Filter
Top Products
Canon is dedicated to providing the most secure multifunctional printers available on the market
today. Many of our products meet or exceed the requirements of government agencies and private
entities as they relate to security certifications and industry regulations.
7.1 – Common Criteria
Beginning on July 1, 2002, the Department of Defense required a broad group of commercial
hardware/software suppliers to have their products evaluated using a standard known as Common
Criteria to determine its fitness for the department’s use.
Following the development of the Common Criteria, the National Institute of Standards and
Technology and the National Security Agency, in cooperation and collaboration with the U.S. State
Department, worked closely with their partners in the CC Project to produce a mutual recognition
arrangement for IT security evaluations that use the Common Criteria. The Arrangement is officially
known as the Arrangement on the Mutual Recognition of Common Criteria Certificates in the field of
IT Security. It states that each participant will recognize evaluations performed using the Common
Criteria evaluation methodology where product certificates have been issued by the Mutually
Recognized producing nations for EAL1-EAL4 evaluations. Evaluation Assurance components found in
EAL5-EAL7 are not part of the mutual recognition arrangement.
The list of Common Criteria Recognition Arrangement members currently includes Australia, Austria,
Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy,
Japan, Republic of Korea, Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Turkey,
United Kingdom and United States.
7.2 – Common Criteria Certification
The Common Criteria for Information Technology Security Evaluation (CC), ISO/IEC 15408 Standard,
defines general concepts and principles of IT security evaluation and presents a general model of
evaluation. It presents constructs for expressing IT security objectives, for selecting and defining IT
security requirements, and for writing high-level specifications for products and systems. It specifies
information security functional requirements and seven predefined assurance packages, known as
Evaluated Assurance Levels (EALs), against which products' functions are tested and evaluated. The
seven EALS provide both the vendor and user with flexibility to define functional and assurance
requirements that are unique to their operating environments and to obtain an evaluated product
best suited to those needs.
Hardware and software companies around the world use the Common Criteria (CC) evaluation
program to provide a means of comparison for the level of assurance that their products provide.
As a cautionary note, while the evaluation program is very effective at validating a manufacturer’s
claims, it does not measure the overall security capabilities or vulnerabilities as a whole. Therefore,
Common Criteria certification should be one of many considerations when choosing security-related
products instead of being considered the de-facto standard.
32
White Paper: Canon imageRUNNER ADVANCE Security
Section 7 – Canon Solutions & Regulatory Requirements