Xerox Multi-Function Device Security Target
73
Copyright
2013 Xerox Corporation. All rights reserved.
The TOE utilizes digital signature generation and verification (RSA), data
encryption (TDES, AES), key establishment (RSA) and cryptographic
checksum generation and secure hash computation (HMAC, SHA-1) in
support of disk encryption, SFTP, TLS and IPsec..
7.1.7.
User Data Protection
– Disk Encryption
(TSF_FDP_UDE)
FCS_COP.1, FCS_CKM.1, FCS_CKM.4
The TOE utilizes data encryption (AES) to support encryption and decryption
of designated portions of the hard disk where user files may be temporarily
stored. The algorithm deployed meets the following standard: AES-CBC-256-
FIPS-197.
7.1.8.
User Data Protection
– IP Filtering
(TSF_FDP_FILTER)
FDP_IFC.1 (FILTER), FDP_IFF.1 (FILTER), FMT_MTD.1 (FILTER)
The TOE provides the ability for the system administrator to configure a
network information flow control policy based on a configurable rule set. The
information flow control policy (IPFilter SFP) is defined by the system
administrator through specifying a series of rules to “accept,” “deny,” or “drop”
packets. These rules include a listing of IP addresses that will be allowed to
communicate with the TOE. Additionally rules can be generated specifying
filtering options based on port number given in the received packet.
Note:
The TOE cannot enforce the IP Filtering (TSF_FDP_FILTER) security
function when it is configured for IPv6.
7.1.9.
Network Security (TSF_NET_SEC)
FTP_ITC.1
The TOE supports various secure communication protocols as part of its
security solution. These includes: TLS for Web UI; SFTP and TLS for
document transfers to the remote file depository; IPsec for communication
over IPv4 and IPv6; Kerberos and TLS for remote authentication.
7.1.10. Security Management (TSF_FMT)
FDP_ACC.1
(USER),
FDP_ACC.1
(FUNC),
FDP_ACF.1
(USER),
FDP_ACF.1 (FUNC), FIA_ATD.1, FMT_SMF.1, FMT_MSA.1 (USER),
FMT_MSA.1
(FUNC),
FMT_MSA.3
(USER),
FMT_MSA.3
(FUNC),
FMT_MTD.1 (MGMT1), FMT_MTD.1 (MGMT2), FMT_MTD.1 (KEY),
FTP_TST.1
