scan data transfer); system<br />
administrator download of the device’s audit log; IPSec support for IPP, lpr<br />
and port 9100 print jobs over IPv4 or IPv6; and specification of IPv4 and<br />
IPv6 filtering rules. Scan-to-email and FAX data are not protected from<br />
sniffing by the IPSec or SSL support. The transmission of LanFax data<br />
over the Ethernet connection is protected by IPSec, but the transmission<br />
over the PSTN is not. Note that for the MFD configuration, IPSec can only<br />
be activated if SSL has been enabled and an SSL-based certificate (either<br />
“self-signed” or generated by an external Certificate Authority) has been<br />
loaded into the TOE via the Web UI. Once this has occurred, SSL could<br />
be disabled. Except for the cryptography used to protect the audit logs<br />
(SSL v3.1), the cryptography used for network security has been scoped<br />
out of the evaluation.<br />
The TOE provides for user identification and authorization based on either<br />
local or remote ACL’s as configured by the system administrator.<br />
The TOE can integrate with an IPv4 or IPv6 network with native support<br />
for dhcp/dhcpv6.<br />
The TOE also supports the <strong>Common</strong> Access Card (CAC) standard for<br />
authentication.<br />
1.2.2. TOE Type<br />
The TOE is a multi-function device (MFD) that provides copy, print,<br />
document scanning and optional FAX services.<br />
10<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved