Ärendetyp: 6 Diarienummer: 14FMV4209-24:1
Dokument ID FMVID-297-738
Template:
CSEC_mall_doc.dot,
7.0
Öppen
enligt Offentlighets- och sekretesslagen
(2009:400)
2014-12-17
Country of origin: Sweden
Försvarets materielverk
Swedish Certification Body for IT Security
Certification Report HP CAM
Issue: 1.0, 2014-dec-17
Authorisation: Jerry Johansson, , CSEC
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 2 (20)
Table of Contents
1 Executive Summary 3
2 Identification 5
3 Security Policy 6
3.1 Auditing 6
3.2 Cryptography 6
3.3 Identification and Authentication 6
3.4 Data Protection and Access Control 6
3.5 Protection of the TSF 6
3.6 TOE Access Protection 6
3.7 Trusted Channel Communication and Certificate Management 6
3.8 User and Access Management 7
4 Assumptions and Clarifications of Scope 8
4.1 Usage Assumptions 8
4.2 Environmental Assumptions 8
4.3 Clarification of Scope 8
5 Architectural Information 9
6 Documentation 13
7 IT Product Testing 14
7.1 Developer Testing 14
7.2 Evaluator Testing 14
7.3 Evaluator Penetration Testing 14
8 Evaluated Configuration 15
9 Results of the Evaluation 16
10 Evaluator Comments and Recommendations 17
11 Glossary 18
12 Bibliography 19
Appendix A - QMS Consistency 20
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 3 (20)
1 Executive Summary
The Target of Evaluation, TOE, is the firmware of a multifunction printer, MFP, with
the exception of the operating system and the crypto module implementation. Three
versions of the multifunction printer are included in the scope of the evaluation: the
LaserJet Enterprise MFP M630 Series (black and white), the Color LaserJet Enterprise
MFP M680 Series, and the OfficeJet Enterprise Color MFP X585 Series (color).
These multifunction printers provide fax, copying, scanning, and network printing
functionality. The network connections are encrypted, password protected print jobs
are encrypted, PIN protected print jobs are protected by access control, and stored jobs
may be printed from the printer console.
The evaluated security features include administrator and user identification and au-
thentication, PIN or password protected encryption of jobs, and IPSec protected net-
work communication.
The implementation of the cryptographic module used for IPSec is outside the scope
of the evaluation, but the effect of cryptographic function calls from the TOE has been
verified. Other cryptographic implementations are within the scope of TOE.
The USB interface is disabled in the evaluated configuration.
The ST claims conformance to:
2600.2 PP, Protection Profile for Hardcopy Devices, Operational Environment B;
Version 1.0; March 2009, in accordance with the NIAP CCEVS Policy Letter #20.
The claim includes the following packages from the PP:
2600.2-CPY, SFR Package for Hardcopy Device Copy Functions, Operational Envi-
ronment B
2600.2-DSR, SFR Package for Hardcopy Device Document Storage and Retrieval
(DSR) Functions, Operational Environment B
2600.2-FAX, SFR Package for Hardcopy Device Fax Functions, Operational Envi-
ronment B
2600.2-PRT, SFR Package for Hardcopy Device Print Functions, Operational Envi-
ronment B
2600.2-SCN, SFR Package for Hardcopy Device Scan Functions, Operational Envi-
ronment B
2600.2-SMI, SFR Package for Hardcopy Device Shared-Medium Interface Functions,
Operational Environment B
The evaluation has verified demonstrable conformance to the PP and conformance to
the package claims stated above.
The evaluation has been performed by atsec information security AB in their premises
in Danderyd, Sweden, and to some extent in the approved foreign location in Austin,
Texas, USA, and was completed on the 10th of December 2014.
The evaluation was conducted in accordance with the requirements of Common Crite-
ria, version 3.1, release 4, and the Common Methodology for IT Security Evaluation,
version 3.1, release 4. The evaluation was performed at the evaluation assurance level
EAL 2, augmented by ALC_FLR.2 Flaw reporting procedures.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 4 (20)
atsec information security AB is a licensed evaluation facility for Common Criteria
under the Swedish Common Criteria Evaluation and Certification Scheme. atsec in-
formation security AB is is also accredited by the Swedish accreditation body
SWEDAC according to ISO/IEC 17025 for Common Criteria evaluation.
The certifier monitored the activities of the evaluator by reviewing all successive ver-
sions of the evaluation reports. The certifier determined that the evaluation results
confirm the security claims in the Security Target [ST], and have been reached in
agreement with the requirements of the Common Criteria and the Common Methodol-
ogy for evaluation assurance level:
EAL 2 + ALC_FLR.2.
The certification results only apply to the versions of the products indicated in the
certificate, and on the condition that all the stipulations in the Security Target [ST]
are met.
This certificate is not an endorsement of the IT product by CSEC or any other
organization that recognizes or gives effect to this certificate, and no warranty of
the IT product by CSEC or any other organization that recognizes or gives effect
to this certificate is either expressed or implied.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 5 (20)
2 Identification
Certification Identification
Certification ID CSEC2014003
Name and version of the HP LaserJet Enterprise MFP M630 Series
certified IT product and (M630dn w/optional fax, M630f, M630h, flow
the TOE M630z)
MFP firmware version 2303704_233000025
JetDirect firmware version JDI23s00424
HP Color LaserJet Enterprise MFP M680 Series
(M680dn w/optional fax, M680f, flow M680z)
MFP firmware version 2303704_233000027
JetDirect firmware version JDI23s00424
HP OfficeJet Enterprise Color MFP X585 Series
(X585dn w/optional fax, X585f, flow X585z)
MFP firmware version 2303704_233000026
JetDirect firmware version JDI23s00424
Security Target Hewlett-Packard LaserJet Enterprise MFP M630
Series, Color LaserJet Enterprise M680 Series and
OfficeJet Enterprise Color MFP X585 Series
Firmware with Jetdirect Inside Security Target,
Hewlett Packard, 2014-10-15, document version 2.0
Assurance level EAL 2 + ALC_FLR.2
Sponsor Hewlett Packard
Developer Hewlett Packard
ITSEF atsec information security AB
Common Criteria version 3.1 release 4
CEM version 3.1 release 4
Certification date 2014-12-17
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 6 (20)
3 Security Policy
The TOE provides the following security services:
- Auditing
- Cryptography
- Identification and Authentication
- Data Protection and Access Control
- Protection of the TSF
- TOE Access Protection
- Trusted Channel Communication and Certificate Management
- User and Access Management
3.1 Auditing
The TOE generates audit records for security relevant events. The audit records are
sent to a syslog server in the environment for storage and audit review.
3.2 Cryptography
The external communication channels are protected with IPSec (the IPSec implemen-
tation is part of the operational environment), and print jobs can be encrypted based on
a password (the implementation of print job decryption is part of the TOE).
3.3 Identification and Authentication
Console access requires user identification and authentication.
3.4 Data Protection and Access Control
Stored jobs are protected by PIN (access control) or password (encryption). In addi-
tion, the access to read, modify and delete operations are controlled based on user
identity and job ownership.
3.5 Protection of the TSF
Restricted forwarding - the administrator may restrict the automatic forwarding of da-
ta, specifically fax forwarding and fax archiving.
The TOE contains a suite of self tests to verify the integrity of specific TSF data and
the TOE executables.
In the evaluated configuration, the TOE system clock will synchronise with an NTP
server.
3.6 TOE Access Protection
Control panel access is protected by an inactivity timeout and an administrator se-
lectable automatic logout after a user job has been started.
3.7 Trusted Channel Communication and Certificate Man-
agement
All network access to the TOE requires the use of an integrity and confidentiality pro-
tected trusted channel.
TOE provides a mechanism to import X.509 v3 certificates.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 7 (20)
3.8 User and Access Management
An administrator has authority to manage security functionality, users, and the exter-
nal authenticated servers.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 8 (20)
4 Assumptions and Clarifications of Scope
4.1 Usage Assumptions
The Security Target [ST] makes three assumptions on the usage of the TOE.
A.USER.TRAINING - TOE users are aware of the security policies and the proce-
dures of their organization, and are trained and competent to follow those policies and
procedures.
A.ADMIN.TRAINING - Administrators are aware of the security policies and proce-
dures of their organization, are trained and competent to follow the manufacturer's
guidance and documentation, and correctly configure and operate the TOE in accord-
ance with those policies and procedures.
A.ADMIN.TRUST - Administrators do not use their privileged access rights for mali-
cious purposes.
4.2 Environmental Assumptions
Four assumptions on the environment are made in the Security Target.
A.ACCESS.MANAGED - The TOE is located in a restricted or monitored environ-
ment that provides protection from unmanaged access to the physical components and
data interfaces of the TOE.
A.ADMIN.PC.SECURE - The administrative computer is in a physically secured and
managed environment and only the authorized administrator has access to it.
A.USER.PC.POLICY - User computers are configured and used in conformance with
the organization's security policies.
A.SERVICES.RELIABLE - When the TOE uses any of the network services CIFS,
FTP, DNS, Kerberos, LDAP, NTP, SMTP, Sharepoint, syslog, and/or WINS, these
services provide reliable information and responses to the TOE.
4.3 Clarification of Scope
The Security Target [ST] contains six threats, which have been considered during the
evaluation.
T.DOC.DIS - User Document Data may be disclosed to unauthorized persons.
T.DOC.ALT - User Document Data may be altered by unauthorized persons.
T.FUNC.ALT - User Function Data may be altered by unauthorized persons.
T.PROT.ALT - TSF Protected Data may be altered by unauthorized persons.
T.CONF.DIS - TSF Confidential Data may be disclosed by unauthorized persons.
T.CONF.ALT - TSF Confidential Data may be altered by unauthorized persons.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 9 (20)
5 Architectural Information
The TOE is the firmware of an enterprise network multifunction printer designed to be
shared by many client computers and human users. It performs the functions of copy-
ing, faxing, printing, scanning, and storing of documents. It can be connected to a lo-
cal network through the embedded Jetdirect Inside print server's built-in Ethernet, to
an analog phone line using its internal analog fax modem, or to a USB device using its
USB port (but the use of which must be disabled in the evaluated configuration).
Figure 1: HCD physical diagram
Figure 1 shows a high-level physical diagram of a Hardcopy Device (HCD) with the
unshaded areas representing the TOE and the shaded areas indicating components that
are part of the Operational Environment.
At the top of this figure is the Administrative Computer which connects to the TOE
using Internet Protocol Security (IPsec) with X.509v3 certificates for both mutual au-
thentication and for protection of data from disclosure and alteration. This computer
can administer the TOE using the following interfaces over the IPsec connection:
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 10 (20)
● Embedded Web Server (EWS)
● Simple Network Management Protocol (SNMP)
● Web Services:
- Open Extensibility Platform device (OXPd) Web Services
- WS-* Web Services
The HTTP-based EWS administrative interface allows administrators to remotely
manage the features of the TOE using a web browser.
The Web Services allow administrators to manage the TOE using HP's Web Jetadmin
application, which is part of the Operational Environment. The TOE supports both
HP's Open Extensibility Platform device (OXPd) Web Services and certain WS-*
Web Services (conforming to the WS-*standards defined by w3.org) accessed via the
Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML).
The SNMP network interface allows administrators to remotely manage the TOE us-
ing external SNMP-based administrative applications like the HP Web Jetadmin ad-
ministrative tool.
Printer Job Language (PJL) is used in a non-administrative capacity by the Adminis-
trative Computer. The Administrative Computer uses PJL to send print jobs to the
TOE as well as to receive job status. In general, PJL supports password protected ad-
ministrative commands, but in the evaluated configuration these commands are disa-
bled. For the purposes of the evaluation, we define the PJL Interface as PJL data sent
to port 9100.
Web Jetadmin uses the HTTP, OXPd, PJL, SOAP/XML, WS-*, and SNMP protocols
to manage the TOE. Remote applications such as web browsers and Web Jetadmin are
part of the Operational Environment, not part of the TOE.
The TOE protects all network communications with Internet Protocol Security (IPsec),
which is part of the embedded Jetdirect Inside firmware. Though IPsec supports mul-
tiple authentication methods, in the evaluated configuration, both ends of the IPsec
connection are authenticated using X.509v3 certificates. An identity certificate for the
TOE must be created outside the TOE, signed by a Certificate Authority (CA), and
imported (added) into the TOE with the Certificate Authority's CA certificate.
Because IPsec authenticates the computers (IPsec authenticates the computer itself;
IPsec does not authenticate the individual users of the computer), access to the Admin-
istrative Computer should be restricted to TOE administrators only.
The TOE distinguishes between the Administrative Computer and Network Client
Computers by using IP addresses, IPsec, and the embedded Jetdirect Inside's internal
firewall. In the evaluated configuration, the number of Administrative Computers used
to manage the TOE is limited to one and the Device Administrator Password must be
set.
The TOE can also communicate with Authenticated Server Computers using IPsec.
The evaluated configuration supports the following SNMP versions:
● SNMPv1 read-only
● SNMPv2c read-only
● SNMPv3
Network Client Computers connect to the TOE using IPsec with X.509v3 certificates
to protect the communication and to mutually authenticate. These client computers can
send print jobs to the TOE using the PJL Interface as well as receive job status.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 11 (20)
The TOE supports an optional analog telephone line connection for sending and re-
ceiving faxes. The Control Panel uses identification and authentication to control ac-
cess for sending analog faxes. Because the fax protocol doesn't support authentication
of incoming analog fax phone line users, anyone can connect to the analog fax phone
line (unless the number has been added to the Blocked Fax Numbers list), but the only
function an incoming fax phone line user can perform is to transmit a fax to the TOE.
Received faxes are converted to stored jobs and placed in the "Stored Faxes" folder in
the "Retrieve from Device Memory" application. Access to the "Stored Faxes" folder
is restricted to users who have the "Open from Device Memory application > Stored
Faxes" permission.
Some fax devices can hold a fax until another fax device requests that the fax be sent.
Users can use the Fax Polling Receive function of the TOE to retrieve faxes from oth-
er fax devices. This is called a Fax Polling Receive job by this document. To perform
this function, the user authenticates via the Control Panel and initiates the function by
entering the phone number of the other fax device. The TOE will dial the other fax
device and request the other fax device to transfer the held fax to the TOE via the cur-
rently active phone connection. The TOE prints the fax as it receives it.
The TOE does not accept polling requests from other fax devices (i.e., the MFP mod-
els in this evaluation do not contain the Fax Polling Send functionality).
The TOE protects stored jobs with either a 4-digit Job PIN or by accepting (and stor-
ing) a password encrypted job from a user computer. Both protection mechanisms are
optional by default and are mutually exclusive of each other if used. In the evaluated
configuration, every job must either be assigned a 4-digit Job PIN or be an encrypted
job.
The TOE also supports Microsoft SharePoint (flow MFP models only) and remote file
systems for the storing of scanned documents, sent and received faxes. The TOE uses
IPsec with X.509v3 certificates to protect the communications and to mutually authen-
ticate to SharePoint and the remote file systems. For remote file system connectivity,
the TOE supports the File Transfer Protocol (FTP) and the Common Internet File Sys-
tem (CIFS) protocol. (SharePoint is HTTP-based.) The product is capable of encrypt-
ing stored document files according to the Adobe PDF specification.
The TOE can be used to email scanned documents, email received faxes, or email sent
faxes. The TOE supports protected communications between the TOE and Simple
Mail Transfer Protocol (SMTP) gateways. It uses IPsec with X.509v3 certificates to
protect the communications and to mutual authenticate with the SMTP gateway. The
TOE can only protect unencrypted email up to the SMTP gateway. It is the responsi-
bility of the Operational Environment to protect emails from the SMTP gateway to the
email's destination. Also, the TOE can only send emails; it does not accept inbound
emails.
The TOE's Control Panel supports both local and remote sign in methods. The local
sign in method is called Local Device Sign In which supports individual user ac-
counts. The user account information is maintained in the Local Device Sign In data-
base within the TOE. The remote sign in methods are called LDAP Sign In and Win-
dows Sign In (Kerberos). The TOE uses IPsec with X.509v3 certificates to protect
both the LDAP and Kerberos communications.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 12 (20)
Each HCD contains a user interface called the Control Panel. The Control Panel con-
sists of a touch sensitive LCD screen, a physical power button, and a physical home
screen button that are attached to the HCD. In addition, the flow MFP models include
a computer keyboard as part of the Control Panel. The Control Panel is the physical
interface that a user uses to communicate with the TOE when physically using the
HCD. The LCD screen displays information such as menus and status to the user. It
also provides virtual buttons to the user such as an alphanumeric keypad for entering
usernames and passwords. When a user signs in at the Control Panel, a Permission Set
is associated with their session which determines the functions the user is permitted to
perform.
The Scanner is the part of the HCD that converts hardcopy documents into electronic
format. ThePrint Engine converts electronic format into hardcopy.
All MFP models contain a persistent storage drive (a.k.a. storage drive) that resides in
the Operational Environment. The storage drive contains a section called Job Storage
which is a user-visible file system where stored print jobs are stored/held. Depending
on the MFP model, the storage drive is either a:
● Solid-State Drive (SSD), or
● HP High Performance Secure Hard Disk
If the MFP model contains an SSD, all jobs in Job Storage are automatically deleted
when the HCD is power-cycled. If the MFP model contains an HP High Performance
Secure Hard Disk, the jobs can persist across power-cycles or can be deleted, depend-
ing on how the administrator configures the TOE and on the job type.
The TOE supports the auditing of security relevant functions by generating and for-
warding audit records to a remote syslog server. The TOE uses IPsec with X.509v3
certificates to protect the communications between the TOE and the syslog server and
to mutually authenticate the TOE and syslog server.
The Jetdirect Inside Firmware and HCD System Firmware components comprise the
firmware on the system. They are shown as two separate components but they both
share the same operating system (OS). The operating system is part of the Operational
Environment. Both firmware components also contain an Embedded Web Server
(EWS).
The Jetdirect Inside firmware includes SNMP, IPsec, a firewall, and the management
functions for managing these network-related features. The Jetdirect Inside firmware
also provides the network stack and drivers controlling the TOE's Ethernet interface.
The HCD System Firmware controls the overall functions of the TOE from the Con-
trol Panel to the storage drive to the print jobs.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 13 (20)
6 Documentation
The following documents are included in the scope of the TOE:
LaserJet Enterprise MFP M630 - User Guide [UG630]
Color LaserJet Enterprise MFP M680 - User Guide [UG680]
OfficeJet Enterprise Color MFP X585/X585 Flow - User Guide [UG585]
TOE Download Instructions [Download]
Common Criteria Evaluated Configuration Guide for HP Multifunction Printers
[CCcfg]
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 14 (20)
7 IT Product Testing
7.1 Developer Testing
The developer performed testing of the security functionality, as described by the se-
curity functional requirements in the Security Target, covering both IP v.4 and IP v.6,
for all three hardcopy devices (M630, M680, and X585). The developer testing was
performed in the developer's premises in Boise, Idaho, USA.
7.2 Evaluator Testing
The evaluators focused on two of the hardcopy devices (M630 and M680), which
were tested in the developer's premises in Boise, Idaho, USA.
The evaluators used the developer's test setup and verified a sample of the developer's
test cases, covering all interfaces and security functions.
The evaluators also devised and performed additional test cases to provide full cover-
age of the security functions and TSFI.
7.3 Evaluator Penetration Testing
The evaluators performed variations of the functional tests to search for vulnerabilities
in the TOE, and performed port scans of the network interface of the TOE, covering
TCP and UDP ports both for IP v.4 and IP v.6. Testing variations was performed on
the hardcopy devices M630 and M680, and port scans on M680, in Boise, Idaho,
USA.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 15 (20)
8 Evaluated Configuration
The TOE shall run on either the M630, M680, or the X585 hardcopy device, and shall
be configured in accordance with the CC Configuration Guide [CCcfg].
The following requirements applies to the evaluated configuration:
● HP Digital Sending Software (DSS) must be disabled
● HP High Performance Secure Hard Disk, if installed, must be configured with a
password to activate drive encryption
● Device Administrator Password must be set
● Only one Administrative Computer is used to manage the TOE
● HP and third party applications cannot be installed on the TOE
● All non-fax stored jobs must be assigned a Job PIN or encrypted with a password
● PC Fax Send must be disabled
● Type A and B USB ports must be disabled
● Remote Firmware Upgrade through any means other than EWS must be disabled
● Jetdirect Inside management via telnet and FTP must be disabled
● Jetdirect XML Services must be disabled
● File System External Access must be disabled
● IPsec authentication using X.509v3 certificates must be enabled (IPsec
authentication using Kerberos or Pre-Shared Key is not supported)
● IPsec Authenticated Headers (AH) must be disabled
● IPsec IKE Main Mode for key exchange must be used
● Full Authentication must be enabled (this disables the Guest account)
● SNMP support limited to:
❍ SNMPv1 read-only
❍ SNMPv2c read-only
❍ SNMPv3
● The Service PIN, used by a customer support engineer to access functions available
to HP support personnel, must be disabled
● Near Field Communication (NFC) must be disabled
● Wireless Direct Print must be disabled
● PJL device access commands must be disabled
● When using Windows Sign In, the Windows domain must reject Microsoft NT LAN
Manager (NTLM) connections
● The "Save to HTTP" function is disallowed and must not be configured to function
with an HTTP server
● Display Names for the Local Device Sign In method users and user names for the
LDAP and Windows Sign In method users must only contain the characters defined
in P.USERNAME.CHARACTER_SET in the ST.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 16 (20)
9 Results of the Evaluation
The evaluators applied each work unit of the Common Methodology [CEM] within
the scope of the evaluation, and concluded that the TOE meets the security objectives
stated in the Security Target [ST] for an attack potential of Basic.
The certifier reviewed the work of the evaluator and determined that the evaluation
was conducted in accordance with the Common Criteria [CC].
The evaluators overall verdict is PASS.
The verdicts for the respective assurance classes and components are summarised in
the following table:
Assurance Class/Family Short name Verdict
Development ADV PASS
Security Architecture ADV_ARC.1 PASS
Functional Specification ADV_FSP.2 PASS
TOE Design ADV_TDS.1 PASS
Guidance Documents AGD PASS
Operational User Guidance AGD_OPE.1 PASS
Preparative Procedures AGD_PRE.1 PASS
Life-cycle Support ALC PASS
CM Capabilities ALC_CMC.2 PASS
CM Scope ALC_CMS.2 PASS
Delivery ALC_DEL.1 PASS
Flaw Remediation ALC_FLR.2 PASS
Security Target Evaluation ASE PASS
ST Introduction ASE_INT.1 PASS
Conformance Claims ASE_CCL.1 PASS
Security Problem Definition ASE_SPD.1 PASS
Security Objectives ASE_OBJ.2 PASS
Extended Components Definition ASE_ECD.1 PASS
Security Requirements ASE_REQ.2 PASS
TOE Summary Specification ASE_TSS.1 PASS
Tests ATE PASS
Coverage ATE_COV.1 PASS
Functional Tests ATE_FUN.1 PASS
Independent Testing ATE_IND.2 PASS
Vulnerability Assessment AVA PASS
Vulnerability Analysis AVA_VAN.2 PASS
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 17 (20)
10 Evaluator Comments and Recommendations
The evaluators do not have any comments or recommendations concerning the prod-
uct or using the product.
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 18 (20)
11 Glossary
AES Advanced Encryption Standard
AH Authentication Header (IPsec)
CBC Cipher Block Chaining
CIFS Common Internet File System
CRV Constrained Random Verification
CTS Cipher Text Stealing
DNS Domain Name System
ESP Encapsulating Security Payload (IPsec)
EWS Embedded Web Server
FTP File Transfer Protocol
HCD Hardcopy Device
HMAC Hashed Message Authentication Code
HP Hewlett-Packard
HTML Hypertext Markup Language
http Hypertext Transfer Protocol
IEEE Institute of Electrical and Electronics Engineers, Inc.
IKE Internet Key Exchange (IPsec)
IP Internet Protocol
IPsec Internet Protocol Security
ISAKMP Internet Security Association Key Management Protocol (IPsec)
LCD Liquid Crystal Display
LDAP Lightweight Directory Access Protocol
MAC Message Authentication Code
MFP Multifunction Product
NTP Network Time Protocol
OXP Open Extensibility Platform
OXPd OXP device layer
PIN Personal Identification Number
PJL Printer Job Language
PML Printer Management Language
PRF Pseudo-random Function
PSTN Public Switched Telephone Network
SFR Security Functional Requirement
SHA Secure Hash Algorithm
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SOAP Simple Object Access Protocol
TOE Target of Evaluation
USB Universal Serial Bus
WINS Windows Internet Name Service
XML Extensible Markup Language
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 19 (20)
12 Bibliography
ST Hewlett-Packard LaserJet Enterprise MFP M630 Series,
Color LaserJet Enterprise MFP M680 Series, and
OfficeJet Enterprise Color MFP X585 Series
Firmware with Jetdirect Inside Security Target,
Hewlett-Packard, 2014-10-15, document version 2.0
UG630 LaserJet Enterprise MFP M630 - User Guide, Hewlett-Packard,
2014-09, Edition 2
UG680 Color LaserJet Enterprise MFP M680 - User Guide, Hewlett-Packard,
2014-04, Edition 1
UG585 OfficeJet Enterprise Color MFP X585/X585 Flow - User Guide,
Hewlett-Packard, 2014-04, Edition 1
CCcfg Common Criteria Evaluated Configuration Guide for HP
Multifunction Printers, Hewlett-Packard, 2014-09, Edition 1
Download Common Criteria Certification for HP LaserJet Printers, Screen
snapshot, Hewlett-Packard, 2014-04-22
CCpart1 Common Criteria for Information Technology Security Evaluation,
Part 1, version 3.1 revision 4, CCMB-2012-09-001
CCpart2 Common Criteria for Information Technology Security Evaluation,
Part 2, version 3.1 revision 4, CCMB-2012-09-002
CCpart3 Common Criteria for Information Technology Security Evaluation,
Part 3, version 3.1 revision 4, CCMB-2012-09-003
CC CCpart1 + CCpart2 + CCpart3
CEM Common Methodology for Information Technology Security
Evaluation, version 3.1 revision 4, CCMB-2012-09-004
SP-002 SP-002 Evaluation and Certification, CSEC, 2014-11-06, document
version 21.0
SP-188 SP-188 Scheme Crypto Policy, CSEC, 2013-06-18, document
version 4.0
Swedish Certification Body for IT Security
Certification Report HP CAM
14FMV4209-24:1 1.0 2014-12-17
FMVID-297-738 20 (20)
Appendix A - QMS Consistency
During the certification project, the following versions of the quality management sys-
tem (QMS) have been applicable since the certification application was received
2014-04-14:
QMS 1.16.1 valid from 2014-02-27
QMS 1.16.2 valid from 2014-07-07
QMS 1.17 valid from 2014-12-02
QMS 1.17.1 valid from 2014-12-03
In order to ensure consistency in the outcome of the certification, the certifier has ex-
amined the changes introduced in each update of the quality management system.
The changes between consecutive versions are outlined in “Ändringslista QMS
1.17.1”.
The certifier concluded that, from QMS 1.16.1 to the current QMS 1.17.1, there are no
changes with impact on the result of the certification.