Canon iR 2270 User Manual

As the product employs cryptography, DSD performed a cryptographic evaluation in addition to the

Common Criteria certification. DSD found that the cryptography employed by the product meets the

requirements stipulated within ACSI 33.

DSD’s Recommendations

The scope of the evaluation did not include the following:

•

Data export controls capable of blocking information based on protective markings; and

•

Audit data generation and protection.

As a result, potential users of the Canon multifunction product should be aware of the following, derived

from policy governing the use of MFDs in ACSI 33:

•

For IN-CONFIDENCE and RESTRICTED usage:

o

Agencies SHOULD NOT enable a connection from a Canon multifunction product to a

telephone network of a lower classification.

•

For PROTECTED usage:

o

Agencies SHOULD NOT enable the facsimile functionality for a Canon multifunction

product unless the telephone network is accredited to at least the same classification as the computer

network.

Due to the electrostatic memory devices present within printers and photocopiers the mFD will retain

the classification of the network it is connected to or the highest classification of the documents

processed by the mFD when operated in a stand alone manner. The cryptographic functionality of the

Security Kit can not be used to reduce the storage and physical transfer requirements of the mFD.

The erasure functions of the MFD are approved to sanitise the HDD from PROTECTED, RESTRICTED

or IN-CONFIDENCE to UNCLASSIFIED. To sanitise the entire MFD additional sanitisation procedures

need to be used for the electrostatic memory devices.

For additional information regarding MFD usage and sanitisation for national security classifications

above RESTRICTED, and for HIGHLY PROTECTED, refer to block 3.10.70 and block 3.4.30

respectively of the SECURITY-IN-CONFIDENCE release of ACSI 33.

Point of Contact

For further information regarding the certification of these products, or compliance with ACSI 33, please

contact DSD on (02) 6265 0197 or email [email protected].

aCSi 33

The advice given in this document is in accordance with ACSI 33 release date September 2007.

Australian Government agencies are reminded to periodically check the latest release of ACSI 33 at

www.dsd.gov.au/library/infosec/acsi33.html.

Date of this Consumer Guide

This Consumer Guide was issued by DSD on 17 December 2007.