Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5632</strong>/<strong>5638</strong>/<strong>5645</strong>/<strong>5655</strong>/5665/5675/5687<br />
Multifunction Systems Security Target<br />
Table 7: Organizational Security Policy(s)<br />
Policy<br />
P.COMMS_SEC<br />
P.HIPAA_OPT<br />
P.SSL_ENABLED<br />
Description<br />
The system administrator shall employ TOE supported<br />
network security mechanisms (i.e., HTTPS, IPSec ESP<br />
and/or AH, IP filtering) per, and in accordance with,<br />
established local site security policy.<br />
(Appropriate to organizations under HIPAA oversight) All<br />
audit log entries (scan) shall be reviewed periodically<br />
(the period being local site specific and to be determined<br />
by the local audit cyclic period) and in accordance with<br />
45 CFR Subtitle A, Subchapter C, Part 164.530(c),(e),(f)<br />
which covers safeguards of information (c), sanctions for<br />
those who improperly disclose (e), and mitigation for<br />
improper disclosures (f). The TOE provides the audit log<br />
information so that an organization can be compliant; the<br />
HIPPA statute requires that personnel actually review the<br />
available audit log.<br />
Secure Socket layer network security mechanisms shall<br />
be supported by the TOE and enabled.<br />
25<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved