KYOCERA Document Solutions
1. Common Criteria (ISO/IEC 15408) Certification
Common Criteria (ISO/IEC 15408) is an international evaluation standard of information security. This internationally recognized standard has been created to evaluate if security functions of IT products are appropriately designed and implemented in order to sufficiently counter threats. Nowadays, governments and major large-sized corporations in many European countries and the United States of America prefer to purchase CC*1 (ISO/IEC 15408) certified products that satisfy their procurement requirements.
There are seven assurance levels defined in CC (ISO/IEC 15408). The higher the evaluation assurance level, the deeper testing and analysis will be conducted. In other words, the evaluation assurance level indicates the depth of an evaluation, not the strength of the security functionality of target of product. Appropriate assurance level can be obtained depending on operational environment of the product and protected assets handled.
*1: CC is an abbreviation for Common Criteria.
Table 1: Evaluation Assurance Level (EAL)
| Evaluation Assurance Level | Outline |
|---|---|
| EAL1 | Functionality Tested |
| EAL2 | Structurally Tested |
| EAL3 | Methodically Tested and Checked |
| EAL4 | Methodically Designed, Tested and Reviewed |
| EAL5 | Semi formally Designed and Tested |
| EAL6 | Semi formally Verified Designed and Tested |
| EAL7 | Formally Verified Designed and Tested |
Kyocera Document Solutions Inc. (Kyocera) is actively obtaining CC (ISO/IEC15408) certification. Prior to usage of the Kyocera certified multi-function products (MFPs), customers can determine if the products meet security requirements as they requested, and can be securely used.
2. IEEE 2600
IEEE2600 is one of international standards in which security functional requirements and security assurance requirements for hardcopy devices and systems are defined by the IEEE working group comprising representatives from MFP manufacturers including Kyocera. Before defining the IEEE 2600, security functions were specified differently subject to acquisition of the CC product certification. Because of this, MFP manufacturers gathered for the purpose of creating the uniform baseline of these different functionalities.
There is a document called Protection Profile defining security requirements and operational environments of hardcopy devices in the IEEE 2600. Various security requirements and operational environments are defined in the Protection Profile. CC certification can be obtained by applying the Protection Profile to Security Target. Kyocera also obtains CC certification conforming to the Protection Profile, and assures that customers can securely use the certified products in operational environments such as military forces, governments, health and financial institutions.
Table 2: Assumed Operational Environment
| IEEE 2600.1 Operational Environment A | Military Forces, Governments, Health and Financial Institutions |
|---|---|
| IEEE 2600.2 Operational Environment B | Large-Sized Corporations, Government and Official Agencies |
| IEEE 2600.3 Operational Environment C | Public Places like Library |
| IEEE 2600.4 Operational Environment D | Small and Home Offices |
3. HCD-PP
HCD-PP is a protection profile developed jointly by the National Information Assurance Partnership (NIAP), a U.S. certification agency, and the Information-technology Promotion Agency (IPA) of Japan that summarizes security requirements for government procurement of digital multifunction printers.
HCD-PP v1.0 : Protection Profile for Hardcopy Devices, 1.0 dated September 10, 2015
4. Common Criteria Certified Products Listing
Table 3: Color MFP / Printer
Table 4: Black & White MFP / Printer
For availability of models, please contact your local Kyocera Document Solutions sales company.
