Product Type: Miscellaneous

Certificate Details: C0018, September 2004

Assurance Level: EAL 4

Evaluation Facility: Mizuho Information & Research Institute, Inc. Centre for Evaluation of Information Security

Manufacturer/Vendor/Distributor: Sharp Electronics Corporation

1 Huntingwood Drive
HUNTINGWOOD NSW 2148
Contact: Bruce Hutchinson
Phone: +61 2 9830 4783
Fax: +61 2 9679 9632
Email: bhutchinson@sharp.net.au
Web: www.sharp.net.au

	Security Target [328KB]
	CertificationReport [197KB]

The TOE is a Sharp Corporation printer/copier/scanner/fax, referred to as a multifunction device (MFD), which is configured with a firmware upgrade that protects document image data that is temporarily stored in the MFD memory or the hard drive. The TOE provides a data clear capability for stored image data. During normal operation, the MFD spools temporary document image data to a mass storage device. In the case of printer, copier, and scanner operation this is either a RAM disk or, optionally, a hard drive. For fax operation, such data is stored in flash memory. The data clear function overwrites the image data once the job is completed; the administrator, once authenticated, can set the data clear function to perform up to seven overwrites of the spooled image data.

The product also includes a data encryption function that encrypts temporary image data to protect it while in spool memory.

Caveat:

DSD RECOMMENDS that agencies enable the "power up auto clear" functionality and set the "Number of times power up auto clear program is repeated" to at least 1.

When it becomes necessary to release the copier/printer into an insecure environment (for example for off-site servicing or disposal) the following process MUST be followed:

1. If the unit has processed information classified no higher than HIGHLY PROTECTED or RESTRICTED then the process for sanitisation to be carried out by the ITSA or the "Key Operator" under the supervision of the ITSA is:
a. Set the "Number of times clear all memory program is repeated" to 7.
b. Execute the "Clear all memory" program.
c. Confirm that the program completes successfully; in particular, care should be taken to confirm that no one cancels the process.
d. Power down and quarantine the unit before anyone has a chance to use the unit thereby re-contaminating the unit's hard disk.

2. If the unit has been used for classifications higher than those listed above then a method appropriate for the classification MUST be employed to sanitise or destroy the unit's hard disk. Refer to ACSI 33 for specific details.

IMPORTANT: While the cryptographic algorithm employed in the product has been correctly implemented, its effective strength is not sufficient to protect information against the threat the TOE was designed to mitigate against. DSD has therefore determined that the cryptographic functionality of this product is insufficient for the protection of Australian Government security classified information.