Ärendetyp: 6 Diarienummer: 21FMV4847-19:1
Dokument ID CSEC2021005
Enligt säkerhetsskyddslagen (2018:585)
SEKRETESS
Enligt offentlighets- och
Sekretesslagen (2009:400)
2022-02-16
Försvarets materielverk
Swedish Defence Material Administration
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
Issue: 1.0, 2022-Feb-16
Authorisation: Jerry Johansson, Lead Certifier , CSEC
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 2 (18)
Table of Contents
1 Executive Summary 3
2 Identification 4
3 Security Policy 5
3.1 User Management 5
3.2 Data Access Control 5
3.3 Job Authorization 5
3.4 HDD Encryption 5
3.5 Overwrite-Erase 6
3.6 Audit Log 6
3.7 Security Management 6
3.8 Trusted Operation 6
3.9 Network Protection 6
3.10 PSTN Fax-Network Separation 6
4 Assumptions and Clarification of Scope 7
4.1 Assumptions 7
4.2 Clarification of Scope 7
5 Architectural Information 9
6 Documentation 10
7 IT Product Testing 11
7.1 Evaluator Testing 11
7.2 Penetration Testing 11
8 Evaluated Configuration 12
9 Results of the Evaluation 13
10 Evaluator Comments and Recommendations 14
11 Glossary 15
12 Bibliography 16
Appendix A Scheme Versions 18
A.1 Scheme/Quality Management System 18
A.2 Scheme Notes 18
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 3 (18)
1 Executive Summary
The TOE is the hardware and the firmware of the following multifunction printer
(MFP) models with Hard Disk, FAX, and Data Security Kit:
Kyocera TASKalfa 7004i, 6004i, 5004i, 4004i, 7004iG, 6004iG, and 5004iG.
Copystar CS 7004i, CS 6004i, CS 5004i, and CS 4004i.
Triumph Adler/UTAX 7058i, 6058i, and 5058i
with the following firmware:
System firmware 2XF_S000.002.333
FAX firmware 3R2_5100.003.012
In the evaluated configuration, the optional hard disk, the optional fax board and the
optional data security kit are installed and included in the scope of the TOE.
The TOE provides copying, scanning, printing, faxing and boxing.
Delivery is done by means of a courier trused by KYOCERA Document Solutions Inc.
Installation and initial setup is done by a representative KYOCERA or an approved
reseller.
The ST claims exact conformance to the Protection Profile (PP):
The evaluation has been performed by Combitech AB, in their premises in Växjö,
Sweden, and was completed on the 2nd of February 2022.
The evaluation was conducted in accordance with the requirements of Common
Criteria (CC), version 3.1 revision 5, Common Evaluation Methodology (CEM), ver-
sion 3.1 revision 5, and the HCDPP v1.0e.
Combitech AB is a licensed evaluation facility for Common Criteria under the
Swedish Common Criteria Evaluation and Certification Scheme. Combitech AB is
also accredited by the Swedish accreditation body according to ISO/IEC 17025 for
Common Criteria.
The certifier monitored the activities of the evaluator by reviewing all successive ver-
sions of the evaluation reports. The certifier determined that the evaluation results
confirm the security claims in the Security Target (ST), the Common Methodology for
evaluation assurance level EAL 1 augmented by ASE_SPD.1, and the HCDPP v1.0e.
The technical information in this report is based on the Security Target (ST), and the
Final Evaluation Report (FER) produced by Combitech AB.
The certification results only apply to the version of the product indicated in the
certificate, and on the condition that all the stipulations in the Security Target are
met.
This certificate is not an endorsement of the IT product by CSEC or any other or-
ganisation that recognises or gives effect to this certificate, and no warranty of the
IT product by CSEC or any other organisation that recognises or gives effect to this
certificate is either expressed or implied.
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 4 (18)
2 Identification
Certification Identification
Certification ID CSEC2021005
Name and version of the cer-
tified IT product
Kyocera:
TASKalfa 7004i, 6004i, 5004i, 4004i,
7004iG, 6004iG, and 5004iG.
Copystar:
CS 7004i, CS 6004i, CS 5004i, and CS 4004i.
Triumph Adler/UTAX:
7058i, 6058i, and 5058i.
all with Hard Disk, FAX, and Data Security Kit.
System firmware 2XF_S000.002.333
FAX firmware 3R2_5100.003.012
Security Target Identification TASKalfa 7004i, TASKalfa 6004i, TASKalfa 5004i,
TASKalfa 4004i Series with Hard Disk, FAX Sys-
tem and Data Security Kit Security Target
EAL EAL 1 + ASE_SPD.1
PP claims Exact conformance to the Protection Profile for
Harcopy Devices (HCDPP) v1.0E
(i.e. v1.0 including Errata #1)
Sponsor Kyocera Document Solutions Inc.
Developer Kyocera Document Solutions Inc.
ITSEF Combitech AB
Common Criteria version 3.1 release 5
CEM version 3.1 release 5
QMS version 2.1
Scheme Notes Release 18.0
Recognition Scope CCRA, SOGIS, EA/MLA
Certification date 2022-02-16
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 5 (18)
3 Security Policy
The TOE provides the following security services:
- User Management
- Data Access Control
- Job Authorization
- HDD Encryption
- Overwrite-Erase
- Audit Log
- Security Management
- Trusted operation
- Network Protection
- PSTN Fax-Network Separation
3.1 User Management
A function that identifies and authenticates users so that only authorized users can use
the TOE. When using the TOE from the Operation Panel and Client PCs, a user will
be required to enter his/her login user name and login user password for identification
and authentication. The User Management Function includes a User Account Lockout
Function, which prohibits the users access for a certain period of time if the number of
identification and authentication attempts consecutively result in failure, a function,
which protects feedback on input of login user password when performing identifica-
tion and authentication and a function, which automatically logouts in case no opera-
tion has been done for a certain period of time.
3.2 Data Access Control
A function that restricts access to protected assets so that only authorized users can
access to the protected assets inside the TOE.
The following types of Access Control Functions are available.
- Access Control Function to control access to image data
- Access Control Function to control access to job data
3.3 Job Authorization
A function that restricts usage of the function so that only authorized persons can use
basic functions of the TOE .
The following types of Job Authorization are available.
- Copy Job (Copy Function)
- Print Job (Print Function)
- Send Job (Scan to Send Function)
- FAX Send Job (FAX Function)
- FAX Reception Job (FAX Function)
- Storing Job (Box Function)
3.4 HDD Encryption
A function that encrypts information assets stored in the HDD in order to prevent leak-
age of data stored in the HDD inside the TOE.
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 6 (18)
3.5 Overwrite-Erase
A function that does not only logically delete the management information of the im-
age data, but also entirely overwrites and erases the actual data area so that it disables
re-usage of the data where image data that was created on the HDD or the Flash
Memory during usage of the basic functions of the TOE.
3.6 Audit Log
A function that records, and sends to the Audit Log server, the audit logs of user oper-
ations and security-relevant events on the HDD. This function provides the audit trails
of TOE use and security-relevant events. Stored audit logs can only be accessed by a
device administrator.
3.7 Security Management
A function that sets security functions of the TOE. This function can be used only by
authorized users. This function can be utilized from an Operation Panel and a Client
PC. Operations from a Client PC use a web browser.
3.8 Trusted Operation
A function that verifies the authenticity of the firmware when updating the firmware
of TOE, and that verifies the integrity of TSF executable code and TSF data to detect
unauthorized alteration of the executable code of the TOE security functions.
3.9 Network Protection
A function that protects communication paths to prevent leaking and altering of data
by eavesdropping of data in transition over the internal network connected to TOE.
This function verifies the propriety of the destination to connect to and protects tar-
geted information assets by encryption, when using a Scan to Send Function, a Print
Function, a Box Function and a BOX Function from a Client PC (web browser), or a
Security Management Function from a Client PC (web browser).
3.10 PSTN Fax-Network Separation
The TOE ensures separation between the PSTN fax line and the Internal Network.
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 7 (18)
4 Assumptions and Clarification of Scope
4.1 Assumptions
The Security Target [ST] makes four assumptions on the usage and the operational
environment of the TOE.
A.PHYSICAL
Physical security, commensurate with the value of the TOE and the data it stores or
processes, is assumed to be provided by the environment.
A.NETWORK
The Operational Environment is assumed to protect the TOE from direct, public
access to its LAN interface.
A.TRUSTED_ADMIN
TOE Administrators are trusted to administer the TOE according to site security
policies.
A.TRAINED_USERS
Authorized Users are trained to use the TOE according to site security policies.
4.2 Clarification of Scope
The Security Target contains five threats, which have been considered during the
evaluation.
T.UNAUTHORIZED_ACCESS
An attacker may access (read, modify, or delete) User Document Data or change
(modify or delete) User Job Data in the TOE through one of the TOE’s interfaces.
T.TSF_COMPROMISE
An attacker may gain Unauthorized Access to TSF Data in the TOE through one of
the TOE’s interfaces.
T.TSF_FAILURE
A malfunction of the TSF may cause loss of security if the TOE is permitted to
operate.
T.UNAUTHORIZED_UPDATE
An attacker may cause the installation of unauthorized software on the TOE.
T.NET_COMPROMISE
An attacker may access data in transit or otherwise compromise the security of the
TOE by monitoring or manipulating network communication.
The Security Target contains eight Organisational Security Policies (OSPs), which
have been considered during the evaluation.
P.AUTHORIZATION
Users must be authorized before performing Document Processing and administrative
functions.
P.AUDIT
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 8 (18)
Security-relevant activities must be audited and the log of such actions must be pro-
tected and transmitted to an External IT Entity.
P.COMMS_PROTECTION
The TOE must be able to identify itself to other devices on the LAN.
P.STORAGE_ENCRYPTION
If the TOE stores User Document Data or Confidential TSF Data on Field-Replacea-
ble Nonvolatile Storage Devices, it will encrypt such data on those devices.
P.KEY_MATERIAL
Cleartext keys, submasks, random numbers, or any other values that contribute to the
creation of encryption keys for Field-Replaceable Nonvolatile Storage of User Docu-
ment Data or Confidential TSF Data must be protected from unauthorized access and
must not be stored on that storage device.
P.FAX_FLOW
If the TOE provides a PSTN fax function, it will ensure separation between the PSTN
fax line and the LAN.
P.IMAGE_OVERWRITE
Upon completion or cancellation of a Document Processing job, the TOE shall over-
write residual image data from its Field-Replaceable Nonvolatile Storage Devices.
P.PURGE_DATA
The TOE shall provide a function that an authorized administrator can invoke to make
all customer-supplied User Data and TSF Data permanently irretrievable from Non-
volatile Storage Devices.
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 9 (18)
5 Architectural Information
The TOE consists of an Operation Panel, a Scanner Unit, a Printer Unit, a Main
Board, a FAX Board, HDD and SSD hardware, and firmwares.
The Operation Panel is the hardware that displays status and results upon receipt of
input by the TOE user. The Scanner Unit and the Printer Unit are the hardware that
input document into MFP and output as printed material.
A Main Board is the circuit board to control entire TOE. A system firmware is in-
stalled on an SSD, which is positioned on the Main Board. The Main Board has a Net-
work Interface and a USB Interface.
The ASIC on the Main Board is installed with a cryptographic module to perform the
HDD encryption function and Overwrite-Erase function (see below). A FIPS 140-2
certified cryptographic module, key derivation and entropy are provided by this cryp-
tographic module in TOE environment.
A FAX control firmware that controls FAX communication is installed on the PROM,
which is positioned on the FAX Board. Additionally, a FAX Board has a NCU as an
interface.
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 10 (18)
6 Documentation
The following guidance documents are part of the TOE:
Notice (KYOCERA)
Notice (Copystar)
Notice (TA Triumph-Adler/UTAX)
FAX System 12 Installation Guide
TASKalfa 7004i / TASKalfa 6004i / TASKalfa 5004i First Steps Quick Guide
7004i / 6004i / 5004i / 4004i First Steps Quick Guide
TASKalfa 5004i / TASKalfa 6004i / TASKalfa 7004i Operation Guide
4004i / 5004i / 6004i / 7004i Operation Guide
TASKalfa 2554ci / TASKalfa 3554ci / TASKalfa 4054ci / TASKalfa 5054ci / TASK-
alfa 5004i / TASKalfa 6054ci / TASKalfa6004i / TASKalfa 7054ci / TASKalfa 7004i
Safety Guide
2554ci / 3554ci / 4054ci / 4004i / 5054ci / 5004i / 6054ci / 6004i / 7054ci / 7004i
Safety Guide
FAX System 12 Operation Guide
Data Encryption/Overwrite Operation Guide
Command Center RX User Guide
TASKalfa 7004i / TASKalfa 6004i / TASKalfa 5004i Printer Driver User Guide
7004i / 6004i / 5004i / 4004i Printer Driver User Guide (Copystar)
KYOCERA Net Direct Print User Guide
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 11 (18)
7 IT Product Testing
7.1 Evaluator Testing
All TOE variants included the evaluation use the same firmware and execute on the
same main board with the same processor. The TASKalfa 7004i model was used for
testing, representing all TOE variants.
All the test cases defined in the HCDPP were performed. The testing took place in
Combitech's premises in Stockholm, between 2021-08-17 and 2021-10-29.
All tests were successful and no errors were discovered.
7.2 Penetration Testing
The TASKalfa 7004i model was used for penetration testing.
The evaluators performed port scans (NMAP), vulnerability scan (Nessus), and jpeg
fuzz tests (Peach).
No vulnerabilities were found during the penetration testing.
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 12 (18)
8 Evaluated Configuration
In the evaluated configuration, the optional hard disk, the optional fax board and the
optional data security kit are installed and included in the scope of the TOE.
The following features are excluded from the evaluated configuration:
- Maintenance Interface
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 13 (18)
9 Results of the Evaluation
The evaluators applied each work unit of the Common Methodology [CEM] within
the scope of the evaluation, and concluded that the TOE meets the security objectives
stated in the Security Target [ST] for an attack potential of Basic.
The certifier reviewed the work of the evaluators and determined that the evaluation
was conducted in accordance with the Common Criteria [CC].
The evaluators' overall verdict is PASS.
The verdicts for the assurance classes and components are summarised in the follow-
ing table:
Assurance Class Name / Assurance Family Name Short name
(including
component
identifier for
assurance
families)
Verdict
Security Target Evaluation
ST Introduction
Conformance claims
Security Problem Definition
Security objectives
Extended components definition
Derived security requirements
TOE summary specification
ASE
ASE_INT.1
ASE_CCL.1
ASE_SPD.1
ASE_OBJ.1
ASE_ECD.1
ASE_REQ.1
ASE_TSS.1
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
Life-cycle support
Use of a CM system
CM Coverage
ALC
ALC_CMC.1
ALC_CMS.1
PASS
PASS
PASS
Development
Security-enforcing functional specification
ADV
ADV_FSP.1
PASS
PASS
Guidance documents
Operational user guidance
Preparative procedures
AGD
AGD_OPE.1
AGD_PRE.1
PASS
PASS
PASS
Tests
Independent testing
ATE
ATE_IND.1
PASS
PASS
Vulnerability Assessment
Vulnerability analysis
AVA
AVA_VAN.1
PASS
PASS
The assurance activities in the HCDPP v1.0e also have the verdict PASS
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 14 (18)
10 Evaluator Comments and Recommendations
None.
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 15 (18)
11 Glossary
CEM Common Methodology for Information Technology Security,
document describing the methodology used in Common
Criteria evaluations
CM Configuration Management
EAL Evaluation Assurance Level
HDD Hard Disk Drive
IPSec Internet Protocol Security
ISO International Organization for Standardization
IT Information Technology
ITSEF IT Security Evaluation Facility, test laboratory
licensed to operate within an evaluation and
certification scheme
LAN Local Area Network
MFP Multi-Function Printer
NCU Network Control Unit
OSP Organizational Security Policy
PP Protection Profile
SMTP Simple Mail Transport Protocol
SSD Solid State Disk
ST Security Target, document containing security
requirements and specifications , used as the
basis of a TOE evaluation
TLS Transport Layer Security
TOE Target of Evaluation
TSF TOE Security Functionality
TSFI TSF Interface
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 16 (18)
12 Bibliography
ST TASKalfa 7004i, TASKalfa 6004i, TASKalfa 5004i, TASKalfa 4004i
Series with Hard Disk, FAX System and Data Security Kit Security,
Kyocera Document Solutions Inc., 2021-10-13, document version 1.0,
FMV ID 21FMV4842-10
N1 Notice (KYOCERA), Kyocera Document Solutions Inc., Oct 2021,
document version 302XF5641002
N1 Notice (Copystar), Kyocera Document Solutions Inc., Oct 2021,
document version 302XF5642002
N3 Notice (TA Triumph-Adler/UTAX) , Kyocera Document Solutions
Inc., Oct 2021, document version 302XF5643002
IG-FAX FAX System 12 Installation Guide, Kyocera Document Solutions Inc.,
Aug 2021, document version 303RK5671101
QG1 TASKalfa 7004i / TASKalfa 6004i / TASKalfa 5004i First Steps
Quick Guide (KYOCERA), Kyocera Document Solutions Inc.,
Nov 2020, document version 302XF5602001
QG2 7004i / 6004i / 5004i / 4004i First Steps Quick Guide (Copystar),
Kyocera Document Solutions Inc., document version 302XF5601001
OG1 TASKalfa 5004i / TASKalfa 6004i / TASKalfa 7004i Operation
Guide, Kyocera Document Solutions Inc., Oct 2020, document
version 2XFKDEN000
OG2 4004i / 5004i / 6004i / 7004i Operation Guide (Copystar), Kyocera
Document Solutions Inc., document version 2XFKDEN200
SG1 TASKalfa 2554ci / TASKalfa 3554ci / TASKalfa 4054ci / TASKalfa
5054ci / TASKalfa 5004i / TASKalfa 6054ci / TASKalfa6004i /
TASKalfa 7054ci / TASKalfa 7004i Safety Guide, Kyocera
Document Solutions Inc., document version 302XC5622001
SG2 2554ci / 3554ci / 4054ci / 4004i / 5054ci / 5004i / 6054ci / 6004i /
7054ci / 7004i Safety Guide (Copystar), Kyocera Document Solutions
Inc., document version 302XC5621001
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 17 (18)
OG-FAX FAX System 12 Operation Guide, Kyocera Document Solutions Inc.,
Febr 2020, document version 3RKKDEN300
DE Data Encryption/Overwrite Operation Guide, Kyocera Document
Solutions Inc., document version 3MS2XCKDEN1
CCRX Command Center RX User Guide, Kyocera Document Solutions Inc.,
Febr 2020, document version CCRXKDEN23
PD1 TASKalfa 7004i / TASKalfa 6004i / TASKalfa 5004i Printer Driver
User Guide, Kyocera Document Solutions Inc., Febr 2020, document
version 2XFBWKTEN750
PD2 7004i / 6004i / 5004i / 4004i Printer Driver User Guide (Copystar),
Kyocera Document Solutions Inc., Febr 2020, document version
2XFBWKCEN750
ND KYOCERA Net Direct Print User Guide, Kyocera Document
Solutions Inc., Febr 2019, document version DirectPrintKDEN2
HCDPP Protection Profile for Harcopy Devices, IPA, NIAP and
MFP Technical Community, 2015-09-10, document version 1.0
(including Errata #1, June 2017)
CCpart1 Common Criteria for Information Technology Security Evaluation,
Part 1, version 3.1, revision 5, April 2017, CCMB-2017-04-001
CCpart2 Common Criteria for Information Technology Security Evaluation,
Part 2, version 3.1, revision 5, April 2017, CCMB-2017-04-002
CCpart3 Common Criteria for Information Technology Security Evaluation,
Part 3, version 3.1, revision 5, April 2017, CCMB-2017-04-003
CC CCpart1 + CCPart2 + CCPart3
CEM Common Methodology for Information Technology Security
Evaluation, version 3.1, revision 5, April 2017, CCMB-2017-04-004
Swedish Certification Body for IT Security
Certification Report - Kyocera 7004i HCDPP
21FMV4847-19:1 1.0 2022-02-16
CSEC2021005 18 (18)
Appendix A Scheme Versions
During the certification the following versions of the Swedish Common Criteria Eval-
uation and Certification scheme have been used.
A.1 Scheme/Quality Management System
Version Introduced Impact of changes
2.1 2022-01-18 None
2.0 2021-11-24 None
1.25 2021-06-17 Original version
A.2 Scheme Notes
The following Scheme Notes have been considered during the certification:
SN 15 - Testing
SN 18 - Highlighted Requirements on the ST
SN 21 - NIAP PP Certifications
SN 22 - Vulnerability Assessment
SN 23 - Evaluation Reports for NIAP PPs and cPPs
SN 28 - Updated procedures