Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5632</strong>/<strong>5638</strong>/<strong>5645</strong>/<strong>5655</strong>/5665/5675/5687<br />
Multifunction Systems Security Target<br />
6.1.8. User Data Protection – IP Filtering (TSF_FDP_FILTER)<br />
FDP_IFC.1 (FILTER), FDP_IFF.1 (FILTER), FMT_MTD.1 (FILTER)<br />
The TOE provides the ability for the system administrator to configure a network<br />
information flow control policy based on a configurable rule set. The information flow<br />
control policy (IPFilter SFP) is defined by the system administrator through specifying a<br />
series of rules to “accept,” “deny,” or “drop” packets. These rules include a listing of IP<br />
addresses that will be allowed to communicate with the TOE. Additionally rules can be<br />
generated specifying filtering options based on port number given in the received<br />
packet.<br />
Note: The TOE cannot enforce the IP Filtering (TSF_FDP_FILTER) security<br />
function when it is configured for AppleTalk or IPX networks.<br />
6.1.9. Security Management (TSF_FMT)<br />
FDP_ACC.1, FDP_ACF.1, FMT_SMF.1, FMT_MOF.1<br />
Only authenticated system administrators can enable or disable the Image Overwrite<br />
function, enable or disable the On Demand Image Overwrite function, change the<br />
system administrator password, and start or cancel an On Demand Image Overwrite<br />
operation.<br />
While IIO or ODIO can be disabled, doing so will remove the TOE from its evaluated<br />
configuration.<br />
Additionally, only authenticated system administrators can assign authorization<br />
privileges to users, establish a recurrence schedule for “On Demand” image overwrite,<br />
enable/disable SSL support, create/install X.509 certificates, enable/disable and<br />
download the audit log, enable/disable and configure (rules) IP filtering, enable/disable<br />
disk encryption, enable/disable use of <strong>Common</strong> Access Cards, configure <strong>Common</strong><br />
Access Card use, configure network authentication, configure device authorization, or<br />
enable/disable and configure IPv6.<br />
6.1.10. User Data Protection - AES (TSF_EXP_UDE)<br />
FCS_COP.1 (UDE 1), FCS_COP.1 (UDE 2)<br />
The TOE utilizes data encryption (AES) and cryptographic checksum generation and<br />
secure hash computation (SHA-1) to support encryption and decryption of designated<br />
portions of the hard disk where user files may be temporarily stored. Those packages<br />
meet the following standards: AES-256-FIPS-197 (CAVP Certificate No. 1471), SHA-1 –<br />
FIPS-180-2 (CAVP Certificate No. 1331).<br />
75<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved