Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5632</strong>/<strong>5638</strong>/<strong>5645</strong>/<strong>5655</strong>/5665/5675/5687<br />
Multifunction Systems Security Target<br />
Objectives<br />
OE.INSTALL<br />
OE.ACCESS<br />
OE.ADMIN<br />
OE.EXTERNAL_SV<br />
C<br />
Description<br />
System administrator oversees installation, configuration and<br />
operation of the TOE by <strong>Xerox</strong>-authorized representatives in<br />
accordance with the <strong>Xerox</strong> delivery and installation guidance.<br />
The TOE must be configured by the system administrator in<br />
accordance with the system administration and user<br />
guidance as well as with the security guidance found at<br />
http://www.xerox.com/security.<br />
As part of the installation process, the system administrator<br />
has to change the password from its default value to a value<br />
with at least 8 alphanumeric characters. The system<br />
administrator has to change the password at least every 40<br />
days.<br />
The “secure print” option has been configured to remove jobs<br />
that are unprinted after 72 hours.<br />
The “Copy/Print, Store and Reprint” option is configured to<br />
remove stored documents after no more than 72 hours.<br />
Image Overwrite Security accessory is installed and enabled,<br />
and IIO and ODIO are enabled.<br />
The system administrator ensures that the TOE will be<br />
configured according to the configuration under evaluation<br />
and will not remove the TOE from its evaluated configuration.<br />
The TOE will be located in an office environment where it will<br />
be monitored by the office personnel for unauthorized<br />
physical connections, manipulation or interference.<br />
At least one responsible and trustworthy individual (system<br />
administrator) will be assigned, according to onsite<br />
procedures for granting access to the password, to manage<br />
the TOE and other trusted IT products that the TOE interacts<br />
with, enable SSL, and review audit logs.<br />
The IT environment will provide the TOE with the following<br />
services:<br />
<br />
<br />
<br />
Network Time Protocol (NTP)<br />
Identification and Authentication<br />
Authorization (LDAP, ADS, or other methods of<br />
delegating user groups)<br />
4.3. Rationale for Security Objectives<br />
29<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved