Ärendetyp: 6 Diarienummer: 21FMV6805-26
Dokument ID CSEC2021011
Enligt säkerhetsskyddslagen (2018:585)
SEKRETESS
Enligt offentlighets- och
Sekretesslagen (2009:400)
2023-09-14
Försvarets materielverk
Swedish Defence Material Administration
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
Issue: 1.0, 2023-sep-14
Authorisation: Jerry Johansson, Lead certifier , CSEC
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 2 (16)
Table of Contents
1 Executive Summary 3
2 Identification 4
3 Security Policy 5
3.1 User Management 5
3.2 Data Access Control 5
3.3 SSD Encryption 5
3.4 Security Management 5
3.5 Network Protection 5
4 Assumptions and Clarification of Scope 6
4.1 Usage Assumptions 6
4.2 Clarification of Scope 6
5 Architectural Information 7
6 Documentation 8
7 IT Product Testing 9
7.1 Developer Testing 9
7.2 Evaluator Testing 9
7.3 Penetration Testing 9
8 Evaluated Configuration 10
9 Results of the Evaluation 11
10 Evaluator Comments and Recommendations 12
11 Glossary 13
12 Bibliography 14
Appendix A Scheme Versions 16
A.1 Scheme/Quality Management System 16
A.2 Scheme Notes 16
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 3 (16)
1 Executive Summary
The TOE is the hardware and the firmware of the following Single-function Printer
(SFP) models with SSD:
Kyocera TASKalfa PA4500ci,
Copystar CS PA4500ci,
TA Triumph-Adler P458ci,
UTAX P458ci.
with system firmware
2Z2_S0IS.C03.002
In the evaluated configuration, the solid state drive HD-18 (SSD) is installed and is in-
cluded in the scope of the TOE.
The TOE provides printing, and boxing (storage).
Delivery is done by means of a courier trusted by KYOCERA Document Solutions
Inc. with pre-installed firmware and guidance documentation. The SSD is delivered
separately.
No PP is claimed.
The evaluation has been performed by Combitech AB in their premises in Bromma,
Sweden. The evaluation was completed on the 25th of August 2023.
The evaluation was conducted in accordance with the requirements of Common
Criteria (CC), version 3.1 revision 5, and Common Evaluation Methodology (CEM),
version 3.1 revision 5.
Combitech AB is a licensed evaluation facility for Common Criteria under the
Swedish Common Criteria Evaluation and Certification Scheme. Combitech AB is
also accredited by the Swedish accreditation body according to ISO/IEC 17025 for
Common Criteria.
The certifier monitored the activities of the evaluator by reviewing all successive ver-
sions of the evaluation reports. The certifier determined that the evaluation results
confirm the security claims in the Security Target (ST) and the Common Methodology
for evaluation assurance level EAL 2 augmented by ALC_FLR.2.
The technical information in this report is based on the Security Target (ST) and the
Final Evaluation Report (FER) produced by Combitech AB.
The certification results only apply to the version of the product indicated in the cer-
tificate, and on the condition that all the stipulations in the Security Target are met.
This certificate is not an endorsement of the IT product by CSEC or any other organ-
isation that recognises or gives effect to this certificate, and no warranty of the IT
product by CSEC or any other organisation that recognises or gives effect to this
certificate is either expressed or implied.
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 4 (16)
2 Identification
Certification Identification
Certification ID CSEC2021011
Name and version of the
certified IT product
KYOCERA TASKalfa PA4500ci,
Copystar CS PA4500ci,
TA Triumph-Adler P458ci,
UTAX P458ci.
All with SSD and with system firmware
2Z2_S0IS.C03.002
Security Target Identification TASKalfa PA4500ci Series with SSD Security
Target
EAL EAL 2 + ALC_FLR.2
Sponsor Kyocera Document Solutions Inc.
Developer Kyocera Document Solutions Inc.
ITSEF Combitech AB
Common Criteria version 3.1 release 5
CEM version 3.1 release 5
QMS version 2.4
Scheme Notes Release 20.0
Recognition Scope CCRA, SOGIS, EA/MLA
Certification date 2023-09-14
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 5 (16)
3 Security Policy
The TOE provides the following security services:
- User Management
- Data Access Control
- SSD Encryption
- Security Management
- Network Protection
3.1 User Management
A function that identifies and authenticates users so that only authorized users can use
the TOE. When using the TOE from the Operation Panel and Client PCs, a user will
be required to enter his/her login user name and login user password for identification
and authentication. For Normal User, use external authentication using an external us-
er authentication server to perform identity authentication. For Device Administrator,
use external or internal authentication to perform identity authentication. Also internal
authentication includes a User Account Lockout Function, which prohibits the users
access for a certain period of time if the number of identification and authentication at-
tempts consecutively result in failure and a function, which automatically logouts in
case no operation has been done for a certain period of time.
3.2 Data Access Control
A function that restricts access so that only authorized users can access to Box docu-
ment data stored in the TOE.
3.3 SSD Encryption
A function that encrypts information assets stored in the SSD in order to prevent leak-
age of data stored in the SSD inside the TOE.
3.4 Security Management
A function that sets security functions of the TOE. This function can be used only by
authorized users. This function can be utilized from an Operation Panel and a Client
PC. Operations from a Client PC use a web browser.
3.5 Network Protection
A function that protects communication paths to prevent leaking and altering of data
by eavesdropping of data in transition over the internal network connected to TOE.
This function verifies the propriety of the destination to connect to and protects target-
ed information assets by encryption, when using a Print Function, a BOX Function
from a Client PC (web browser), or a Security Management Function from a Client
PC (web browser). However, usage of a Print Function directly connected to a Printer
is exception.
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 6 (16)
4 Assumptions and Clarification of Scope
4.1 Usage Assumptions
The Security Target [ST] makes four assumptions on the usage and on the operational
environment of the TOE.
A.ACCESS
The hardware and software that the TOE is composed of are located in a protected en-
vironment from security invasion such as illegal analysis and alteration.
A.NETWORK
The TOE is connected to the internal network that is protected from illegal access
from the external network.
A.USER_EDUCATION
The TOE users are aware of the security policies and procedures of their organization,
and are educated to follow those policies and procedures.
A.DADMIN_TRUST
The TOE's administrators are competent to manage devices properly as a device ad-
ministrator and have a reliability not to use their privileged access rights for malicious
purposes.
4.2 Clarification of Scope
The Security Target contains three threats, which have been considered during the
evaluation.
T.SETTING_DATA
Malicious person may have unauthorized access to, to change, or to leak TOE setting
data via the operation panel or client PCs.
T.IMAGE_DATA
Malicious person may illegally access not authorized box document data via the op-
eration panel or Client PC and leak or alter them.
T.NETWORK
Malicious person may illegally eavesdrop or alter document data or TOE setting data
on the internal network.
The Security Target contains one Organisational Security Policy (OSP), which have
been considered during the evaluation.
P.SSD_ENCRYPTION
TOE must encrypt document data and TOE setting data stored on SSD.
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 7 (16)
5 Architectural Information
Figure 1. Physical configuration of the TOE
The TOE consists of an Operation Panel, a Printer Unit, a Control Board, a SSD
hardware, and a firmware.
The Operation Panel is the hardware that displays status and results upon receipt of
input
by the TOE user. The Printer Unit are the hardware that output as printed material.
A Control Board is the circuit board to control entire TOE. A system firmware is in-
stalled on a NAND, which is positioned on the Control Board. The Control Board has
a Network Interface (NIC) and a Local Interface (USB Port).
An ASIC that is also on the Control Board includes a Security Chip, which imple-
ments several security functions, such as arithmetic processing for the SSD encryption
function.
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 8 (16)
6 Documentation
For proper configuration of the TOE into the evaluated configuration, the following
guidance documents are available:
Notice (KYOCERA, Copystar)
Notice (TA Triumph-Adler/UTAX)
TASKalfa PA4500ci First Steps Quick Guide
TASKalfa PA4500ci Operation Guide
TASKalfa PA4500ci Safety Guide
Data Encryption/Overwrite Operation Guide
Command Center RX User Guide
ECOSYS MA4000cifx, ECOSYS MA3500cifx, ECOSYS MA4000cix, ECOSYS
MA3500cix, ECOSYS PA4500cx, ECOSYS PA4000cx, ECOSYS PA3500cx,
TASKalfa MA4500ci, TASKalfa MA3500ci, TASKalfa PA4500ci Printer Driver User
Guide
KYOCERA Net Direct Print User Guide
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 9 (16)
7 IT Product Testing
7.1 Developer Testing
The developer performed extensive testing with good coverage of the TSFI on the
TASKalfa PA4500ci, with system firmware 2Z2_S0IS.C03.002.
Each of the other models are functionally identical to this model.
The developer testing was performed in the developer's premises in Osaka, Japan.
All test results were as expected.
7.2 Evaluator Testing
The evaluators' testing was performed in the evaluator's premises in Bromma, Sweden,
between 2023-02-16 and 2023-03-31. The PA4500ci model with system firmware
2Z2_S0IS.C03.002 was used.
More than 50% of the developer tests were repeated. Some complementary tests were
run as well.
All test results were as expected.
7.3 Penetration Testing
The evaluator penetration testing was performed in the evaluator's premises in Brom-
ma, Sweden, between 2023-02-16 and 2023-03-31. The PA4500ci model with system
firmware 2Z2_S0IS.C03.002 was used.
NMAP was used to perform a series of port scans, NESSUS was used for a vulnerabil-
ity scan, Peach fuzzer was used for jpeg fuzzing, and TestSSLServer was used for ver-
ifying the selection of TLS cipher suites. The evaluators verified, by testing, that
CVE-2022-1026 is not exploitable for the TOE. Also, some negative tests were per-
formed as part of the independent testing.
No anomalies were encountered and all results were as expected.
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 10 (16)
8 Evaluated Configuration
In the operational environment of the TOE, the following non-TOE hardware and
software is expected:
- A client PC with a KX printer driver, and a Microsoft Edge web browser
- An autentication server IPSec with IKE1
In the evaluated configuration:
- a solid state disk drive (SSD) HD-18 shall be installed and is included in the scope
of the TOE
- maintenance interfaces shall not be available
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 11 (16)
9 Results of the Evaluation
The evaluators applied each work unit of the Common Methodology [CEM] within
the scope of the evaluation, and concluded that the TOE meets the security objectives
stated in the Security Target [ST] for an attack potential of Basic.
The certifier reviewed the work of the evaluators and determined that the evaluation
was conducted in accordance with the Common Criteria [CC].
The evaluators' overall verdict is PASS.
The verdicts for the assurance classes and components are summarised in the follow-
ing table:
Assurance Class Name / Assurance Family Name Short name (includ-
ing component iden-
tifier for assurance
families)
Verdict
Security Target Evaluation
ST Introduction
Conformance claims
Security Problem Definition
Security objectives
Extended components definition
Derived security requirements
TOE summary specification
ASE
ASE_INT.1
ASE_CCL.1
ASE_SPD.1
ASE_OBJ.2
ASE_ECD.1
ASE_REQ.2
ASE_TSS.1
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
Life-cycle support
Use of a CM system
Parts of the TOE CM Coverage
Delivery procedures
Flaw reporting procedures
ALC
ALC_CMC.2
ALC_CMS.2
ALC_DEL.1
ALC_FLR.2
PASS
PASS
PASS
PASS
PASS
Development
Security architecture description
Security-enforcing functional specification
Basic design
ADV
ADV_ARC.1
ADV_FSP.2
ADV_TDS.1
PASS
PASS
PASS
PASS
Guidance documents
Operational user guidance
Preparative procedures
AGD
AGD_OPE.1
AGD_PRE.1
PASS
PASS
PASS
Tests
Evidence of coverage
Functional testing
Independent testing - sample
ATE
ATE_COV.1
ATE_FUN.1
ATE_IND.2
PASS
PASS
PASS
PASS
Vulnerability Assessment
Vulnerability analysis
AVA
AVA_VAN.2
PASS
PASS
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 12 (16)
10 Evaluator Comments and Recommendations
None.
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 13 (16)
11 Glossary
CC Common Criteria
CEM Common Methodology for Information Technology Security,
document describing the methodology used in Common Criteria
evaluations
CR Change Request
CSEC The Swedish CC Certification Body
FER Final Evaluation Report
SAR Security Assurance Requirements
SER Single Evaluation Report
SFR Security Functional Requirements
ST Security Target, document containing security requirements and
specifications , used as the basis of a TOE evaluation
TOE Target of Evaluation
TSF TOE Security Functions
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 14 (16)
12 Bibliography
ST TASKalfa PA4500ci Series with SSD Security Target, Kyocera
Document Solutions Inc., 2023-04-17, document version 1.02,
21FMV6805-14
Notice1 Notice (KYOCERA, Copystar), Kyocera Document Solutions Inc.,
2023-04, document version 3V2Z55650001, 21FMV6805-14
Notice2 Notice (TA Triumph-Adler/UTAX), Kyocera Document Solutions
Inc., 2023-04, document version 3V2Z55651001, 21FMV6805-14
QG TASKalfa PA4500ci First Steps Quick Guide, Kyocera Document
Solutions Inc., 2022-02, document version 302Z25601001,
21FMV6805-14
OG TASKalfa PA4500ci Operation Guide, Kyocera Document Solutions
Inc., 2022-02, document version 2Z2KDEN000, 21FMV6805-14
SG TASKalfa PA4500ci Safety Guide, Kyocera Document Solutions Inc.,
2022-02, document version 3V2Z25621001, 21FMV6805-14
DEO Data Encryption/Overwrite Operation Guide, Kyocera Document
Solutions Inc., 2022-02, document version 3MS2Z2KDEN0,
21FMV6805-14
CCRX Command Center RX User Guide, Kyocera Document Solutions Inc.,
2022-02, document version CCRXKDEN25, 21FMV6805-14
PD ECOSYS MA4000cifx, ECOSYS MA3500cifx, ECOSYS
MA4000cix, ECOSYS MA3500cix, ECOSYS PA4500cx,
ECOSYS PA4000cx, ECOSYS PA3500cx, TASKalfa MA4500ci,
TASKalfa MA3500ci, TASKalfa PA4500ci Printer Driver User
Guide, Kyocera Document Solutions Inc., 2022-02,
document version 02Z7CLKTEN820.202, 21FMV6805-14
NDP KYOCERA Net Direct Print User Guide, Kyocera Document
Solutions Inc., 2019-02, document version DirectPrintKDEN2.2019.2,
21FMV6805-14
EP-002 002 Evaluation and Certification, CSEC. 2023-Jun-02,
document version 35.0
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 15 (16)
CC 3.1 Common Criteria for Information Technology Security Evaluation,
and Common Methodology for Information Technology Security
Evaluation, CCMB-2017-04-001 through 004, document version 3.1
revision 5
Swedish Certification Body for IT Security
Certification Report Kyocera PA4500
21FMV6805-26 1.0 2023-09-14
CSEC2021011 16 (16)
Appendix A Scheme Versions
During the certification the following versions of the Swedish Common Criteria Eval-
uation and Certification scheme have been used.
A.1 Scheme/Quality Management System
Version Introduced Impact of changes
2.4 2023-06-15 None
2.3.1 2023-04-20 None
2.3 2023-01-26 None
2.2 2022-06-27 None
2.1.1 2022-03-09 None
2.1 2022-01-18 None
2.0 2021-11-24 None
1.25 Application Original version
A.2 Scheme Notes
Scheme
Note
Version Title Applicability
SN-15 5.0 Testing Compliant
SN-18 3.0 ST Requirements Compliant
SN-22 4.0 Vulnerability Assessment Compliant
SN-27 1.0 Application Compliant
SN-28 1.0 Updated procedures Compliant