Manualshelf

Specifications

ManualsBrandsCannon ManualsComputer equipmentimageRunner 3025
21222324252627282930
5.1 – Common Criteria
Beginning on July 1, 2002, the Department of Defense required a broad group of commercial
hardware/software suppliers to have their products evaluated using a standard known as Common
Criteria to determine its fitness for the department’s use.
Following the development of the Common Criteria, the National Institute of Standards and
Technology and the National Security Agency, in cooperation and collaboration with the U.S. State
Department, worked closely with their partners in the CC Project to produce a mutual recognition
arrangement for IT security evaluations that use the Common Criteria. The Arrangement is officially
known as the Arrangement on the Mutual Recognition of Common Criteria Certificates in the field of IT
Security. It states that each participant will recognize evaluations performed using the Common
Criteria evaluation methodology where product certificates have been issued by the Mutually
Recognized producing nations for EAL1-EAL4 evaluations. Evaluation Assurance components found in
EAL5-EAL7 are not part of the mutual recognition arrangement.
The list of Common Criteria Recognition Arrangement members currently includes Australia, Austria,
Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy,
Japan, Republic of Korea, Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Turkey,
United Kingdom and United States.
5.2 – Common Criteria Certification
The Common Criteria for Information Technology Security Evaluation (CC), ISO/IEC 15408 Standard,
defines general concepts and principles of IT security evaluation and presents a general model of
evaluation. It presents constructs for expressing IT security objectives, for selecting and defining IT
security requirements, and for writing high-level specifications for products and systems. It specifies
information security functional requirements and seven predefined assurance packages, known as
Evaluated Assurance Levels (EALs), against which products' functions are tested and evaluated. The
seven EALS provide both the vendor and user with flexibility to define functional and assurance
requirements that are unique to their operating environments and to obtain an evaluated product
best suited to those needs.
Hardware and software companies around the world use the Common Criteria (CC) evaluation
program to provide a means of comparison for the level of assurance that their products provide. As a
cautionary note, while the evaluation program is very effective at validating a manufacturer’s claims,
it does not measure the overall security capabilities or vulnerabilities as a whole. Therefore, Common
Criteria certification should be one of many considerations when choosing security-related products
instead of being considered the de-facto standard.
Section 5 — Canon Solutions and Regulatory Requirements
27
White Paper: Canon imageRUNNER/imagePRESS Security