Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5135</strong>/<strong>5150</strong><br />
<strong>Multifunction</strong> Systems Security Target<br />
Objectives<br />
O.PROTECT_COM<br />
O.PROTECT_DAT<br />
Description<br />
The TOE must protect management data from disclosure,<br />
or modification, by establishing a trusted channel between<br />
the TOE and another trusted IT product over which the<br />
management data is transported.<br />
The TOE must protect from disclosure or modification: user<br />
data temporarily stored for the purpose of reprinting in the<br />
future, temporary spool files created from print, fax and<br />
scan jobs, and swap files.<br />
4.2. Security Objectives for the<br />
Operational Environment<br />
Table 9: Security Objectives for the IT Environment<br />
Objectives<br />
OE. NETWORK<br />
OE.NETWORK_I&A<br />
OE.PROTECT_CO<br />
M<br />
Description<br />
The network that the TOE is connected to will be monitored<br />
for unapproved activities and/or attempts to attack network<br />
resources (including the TOE). This includes a high number<br />
of logon tries to the web interface of the TOE.<br />
The TOE environment shall provide, per site specific policy,<br />
the correct and accurately functioning Identification and<br />
Authentication, and NTP mechanism(s) that are compatible<br />
with, and for external use by, the TOE. These mechanisms<br />
will be under the same management and physical control as<br />
the TOE and are covered by the same management and<br />
security policy as the TOE. These I&A assets may also<br />
maintain authorization information (access and/or<br />
permissions lists) for users who are authenticated by the<br />
environment.<br />
The TOE environment (product) and remote trusted IT<br />
products (which support the external half of all RFCcompliant<br />
communications and protocols) must protect user<br />
print jobs and scan-to-mailbox job data from disclosure, or<br />
modification. The TOE environment and remote trusted IT<br />
products must also prevent management data from being<br />
disclosed.<br />
28<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved