Ärendetyp: 6 Diarienummer: 19FMV6735-30:1
Dokument ID 2019024
Enligt säkerhetsskyddslagen (2018:585)
SEKRETESS
Enligt offentlighets- och
Sekretesslagen (2009:400)
2022-03-02
Försvarets materielverk
Swedish Defence Material Administration
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
Issue: 1.0, 2022-mar-02
Authorisation: Miriam Atmane, Lead Certifier , CSEC
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 2 (23)
Table of Contents
1 Executive Summary 3
2 Identification 5
3 Security Policy 6
3.1 Auditing 6
3.2 Cryptography 6
3.3 Identification and authentication 6
3.4 Data protection and access control 7
3.5 Protection of the TSF 7
3.6 TOE access protection 8
3.7 Trusted channel communication and certificate management 8
3.8 User and access management 8
4 Assumptions and Clarification of Scope 9
4.1 Usage Assumptions 9
4.2 Environmental Assumptions 9
4.3 Clarification of Scope 9
5 Architectural Information 11
6 Documentation 12
7 IT Product Testing 14
7.1 Developer Testing 14
7.2 Evaluator Testing 14
7.3 Penetration Testing 14
8 Evaluated Configuration 15
9 Results of the Evaluation 16
10 Evaluator Comments and Recommendations 18
11 Certifier Comments 19
12 Glossary 20
13 Bibliography 21
Appendix A Scheme Versions 23
A.1 Scheme/Quality Management System 23
A.2 Scheme Notes 23
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 3 (23)
1 Executive Summary
The Target of Evaluation (TOE) is HP FutureSmart 4.10 Firmware for the HP Color
LaserJet Enterprise M856, HP Color LaserJet Managed E85055, HP Color LaserJet
Managed E55040, and HP LaserJet Enterprise M610/M611/M612 printers with the
following elements:
 HP FutureSmart 4.10 Firmware
 Guidance documentation
The TOE is the contents of the firmware with the exception of the operating system
which is part of the Operational Environment. The following firmware modules are
included in the TOE:
 System firmware
 Jetdirect Inside firmware
The firmware and guidance documentation are packaged in a single ZIP file and avail-
able for download from the HP Inc. website. The firmware is packaged in this ZIP file
as a single firmware bundle. This firmware bundle contains the HP FutureSmart firm-
ware, which in turn contains the System firmware and Jetdirect Inside firmware.
In order to download the ZIP file, the customer needs to register with HP and sign into
a secure website (HTTPS) to access the download page. The customer can receive
sign-in credentials by sending an email to ccc-hp-enterprise-imaging-
printing@hp.com. On the download site, a SHA-256 checksum is provided along with
instructions on how to use it for verification of the integrity of the downloaded pack-
age.
The Security Target claims conformance to the following Protection Profiles and PP
packages, if any:
• [PP2600.1]: IEEE Std 2600.1-2009; "2600.1-PP, Protection Profile for Hardcopy
Devices, Operational Environment A". Version 1.0 as of June 2009; demonstrable
conformance.
• [PP2600.1-DSR]: SFR Package for Hardcopy Device Document Storage and Re-
trieval (DSR) Functions. Version 1.0 as of June 2009; demonstrable conformance.
• [PP2600.1-PRT]: SFR Package for Hardcopy Device Print Functions. Version 1.0 as
of June 2009; demonstrable conformance.
• [PP2600.1-SMI]: SFR Package for Hardcopy Device Shared-medium Interface
Functions. Version 1.0 as of June 2009; demonstrable conformance.
The evaluation has been performed by atsec information security AB in Danderyd,
Sweden. The evaluation was completed on 2022-02-24.
The evaluation was conducted in accordance with the requirements of Common Crite-
ria (CC), version. 3.1 release 5.
atsec information security AB is a licensed evaluation facility for Common Criteria
under the Swedish Common Criteria Evaluation and Certification Scheme. atsec in-
formation security AB is also accredited by the Swedish accreditation body according
to ISO/IEC 17025 for Common Criteria.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 4 (23)
The certifier monitored the activities of the evaluator by reviewing all successive ver-
sions of the evaluation reports. The certifier determined that the evaluation results
confirm the security claims in the Security Target (ST) and the Common Methodology
for evaluation assurance level EAL 3 augmented by ALC_FLR.2.
The technical information in this report is based on the Security Target (ST) and the
Final Evaluation Report (FER) produced by atsec information security AB.
The certification results only apply to the version of the product indicated in the cer-
tificate, and on the condition that all the stipulations in the Security Target are met.
This certificate is not an endorsement of the IT product by CSEC or any other organ-
isation that recognises or gives effect to this certificate, and no warranty of the IT
product by CSEC or any other organisation that recognises or gives effect to this
certificate is either expressed or implied.
As specified in the security target of this evaluation, the implementation of some
cryptographic primitives has been located in TOE environment, while the invocation
of those primitives has been included in the TOE. Therefore the invocation of those
primitives has been in the scope of this evaluation, while correctness of implementa-
tion of those primitives has been excluded from the TOE. Correctness of implemen-
tation is done through third party certification Cryptographic Algorithm Validation
Program (CAVP) certificate SHS #4474 referred to in table 49 in the Security Target.
Users of this product are advised to consider their acceptance of this third party af-
firmation regarding the correctness of implementation of the cryptographic primitive.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 5 (23)
2 Identification
Certification Identification
Certification ID CSEC2019024
Name and version of the
certified IT product
HP FutureSmart 4.10 Firmware for the HP Color
LaserJet Enterprise M856, HP Color LaserJet Man-
aged E85055, HP Color LaserJet Managed E55040,
and HP LaserJet Enterprise M610/M611/M612
printers
Security Target Identification HP Color LaserJet Enterprise M856, HP Color La-
serJet Managed E85055, HP Color LaserJet Man-
aged E55040, HP LaserJet Enterprise
M610/M611/M612 Security Target, HP Inc., 2021-
04-15, document version 1.2
EAL EAL 3 + ALC_FLR.2
Sponsor HP Inc.
Developer HP Inc.
ITSEF atsec information security AB
Common Criteria version 3.1 release 5
CEM version 3.1 release 5
QMS version 2.1
Scheme Notes Release 18.0
Recognition Scope CCRA, SOGIS, EA/MLA
Certification date 2022-03-02
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 6 (23)
3 Security Policy
The primary security features of the TOE are:
• Auditing
• Cryptography
• Identification and authentication
• Data protection and access control
• Protection of the TSF
• TOE access protection
• Trusted channel communication and certificate management
• User and access management
3.1 Auditing
The TOE performs auditing of security-relevant functions. The TOE connects and
sends audit records to a syslog server (part of the Operational Environment) for long-
term storage and audit review. Each audit record includes the date and time of the
event, type of event, subject identity (if applicable), and the outcome (success or fail-
ure) of the event.
3.2 Cryptography
The TOE uses IPsec to protect its communications channels. The QuickSec crypto-
graphic library is used to supply the cryptographic algorithms for IPsec. The TOE
supports the decrypting of an encrypted stored print job. To decrypt an encrypted
stored print job, the TOE derives a key from a Job Encryption Password and unlocks
the decryption key using the derived key. The TOE then decrypts the encrypted stored
print job using the decryption key. The TOE's on-demand Data Integrity Test and
Code Integrity Test use the SHA-256 algorithm to verify the integrity of TSF Data and
TOE executable code, respectively. The HP FutureSmart Windows Mobile Enhanced
Cryptographic Provider (RSAENH) 6.00.1937 implementation, which is part of the
operational environment, supplies the SHA-256 algorithm.
3.3 Identification and authentication
The TOE supports multiple Control Panel sign in methods, both local and remote
methods:
 Local sign in method:
 Local Device Sign In (Local Administrator account only)
 Remote sign in methods:
 LDAP Sign In
 Windows Sign In (via Kerberos)
The Control Panel allows both non-administrative users (U.NORMAL) and adminis-
trative users (U.ADMINISTRATOR) to sign in. The TOE also uses IPsec to identify
and mutually authenticate the following user types:
 Administrative Computer (U.ADMINISTRATOR)
 Network Client Computers (U.NORMAL)
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 7 (23)
3.4 Data protection and access control
 Permission Sets - For Control Panel users, the TOE uses a user's User Role (as de-
termined by each user's Permission Set) to determine a user's access to many TOE
functions. Only U.ADMINISTRATOR can query, create, modify, and delete Per-
mission Sets. In addition, only U.ADMINISTRATOR can query, create, modify,
and delete the Permission Set associations to users.
 Job PINs - Users can control access to each stored print that they place under the
TOE's control by assigning a Job PIN to each job. A Job PIN limits access to a
stored print while the job resides under the TOE's control and allows a user to con-
trol when the job is printed so that physical access to the hard copies can be con-
trolled by the user. A Job PIN must be 4 digits.
 Job Encryption Passwords - The TOE can store, and decrypt encrypted stored
print jobs received from a client computer. To decrypt the encrypted stored print
job at the Control Panel, a user must enter the correct Job Encryption Password
that was used to derive the key to protect the job.
 Common access control - The TOE protects each print job in Job Storage from
non-administrative users through the use of a user identifier and a Job PIN or
through the use of a Job Encryption Password. Every print job in Job Storage is
assigned either a Job PIN or a Job Encryption Password by the user at job creation
time. If the TOE receives a print job from a client computer without either a Job
PIN or a Job Encryption Password, the TOE cancels the job.
 TOE function access control - The TOE controls access to TOE functions availa-
ble at the Control Panel using permissions defined in Permission Sets. During the
Control Panel sign-in process, the TOE authorizes the user after they are success-
fully identified and authenticated. As part of the user authorization process, the
TOE associates Permission Sets to the user and then applies a Permission Set
(which is the combination of the Permission Sets associated to the user). The ap-
plied Permission Set (a.k.a. session Permission Set) becomes the user's User Role.
Control Panel applications (e.g., Print from Job Storage) use the user's session
Permission Set to determine which of the application's functions should be al-
lowed or disallowed for the user.
For IPsec users, the TOE uses the IPsec/Firewall to control access to the supported
network service protocols. The IPsec/Firewall contains the IP addresses of author-
ized client computers grouped into address templates and the network service pro-
tocols grouped into service templates. The administrator maps an address template
to a service template using an IPsec/Firewall rule. Service templates, therefore, act
as the User Roles for IPsec users. IP addresses of computers not contained in a
rule are denied access to the TOE.
 Residual information protection - When the TOE deletes an object, the contents of
the object are no longer available to TOE users. This prevents TOE users from at-
tempting to recover deleted objects of other users via the TOE interfaces.
3.5 Protection of the TSF
 Restricted forwarding of data to external interfaces - The TOE does not allow
forwarding of data to an External Interface. The TOE contains only one External
Interface in the evaluated configuration and that interface is the Shared-medium
Interface.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 8 (23)
 TSF self-testing - The EWS interface allows an administrator
(U.ADMINISTRATOR) to execute a set of TSF functional tests (including system
clock verification, LDAP settings verification, and Windows settings verification),
TSF data integrity tests, and TSF code integrity tests.
 Reliable timestamps - The TOE contains a system clock that is used to generate
reliable timestamps. In the evaluated configuration, the administrator must config-
ure the TOE to synchronize its system clock with a Network Time Protocol (NTP)
server.
3.6 TOE access protection
 Restricted forwarding of data to external interfaces - The TOE does not allow
forwarding of data to an External Interface. The TOE contains only one External
Interface in the evaluated configuration and that interface is the Shared-medium
Interface.
 TSF self-testing - The EWS interface allows an administrator
(U.ADMINISTRATOR) to execute a set of TSF functional tests (including system
clock verification, LDAP settings verification, and Windows settings verification),
TSF data integrity tests, and TSF code integrity tests.
 Reliable timestamps - The TOE contains a system clock that is used to generate
reliable timestamps. In the evaluated configuration, the administrator must config-
ure the TOE to synchronize its system clock with a Network Time Protocol (NTP)
server.
3.7 Trusted channel communication and certificate man-
agement
Shared-medium communications (i.e., Ethernet) between the TOE and other trusted IT
products use a trusted channel mechanism to protect the communications from disclo-
sure and modification. The TOE also ensures the cryptographic operations are validat-
ed during policy processing such as validating digital signatures or encrypting and de-
crypting data. IPsec with X.509v3 certificates is used to provide the trusted communi-
cation channels. The EWS (HTTP) allows administrators to manage X.509v3 certifi-
cates used by IPsec.
3.8 User and access management
The TOE supports the following roles:
 Administrators (U.ADMINISTRATOR)
 Users (U.NORMAL)
Administrators maintain and configure the TOE and Operational Environment. Users
perform the standard print and document storage and retrieval functions on the system.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 9 (23)
4 Assumptions and Clarification of Scope
4.1 Usage Assumptions
The Security Target [ST] makes three assumptions on the usage of the TOE.
A.USER.TRAINING
TOE Users are aware of the security policies and procedures of their organization, and
are trained and competent to follow those policies and procedures.
A.ADMIN.TRAINING
Administrators are aware of the security policies and procedures of their organization,
are trained and competent to follow the manufacturer's guidance and documentation,
and correctly configure and operate the TOE in accordance with those policies and
procedures. The organization security policies and procedures include security aware-
ness training covering topics such as how to identify and avoid clicking on malicious
links.
A.ADMIN.TRUST
Administrators do not use their privileged access rights for malicious purposes.
4.2 Environmental Assumptions
The Security Target [ST] makes five assumptions on the operational environment of
the TOE.
A.ACCESS.MANAGED
The TOE is located in a restricted or monitored environment that provides protection
from unmanaged access to the physical components and data interfaces of the TOE.
A.ADMIN.PC.SECURE
The administrative computer is in a physically secured and managed environment and
only the authorized administrator has access to it.
A.USER.PC.POLICY
User computers are configured and used in conformance with the organization's secu-
rity policies.
A.SERVICES.RELIABLE
When the TOE uses any of the network services DNS, Kerberos, LDAP, NTP, SMTP,
syslog, SMB, and/or WINS, these services provide reliable information and responses
to the TOE.
A.EMAILS.PROTECTED
For emails received by the SMTP gateway from the TOE, the transmission of emails
between the SMTP gateway and the email’s destination is protected.
4.3 Clarification of Scope
The Security Target contains six threats, which have been considered during the eval-
uation.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 10 (23)
T.DOC.DIS
User Document Data may be disclosed to unauthorized persons.
T.DOC.ALT
User Document Data may be altered by unauthorized persons.
T.FUNC.ALT
User Function Data may be altered by unauthorized persons.
T.PROT.ALT
TSF Protected Data may be altered by unauthorized persons.
T.CONF.DIS
TSF Confidential Data may be disclosed to unauthorized persons.
T.CONF.ALT
TSF Confidential Data may be altered by unauthorized persons.
The Security Target contains seven Organisational Security Policies (OSPs), which
have been considered during the evaluation.
P.USER.AUTHORIZATION
To preserve operational accountability and security, Users will be authorized to use
the TOE only as permitted by the TOE Owner.
P.SOFTWARE.VERIFICATION
To detect corruption of the executable code in the TSF, procedures will exist to self-
verify executable code in the TSF.
P.AUDIT.LOGGING
To preserve operational accountability and security, records that provide an audit trail
of TOE use and security-relevant events will be created, maintained, and protected
from unauthorized disclosure or alteration, and will be reviewed by authorized per-
sonnel.
P.INTERFACE.MANAGEMENT
To preserve operational accountability and security, records that provide an audit trail
of TOE use and security-relevant events will be created, maintained, and protected
from unauthorized disclosure or alteration, and will be reviewed by authorized per-
sonnel.
P.ADMIN.PASSWORD
To restrict access to administrative tasks, the Device Administrator Password will be
set in the evaluated configuration so that it is required to perform security-relevant ac-
tions through the EWS (HTTP), REST Web Services (HTTP), and at the Control Pan-
el.
P.USERNAME.CHARACTER_SET
To prevent ambiguous user names in the TOE's audit trail, the user names of the
LDAP and Windows Sign In users must only contain ASCII printable characters ex-
cept for the double quote (22 hex) and single quote (27 hex) characters (i.e., allowed
ASCII characters in hexadecimal: 20, 21, 23 - 26, 28 - 7E).
P.REMOTE_PANEL.DISALLOWED
To preserve operational accountability and security, administrators must not use the
Remote Control-Panel feature.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 11 (23)
5 Architectural Information
The TOE is the firmware of an SFP designed to be shared by many client computers
and human users. It can be connected to a wired local network through the embedded
Jetdirect Inside print server's built-in Ethernet or to a USB device using its USB port
(but the use of which must be disabled in the evaluated configuration).
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 12 (23)
6 Documentation
[CCECG] Common Criteria Evaluated Configuration Guide for HP
Single-function Printers
HP Color LaserJet Enterprise M856,
HP Color LaserJet Managed E85055,
HP Color LaserJet Managed E55040dn,
HP LaserJet Enterprise M610/M611/M612
Edition 1, 4/2021
[M856-UG] HP Color LaserJet Enterprise M856
User Guide
Edition 1, 10/2019
[M856-IG] HP Color LaserJet Enterprise M856
M856dn
M856x
Installation Guide
2019
[E85055-UG] HP Color LaserJet Managed E85055
User Guide
Edition 1, 10/2019
[E85055-IG] HP Color LaserJet Managed E85055
E85055dn
Installation Guide
2019
[E55040-UG] HP Color LaserJet Managed E55040dn
User Guide
Edition 1, 10/2019
[E55040-IG] HP Color LaserJet Managed E55040dn
E55040dn
Installation Guide
2019
[M610_1_2-UG] HP LaserJet Enterprise M610
HP LaserJet Enterprise M611
HP LaserJet Enterprise M612
User Guide
Edition 1, 05/2020
[M610_1_2-IG] HP LaserJet Enterprise M610
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 13 (23)
HP LaserJet Enterprise M611
HP LaserJet Enterprise M612
M610, M611, M612
Installation Guide
2020
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 14 (23)
7 IT Product Testing
7.1 Developer Testing
Testing was performed by the developer at the HP site in Boise, Idaho, USA. The
evaluator notes that the testing is performed both automatically and manually. All tests
were passed successfully. The approach for testing was to provide at least one test
case for each Security Functional Requirement mapped to the TOE security function-
ality. The developer reported that all tests were completed successfully.
7.2 Evaluator Testing
The evaluator therefore re-executed 55 developer automated tests, 4 developer manual
tests and 3 developer IPsec tests. The sample was chosen to cover all TSFIs and sub-
systems classified as SFR-enforcing and supporting. All tests performed by the eval-
uator were completed successfully.
7.3 Penetration Testing
Penetration testing was performed against the TOE interfaces that are accessible to a
potential attacker. I.e., the IPv4 and IPv6 TCP and UDP ports of the TOE. The evalua-
tor examined all potential interfaces (UDP and TCP ports), i.e., all IPv4 and IPv6 UDP
and TCP ports. The results of the port scan indicate that no attack surface is present.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 15 (23)
8 Evaluated Configuration
The following items need to be adhered to in the evaluated configuration:
 Only one Administrative Computer is used to manage the TOE.
 Third-party solutions must not be installed on the TOE.
 Licenses must not be installed to enable features beyond what is supported in the
evaluated configuration.
 Remote Control-Panel use is disallowed per
P.REMOTE_PANEL.DISALLOWED.
 OAUTH2 use is disallowed.
 SNMP over HTTP use is disallowed.
 The Service PIN, used by a customer support engineer to access functions availa-
ble to HP support personnel, must be disabled.
 All stored jobs must be assigned a Job PIN or Job Encryption Password.
 Device USB and Host USB plug and play must be disabled.
 Control Panel Mandatory Sign-In must be enabled (this disables the Guest role).
 When using Windows Sign In, the Windows domain must reject Microsoft NT
LAN Manager (NTLM) connections.
 User names for the LDAP and Windows Sign In users must only contain the char-
acters defined in P.USERNAME.CHARACTER_SET.
 Local Device Sign In accounts must not be created (i.e., only the built-in Device
Administrator account is allowed as a Local Device Sign In account).
 Device Administrator Password must be set as per P.ADMIN.PASSWORD.
 Remote Configuration Password must not be configured.
 PJL device access commands must be disabled.
 Firmware upgrades sent as print jobs through P9100 interface must be disabled.
 PJL drive access and PS drive access must be disabled.
 Wireless functionality must be disabled: o Near Field Communication (NFC) must
be disabled.
 Bluetooth Low Energy (BLE) must be disabled.
 Wireless Direct Print must be disabled.
 Wireless station must be disabled.
 Jetdirect Inside management via telnet and FTP must be disabled.
 Jetdirect XML Services must be disabled.
 SNMP must be disabled.
 IPsec authentication using X.509v3 certificates must be enabled (IPsec authentica-
tion using Kerberos or Pre-Shared Key is not supported).
 IPsec Authentication Headers (AH) must be disabled.
 Access must be blocked to the following Web Services (WS) using the Jetdirect
Inside’s IPsec/Firewall:
 Open Extensibility Platform device (OXPd) Web Services
 WS* Web Services
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 16 (23)
9 Results of the Evaluation
The evaluators applied each work unit of the Common Methodology [CEM] within
the scope of the evaluation, and concluded that the TOE meets the security objectives
stated in the Security Target [ST] for an attack potential of Basic.
The certifier reviewed the work of the evaluators and determined that the evaluation
was conducted in accordance with the Common Criteria [CC].
The evaluators' overall verdict is PASS.
The verdicts for the assurance classes and components are summarised in the follow-
ing table:
Assurance Class Name / Assurance Family Name Short name (includ-
ing component iden-
tifier for assurance
families)
Verdict
Development ADV PASS
Security Architecture ADV_ARC.1 PASS
Functional specification ADV_FSP.3 PASS
TOE design ADV_TDS.2 PASS
Guidance documents AGD PASS
Operational user guidance AGD_OPE.1 PASS
Preparative procedures AGD_PRE.1 PASS
Life-cycle support ALC PASS
CM capabilities ALC_CMC.3 PASS
CM scope ALC_CMS.3 PASS
Delivery ALC_DEL.1 PASS
Development security ALC_DSV.1 PASS
Flaw remediation ALC_FLR.2 PASS
Life-cycle definition ALC_LCD.1 PASS
Security Target evaluation ASE PASS
ST introduction ASE_INT.1 PASS
Conformance claims ASE_CCL.1 PASS
Security problem definition ASE_SPD.1 PASS
Security objectives ASE_OBJ.2 PASS
Extended components definition ASE_ECD.1 PASS
Security requirements ASE_REQ.2 PASS
TOE summary specification ASE_TSS.1 PASS
Tests ATE PASS
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 17 (23)
Coverage ATE_COV.2 PASS
Depth ATE_DPT.1 PASS
Functional tests ATE_FUN.1 PASS
Independent testing ATE_IND.2 PASS
Vulnerability assessment AVA PASS
Vulnerability analysis AVA_VAN.2 PASS
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 18 (23)
10 Evaluator Comments and Recommendations
The additional recommendation is applicable for
• HP MNA 2600PP (CSEC2019024) – TOE: HP FutureSmart 4.10 Firmware for the
HP Color LaserJet Enterprise M856, HP Color LaserJet Managed E85055, HP Color
LaserJet Managed E55040, and HP LaserJet Enterprise M610/M611/M612 printers
The evaluators identified a residual vulnerability in the TOE mentioned above. The
vendor HP Inc. has released a fix in an updated firmware version, see
https://support.hp.com/us-en/document/ish_5000383-5000409-16, which mitigates the
vulnerability.
The evaluation was performed using the Evaluation Assurance Level (EAL) 3, aug-
mented by ALC_FLR.2. This means that the evaluators also evaluated the flaw reme-
diation process to verify that the developer has established flaw remediation proce-
dures that describe the tracking of security flaws, the identification of corrective ac-
tions, and the distribution of corrective action information to TOE users. Additionally,
it also includes whether the developer's procedures provide for the corrections of secu-
rity flaws, for the receipt of flaw reports from TOE users, and for assurance that the
corrections introduce no new security flaws.
The evaluator notes that the security patch was not included in the evaluation. It is
therefore the responsibility of the individual organization to determine their potential
risks and benefits associated with installing newer product versions or additional
firmware/software/hardware that was not subject to this evaluation, and by doing so to
deviate from the evaluated configuration that has been certified. However, the TOE
users are recommended to update their printer firmware to prevent potential exploita-
tion of this vulnerability.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 19 (23)
11 Certifier Comments
The certifier is aware of the occurrence of a residual vulnerability in the TOE. The
certification is conducted at EAL3 augmented with ALC_FLR.2 indicating that the
developer's intention is to maintain and update the TOE in order to keep it relevant
over time. The certifier notes that the vendor HP Inc. has released a fix in an updated
firmware version, see https://support.hp.com/usen/document/ish_5000383-5000409-
16, which mitigates the residual vulnerability.
As the threat landscape is shifting at a high pace, the current security level of printers
can swiftly change, as new potential vulnerabilities that could affect the TOE or its
underlying platform are regularly discovered. The certifier notes that while updating
the application or its environment will put it outside of the evaluated configuration, for
many scenarios a reasonable policy would be to keep products up to date with the lat-
est version of the firmware/software. However, the benefit of installing firm-
ware/software updates must be balanced with the potential risks that such changes
might have unexpected effect on the behavior of the evaluated security functionality.
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 20 (23)
12 Glossary
AH Authentication Header (IPsec)
ASCII American Standard Code for Information Interchange
CA Certificate Authority
CEM Common Methodology for Information Technology Securi-
ty, document describing the methodology used in Common
Criteria evaluations
DNS Domain Name System
EWS Embedded Web Server
HCD Hardcopy Device
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
IEEE Institute of Electrical and Electronics Engineers, Inc.
IP Internet Protocol
IPsec Internet Protocol Security
ITSEF IT Security Evaluation Facility, test laboratory licensed to
operate within a evaluation and certification scheme
LCD Liquid Crystal Display
LDAP Lightweight Directory Access Protocol
OXP Open Extensibility Platform
OXPd OXP device layer
PIN Personal Identification Number
PJL Printer Job Language
SFR Security Functional Requirement
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
ST Security Target, document containing security requirements
and specifications , used as the basis of a TOE evaluation
TOE Target of Evaluation
USB Universal Serial Bus
XML Extensible Markup Language
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 21 (23)
13 Bibliography
ST HP Color LaserJet Enterprise M856, HP Color LaserJet
Managed E85055, HP Color LaserJet Managed E55040, HP
LaserJet Enterprise M610/M611/M612 Security Target,
document version 1.2
CCECG Common Criteria Evaluated Configuration Guide for HP
Single-function Printers
HP Color LaserJet Enterprise M856,
HP Color LaserJet Managed E85055,
HP Color LaserJet Managed E55040dn,
HP LaserJet Enterprise M610/M611/M612
Edition 1, 4/2021
M856-UG HP Color LaserJet Enterprise M856
User Guide
Edition 1, 10/2019
M856-IG HP Color LaserJet Enterprise M856
M856dn
M856x
Installation Guide
2019
E85055-UG HP Color LaserJet Managed E85055
User Guide
Edition 1, 10/2019
E85055-IG HP Color LaserJet Managed E85055
E85055dn
Installation Guide
2019
E55040-UG HP Color LaserJet Managed E55040dn
User Guide
Edition 1, 10/2019
E55040-IG HP Color LaserJet Managed E55040dn
E55040dn
Installation Guide
2019
M610_1_2-UG HP LaserJet Enterprise M610
HP LaserJet Enterprise M611
HP LaserJet Enterprise M612
User Guide
Edition 1, 05/2020
M610_1_2-IG HP LaserJet Enterprise M610
HP LaserJet Enterprise M611
HP LaserJet Enterprise M612
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 22 (23)
M610, M611, M612
Installation Guide
2020
PP2600A 2600.1-PP, Protection Profile for Hardcopy Devices, Opera-
tional Environment A, IEEE Computer Society, 12 June
2009, version 1.0
CCpart1 Common Criteria for Information Technology Security
Evaluation, Part 1, version 3.1 revision 5, CCMB-2017-04-
001
CCpart2 Common Criteria for Information Technology Security
Evaluation, Part 2, version 3.1 revision 5, CCMB-2017-04-
002
CCpart3 Common Criteria for Information Technology Security
Evaluation, Part 3, version 3.1 revision 5, CCMB-2017-04-
003
CEM Common Methodology for Information Technology Securi-
ty Evaluation, version 3.1 revision 5, CCMB-2017-04-004
EP-002 EP-002 Evaluation and Certification, CSEC, 2021-10-26,
document version 33.0
EP-188 EP-188 Scheme Crypto Policy, CSEC, 2021-10-26 docu-
ment version 12.0
Swedish Certification Body for IT Security
Certification Report - HP MNA 2600PP
19FMV6735-30:1 1.0 2022-03-02
2019024 23 (23)
Appendix A Scheme Versions
During the certification the following versions of the Swedish Common Criteria Eval-
uation and Certification scheme have been used.
A.1 Scheme/Quality Management System
Version Introduced Impact of changes
2.1 2022-01-18 None.
2.0 2021-11-24 None.
1.25 2021-06-17 None.
1.24.1 2020-12-03 None.
1.24 2020-11-19 None.
1.23.2 2020-05-11 None.
1.23.1 2020-03-06 None.
1.23 Application Original version
A.2 Scheme Notes
Scheme
Note
Version Title Applicability
SN-15 5.0 Testing Clarify demonstration of test cover-
age at EAL2.
SN-18 3.0 Highlighted
requirements on
the Security
Target
Clarifications on the content of the
ST.
SN-22 3.0 Vulnerability
Assessment
Vulnerability assessment needs to
be redone if 30 days or more has
passed between AVA and the final
version of the final evaluation re-
port.
SN-28 1.0 Updated Proce-
dures for appli-
cation, evalua-
tion, and certifi-
cation
Evaluator reports should be re-
ceived in two batches.