Section 7 — Canon Solutions & Regulatory Requirements
EALS provide both the vendor and user with flexibility to define functional and assurance requirements
that are unique to their operating environments and to obtain an evaluated product best suited to those
Hardware and software companies around the world use the Common Criteria (CC) evaluation program to
provide a means of comparison for the level of assurance that their products provide. As a cautionary note,
while the evaluation program is very effective at validating a manufacturer's claims, it does not measure
the overall security capabilities or vulnerabilities as a whole. Therefore, Common Criteria certification
should be one of many considerations when choosing security-related products instead of being considered
the de-facto standard.
7.3 –IEEE 2600.1 Common Criteria Certification
IEEE Std 2600.1TM-2009 or "IEEE Standard for a Protection Profile in Operational Environment A"
(referred to as IEEE 2600.1, hereafter) Protection Profile is a global information security standard for hard
copy devices that require a relatively high level of document security, operational accountability and
information assurance. IEEE 2600.1 defines requirement specifications for office use as well as
government agencies where high level of assurance is required. The IEEE2600.1 Common Criteria
certification evaluates whether security functions provided by products and technology are properly
implemented. The IEEE2600.1 Protection Profile is part of a suite of standards developed by the Hardcopy
Device and System Security Working Group, sponsored by the IEEE Information Assurance Standards
Committee of the IEEE Computer Society. Canon participated in the development of the P2600 suite of
Protection Profiles as a member of the Hardcopy Device and System Security Working Group.
With specified processes, configurations and settings implemented upon installation, the imageRUNNER
ADVANCE C5051/C5045/C5035/C5030 models are certified to achieve and maintain the necessary
security requirements as defined in the IEEE 2600.1 standard.
Certified Device- Canon's imageRUNNER ADVANCE C5000 series can be considered an IEEE 2600.1
CC Certified model when the following options are installed and active on the device:
iR-ADV Security Kit-A1 for IEEE 2600.1
IEEE 2600 License Certificate
Bootable CD with certified system software
IEEE 2600 User Manual CD
Data Erase Kit-C1
HDD Data Encryption & Mirroring Kit-C1
After installation and configuration is completed, an end user can verify and check a device configuration
screen to verify that it is an IEEE 2600.1 Common Criteria certified configuration.
Please note, various settings made at installation might require disabling functions or features of the device
to achieve and maintain certification.
Given the common controller architecture used by Canon's imageRUNNER ADVANCE architecture, the
imageRUNNER ADVANCE C9000 PRO/C7000/8000/6000 Series models, when equipped with necessary
accessories, along with specific installations and configurations, can be considered compliant with the
IEEE 2600 standard, although they have not been submitted for certification.
White Paper: Canon imageRUNNER ADVANCE Security