Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria

More documents

Recommendations

Info

Xerox WorkCentre 5135/5150 Multifunction Systems Security Target T.OUTFAX T.USER connected to the network. This threat only exists if the FAX board is installed and connected to the PSTN. During times when the FAX is not in use, a malicious user may attempt to connect to the TOE over the network and make an outgoing connection using the FAX card, either as a method of attacking other entities or for the purpose of sending sensitive information or data to other entities. 3 This threat only exists if the FAX board is installed and connected to the PSTN. A user, at any time, may attempt to reconfigure the TOE, for the purpose of disabling security functions or intercepting sensitive information or data, either by attempting to access the management functions directly or by logging in as the system administrator. Moreover a user may try to use the installed network options (network scanning, scan-to-email, and LanFax) although he is not authorized to do so. 3.3.2. Threats Addressed by the IT Environment This section specifies and describes the threat against which protection from the IT environment is required. Table 6: Threat Addressed by the IT Environment Threat TE.COMM_SEC Description An attacker may break into a communications link between the TOE and a remote trusted IT product in order to intercept, and/or modify, print job or scan-tomailbox data passed to/from/between the TOE and remote trusted IT product. 3.4. Organizational Security Policies This section enumerates the organizational security policies the TOE must comply with: 3 Application Note: The sending of company confidential information to external entities by Fax is not considered a threat to the TOE. 24 Copyright 2009 Xerox Corporation, All rights reserved
Xerox WorkCentre 5135/5150 Multifunction Systems Security Target Table 7: Organizational Security Policy(s) Policy P.COMMS_SEC P.HIPAA_OPT P.SSL_ENABLED Description The system administrator shall employ TOE supported network security mechanisms (i.e., HTTPS, IPSec ESP and/or AH, IP filtering) per, and in accordance with, established local site security policy. (Appropriate to organizations under HIPAA oversight) All audit log entries (scan) shall be reviewed periodically (the period being local site specific and to be determined by the local audit cyclic period) and in accordance with 45 CFR Subtitle A, Subchapter C, Part 164.530(c),(e),(f) which covers safeguards of information (c), sanctions for those who improperly disclose (e), and mitigation for improper disclosures (f). The TOE provides the audit log information so that an organization can be compliant; the HIPPA statute requires that personnel actually review the available audit log. Secure Socket layer network security mechanisms shall be supported by the TOE and enabled. 25 Copyright 2009 Xerox Corporation, All rights reserved
Page 1 and 2: Xerox WorkCentre 5135/5150 Multifun
Page 23: Xerox WorkCentre 5135/5150 Multifun
Page 61 and 62: O.AUDITS O.RECOVER O.FAXLINE O.MANA
Page 75 and 76:
Xerox WorkCentre 5135/5150 Multifun
Page 77:
Xerox WorkCentre 5135/5150 Multifun
show all

Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?