As the product employs cryptography, DSD performed a cryptographic evaluation in addition to the Common Criteria certification. DSD found that the cryptography employed by the product meets the requirements stipulated within ACSI 33.
DSD’s Recommendations
The scope of the evaluation did not include the following:
•Data export controls capable of blocking information based on protective markings; and
•Audit data generation and protection.
As a result, potential users of the Canon multifunction product should be aware of the following, derived from policy governing the use of MFDs in ACSI 33:
•For
oAgencies SHOULD NOT enable a connection from a Canon multifunction product to a telephone network of a lower classification.
•For PROTECTED usage:
oAgencies SHOULD NOT enable the facsimile functionality for a Canon multifunction product unless the telephone network is accredited to at least the same classification as the computer network.
Due to the electrostatic memory devices present within printers and photocopiers the MFD will retain the classification of the network it is connected to or the highest classification of the documents processed by the MFD when operated in a stand alone manner. The cryptographic functionality of the Security Kit can not be used to reduce the storage and physical transfer requirements of the MFD.
The erasure functions of the MFD are approved to sanitise the HDD from PROTECTED, RESTRICTED or
For additional information regarding MFD usage and sanitisation for national security classifications above RESTRICTED, and for HIGHLY PROTECTED, refer to block 3.10.70 and block 3.4.30 respectively of the
Point of Contact
For further information regarding the certification of these products, or compliance with ACSI 33, please contact DSD on (02) 6265 0197 or email assist@dsd.gov.au.
ACSI 33
The advice given in this document is in accordance with ACSI 33 release date September 2007. Australian Government agencies are reminded to periodically check the latest release of ACSI 33 at www.dsd.gov.au/library/infosec/acsi33.html.
Date of this Consumer Guide
This Consumer Guide was issued by DSD on 17 December 2007.