Section 6 — Logging & Auditing
6.4 – imageWARE Secure Audit Manager
Canon imageWARE Secure Audit Manager (iWSAM) is an optional robust and efficient information
security solution that captures and archives all copy, scan, print, fax and send jobs. When installed, the full
image of the document, any embedded images, text, job log, and attribute information such as user name,
IP Address, device names, and time/date stamp is indexed and stored for future searching and auditing. In
the event that an information breach does occur, iWSAM can be used to help trace the potential source of
the leak if it was processed on a Canon MFP. Optional HP printer support is also available.
Canon imageWARE Secure Audit Manager Express (iWSAM) is an optional security solution that captures
and archives all copy, scan, print, fax and send jobs to a Windows folder. While the full version of
iWSAM monitors on a constant basis, iWSAM Express monitors less frequently based on job log and
Section 7 — Canon Solutions & Regulatory Requirements
Canon is dedicated to providing the most secure multifunctional printers available on the market today.
Many of our products meet or exceed the requirements of government agencies and private entities as they
relate to security certifications and industry regulations.
7.1 – Common Criteria
Beginning on July 1, 2002, the Department of Defense required a broad group of commercial
hardware/software suppliers to have their products evaluated using a standard known as Common Criteria
to determine its fitness for the department's use.
Following the development of the Common Criteria, the National Institute of Standards and Technology
and the National Security Agency, in cooperation and collaboration with the U.S. State Department,
worked closely with their partners in the CC Project to produce a mutual recognition arrangement for IT
security evaluations that use the Common Criteria. The Arrangement is officially known as the
Arrangement on the Mutual Recognition of Common Criteria Certificates in the field of IT Security. It
states that each participant will recognize evaluations performed using the Common Criteria evaluation
methodology where product certificates have been issued by the Mutually Recognized producing nations
for EAL1-EAL4 evaluations. Evaluation Assurance components found in EAL5-EAL7 are not part of the
mutual recognition arrangement.
The list of Common Criteria Recognition Arrangement members currently includes Australia, Austria,
Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan,
Republic of Korea, Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Turkey, United
Kingdom and United States.
7.2 – Common Criteria Certification
The Common Criteria for Information Technology Security Evaluation (CC), ISO/IEC 15408 Standard,
defines general concepts and principles of IT security evaluation and presents a general model of
evaluation. It presents constructs for expressing IT security objectives, for selecting and defining IT
security requirements, and for writing high-level specifications for products and systems. It specifies
information security functional requirements and seven predefined assurance packages, known as
Evaluated Assurance Levels (EALs), against which products' functions are tested and evaluated. The seven
White Paper: Canon imageRUNNER ADVANCE Security