DATA SECURITY INFORMATION COMMON CRITERIA ISO-IEC15408



Similar documents
The main difference between environments is the level of accountability for individual user actions.

IEEE 2600-series Standards for Hardcopy Device Security

Focus on Security Xerox and the P2600 Hardcopy Device and System Security Working Group

Common Criteria Certification for Samsung Multifunction Printers

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

REV /03/2015 (EMC/EN) KYOCERA NET MANAGER SOFTWARE INFORMATION DATA PROTECTION

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data

Evaluation. Common Criteria. Questions & Answers Xerox and Canon. Xerox Advanced Multifunction Systems

KMnet Admin ENTERPRISE DEVICE MANAGEMENT SOFTWARE ADVANCED DEVICE MANAGEMENT SOFTWARE.

Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report

RSA SecurID Software Token Security Best Practices Guide

Certification Report

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

21 CFR Part 11 Implementation Spectrum ES

The Gale Group Subscription and License Agreement

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

Service Schedule for CLOUD SERVICES

Autodesk PLM 360 Security Whitepaper

Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0

Certification Report

ELECTRONIC DELIVERY OF BANK STATEMENTS/NOTICES CONSENT AND AGREEMENT

Common Criteria. Introduction Magnus Ahlbin. Emilie Barse Emilie Barse Magnus Ahlbin

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

HIPAA Information Security Overview

Dell ControlPoint Security Manager

White Paper. Document Security and Compliance. April Enterprise Challenges and Opportunities. Comments or Questions?

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Supporting FISMA and NIST SP with Secure Managed File Transfer

Canon imagerunner Hard Disk Drive Data Security Options. Data Encryption and Overwrite

Approved By: Agency Name Management

TERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

SUSE Linux Enterprise 12 Security Certifications

Certification Report

Digital Certificate for Corporate Internet Banking - User Guide

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Certification Report

Cybersecurity Health Check At A Glance

Mobile Printing for Business Made Easy

PCI Compliance Top 10 Questions and Answers

The Impact of 21 CFR Part 11 on Product Development

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

TERMS OF USE FOR NOTARIAL PERSONAL REPRESENTATION CERTIFICATES FOR AUTHENTICATION

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Mobile. Pull. Solution. Print. and. Get true printing flexibility and document security with EveryonePrint

Canon ir6570/ir5570 Series ir Security Kit-B3. Security Target

New York State Electronic Signatures and Records Act

SETUP AND OPERATION GUIDE CLOUD PRINT. Version 1.0. January KYOCERA Document Solutions UK

Certification Report

Simple DCP Terms of Service

Josiah Wilkinson Internal Security Assessor. Nationwide

Xerox SMart esolutions. Security White Paper

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

MUSC Information Security Policy Compliance Checklist for System Owners Instructions

Wellesley College Written Information Security Program

Certification Report

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

VIRTUAL OFFICE WEBSITE LICENSE AGREEMENT

PLEASE CAREFULLY REVIEW THESE TERMS AND CONDITIONS BEFORE PROCEEDING:

How To Protect Your Data From Being Stolen

WEBSITE HOSTING SERVICES AGREEMENT. Effective Date: 1/1/2015

Certification Report

Samsung Security Solutions

PCI Compliance. Top 10 Questions & Answers

Certification Report

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Did you know your security solution can help with PCI compliance too?

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

1.02 Authorized Recipient means an entity authorized by statute to receive background check information for noncriminal justice purposes.

CENTRAL SAVINGS BANK BUSINESS INTERNET BANKING AGREEMENT

Embarcadero Performance Center 2.7 Installation Guide

How To Secure An Rsa Authentication Agent

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration

ICT USER ACCOUNT MANAGEMENT POLICY

ZIMPERIUM, INC. END USER LICENSE TERMS

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

visionapp Remote Desktop 2010 (vrd 2010)

Mobile Banking Service Agreement (Addendum to your Primary Online Banking Service Agreement)

retained in a form that accurately reflects the information in the contract or other record,

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Certification Report

Transcription:

DATA SECURITY INFORMATION COMMON CRITERIA ISO-IEC1408 TASKALFA 61ci/71ci REV-1.1 /March 201 ~ K!::IDCERa Document Solutions

Contents Information Data Security Kit E IEEE 2600-1 TASKALFA 61 ci/71 ci 1. IEEE 2600-1 OPERATIONAL ENVIRONMENTS 3 1.1, GRAPHICAL OVERVIEW 1.2. IEEE 2600 OPERATIONAL ENVIRONMENTS ARE BASED ON MARKET SEGMENTS 1.3. THE TWO WAYS TO EVALUATE PRODUCTS USING COMMON CRITERIA 1.4. IEEE 2600-SERIES PROTECTION PROFILES 3 3 4 4 2. TASKALFA 61CI/71CI 2.1. IEEE 2600 CERTIFICATION LEVEL 2.2. PRODUCT DESCRIPTION 2.3. TARGET OF EVALUATION (TOE) SECURITY FUNCTIONALITY 2.4. SECURITY FUNCTIONAL REQUIREMENTS 6 3. DISCLAIMER & CONTACT 7 ~ K~D[ERCI Document Solutions 12/03/.201 Page 2 of 7

All users identified / authenticated Stronger document security Complete audit logs ENVIRONMENT A All users identified / authenticated Normal document security Exception / violation logging ENVIRONMENT B Admins identified / authenticated User authentication optional Minimal document security Exception / violation logging ENVIRONMENT C Admins identified / authenticated Basic device security No logging ENVIRONMENT D A. For use with highly proprietary or legally regulated documents B. For general enterprise use C. For public-facing use D. For small office / home office use The security requirements for environment are hierarchical: A is a superset of B B is a superset of C C is a superset of D The main difference between environments is the level of accountability for individual user actions.

A) Without a Protection Profile: o A manufacturer writes a Security Target document that describes the security claims of their product. o Evaluation is based solely on the manufacturer s claims, not on a standard: it certifies only that the product performs what the manufacturer claims. B) With a Protection Profile: o Somebody writes a Protection Profile document that describes the security requirements for a class of products. o Manufacturers write Security Target documents that make security claims conforming to those requirements. o Evaluation ensures that the product performs as the manufacturer claims, and that the manufacturer s claims fulfill those requirements. The working group has also developed four Common Criteria Protection Profiles, one for each of the typical operating environments that are defined in IEEE 2600: IEEE 2600.1-2009 Standard Protection Profile for Hardcopy Devices in Operational Environment A (published and certified in 2009) IEEE 2600.2-2009 Standard Protection Profile for Hardcopy Devices in IEEE Std. 2600-2008 Operational Environment B (published in 2009, certified in 2010) IEEE 2600.3-2009 Standard Protection Profile for Hardcopy Devices in IEEE Std. 2600-2008 Operational Environment C (published in 2010, not certified) IEEE 2600.4-2010 Standard Protection Profile for Hardcopy Devices in IEEE Std. 2600-2008 Operational Environment D (published in 2010, not certified)

The Kyocera TASKalfa devices described in this document have been certified according to IEEE 2600.1-2009 Standard Protection Profile for Hardcopy Devices in Operational Environment A Description of Target of Evaluation (TOE) The TOE is a Multi-Function Printer, which has Copy, Scan, Print, FAX and Document Box functionality. This TOE provides security functionalities, which conform to IEEE Std 2600.1-2009 that is a protection profile for Hardcopy devices, for a purpose of preventing unauthorized disclosure and alteration of user document data. This TOE provides the following security functionalities. User Authentication: The functionality that performs user identification and authentication. Job Authorization: The functionality that restricts the available functions of a user. Document Access Control: The functionality that restricts access to user document data to authorized users only. Hard Disk Data Encryption: The functionality that encrypts data stored in hard disk drive. Data Overwrite: The functionality that overwrites data stored in a product, and disables the data to be re-used. Audit Logs: The functionality that records audit logs relevant to the security functionalities. Security Management: The functionality that restricts management of the security functionalities to authorized users only. Self Test: The functionality that verifies the integrity of executable codes of security functionality and setting data. Network Data Protection: The functionality that encrypts communication data, and prevents unauthorized transmission to an internal network via external interfaces such as public lines.

Information Data Security KitE IEEE 2600-1 TASKALFA 61ci/71ci 2.4. Security functional requirements This TOE implements the following security functional requirements. Security audit Cryptographic functionality Access control Trusted path/channels protection Secunity functionality protection authentication Security management TOE access control ~ K~D[ERCI Document Solutions 12/03/.201 Page 6 of 7

Information Data Security KitE IEEE 2600-1 TASKALFA 61ci/71ci 3. Disclaimer & Contact KYOCERA Document Solutions does not warrant that any specifications mentioned will be error-free. Specifications are subject to change without notice. Where application information is given, it is only advisory and does not form part of the specification. Information is correct at time of going to press. All other brand and product names may be registered trademarks or trademarks of their respective holders and are hereby acknowledged. EMC Product Marketing KYOCERA Document Solutions Europe B.V. Branch Office Germany EUROPEAN MARKETING CENTER (EMC) Otto-Hahn-Strasse 12 "D-40670 Meerbusch *Germany Contact: Hans Gerd Schmidt, Software Product Manager info@deu.kyocera.com All information as of February 11th, 201 ~ K~D[ERCI Document Solutions 12/03/.201 Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information