Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5135</strong>/<strong>5150</strong><br />
<strong>Multifunction</strong> Systems Security Target<br />
works with an external Accounting server (i.e., Equitrac or Control Systems). Network<br />
Accounting uses full character set IDs.<br />
For network scan, email, and IFax (not included in the evaluation) jobs the accounting<br />
IDs (i.e., PINS) required by the Auditron, XSA, or Network Accounting, will be recorded<br />
in the audit log.<br />
If Network Authentication is enabled, then the name required by Network Authentication<br />
will be recorded in the audit log.<br />
For print and LanFax jobs, the network username associated with the logged in user at<br />
the client workstation will be recorded in the audit log.<br />
6.1.6. Cryptographic Support (TSF_FCS)<br />
FCS_COP.1 (SSL 1), FCS_COP.1 (SSL 2), FCS_COP.1 (SSL 3), FCS_COP.1 (SSL 4)<br />
The TOE utilizes digital signature generation and verification (RSA), data encryption<br />
(TDES, AES), key establishment (RSA) and cryptographic checksum generation and<br />
secure hash computation (SHA-1) to support secure communication between the TOE<br />
and remote trusted products. Those packages include provisions for the generation of<br />
checksum/hash values and meet the following standards: 3DES – NIST 800-67 (CAVP<br />
Certificate No. 990); SHA-1 – FIPS-180-2 (CAVP Certificate No. 1331), AES-256-FIPS-<br />
197 (CAVP Certificate No. 1472), SSLv3.1, RSA - FIPS 186-2 (CAVP Certificate No.<br />
719)..<br />
6.1.7. Management Data Protection – SSL (TSF_FDP_SSL)<br />
FCS_COP.1 (SSL 1), FCS_COP.1 (SSL 2), FCS_COP.1 (SSL 3), FCS_COP.1 (SSL<br />
4), FDP_IFC.1 (SSL), FDP_IFF.1 (SSL), FDP_UCT.1 , FDP_UIT.1, FTP_TRP.1<br />
The TOE provides support for SSL and allows the TOE to act as either an SSL server,<br />
or SSL client, depending on the function the TOE is performing. SSL v3.1 must be<br />
enabled before the system administrator can retrieve the audit log. SSL functionality<br />
also permits the TOE to be administered from the Web UI.<br />
All information that is transmitted between the TOE and a remote trusted product using<br />
SSL v3.1 is protected from both disclosure and modification. The disclosure protection<br />
is accomplished by the symmetric encryption of the data being transferred using the<br />
3DES EDE (aka, Triple DES – defined in NIST 800-67 (CAVP Certificate No. 990))<br />
cipher or AES cipher and a per connection key generated as part of the SSLv3.1<br />
protocol. The modification protection is accomplished by the use of the HMAC-SHA1<br />
(Hashed Message Authentication Code – defined by IETF RFC2104) that is<br />
incorporated into the SSLv3.1 record transfer protocol. The key establishment is<br />
accomplished by the use of RSA.<br />
Except for the cryptography used to protect the audit logs (SSL v3.1), the cryptography<br />
used for management data protection has been scoped out of the evaluation.<br />
74<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved