HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 14 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
the TOE via the negotiated fax session. The TOE prints the fax as it receives it. The TOE doesn’t not
accept fax polling requests from other fax devices (i.e. the MFP models in this evaluation do not contain
the Fax Polling Send functionality).
The TOE protects stored non-fax jobs with either a 4-digit Job PIN or by accepting (and storing) an
encrypted job from a client computer. Both protection mechanisms are optional by default and are
mutually exclusive of each other if used. In the evaluated configuration, every stored non-fax job must
either be assigned a 4-digit Job PIN or be an encrypted job.
The TOE also supports Microsoft SharePoint (flow MFP models only) and remote file systems for the
storing of scanned documents. The TOE uses IPsec with X.509v3 certificates to protect the
communications and to mutually authenticate to SharePoint and the remote file systems. For remote file
system connectivity, the TOE supports the File Transfer Protocol (FTP) and the Server Message Block
(SMB) protocol. (SharePoint is HTTP-based.) The MFP is capable of encrypting stored document files
according to the Adobe PDF specification.
The TOE can be used to email scanned documents, email received faxes, or email sent faxes. In
addition, TOE can send email alert messages to administrator-specified email addresses, or send
automated emails regarding product configuration and MFP supplies to HP. The TOE supports protected
communications between itself and Simple Mail Transfer Protocol (SMTP) gateways. It uses IPsec with
X.509v3 certificates to protect the communications and to mutually authenticate with the SMTP gateway.
The TOE can only protect unencrypted email up to the SMTP gateway. It is the responsibility of the
Operational Environment to protect emails from the SMTP gateway to the email’s destination. Also, the
TOE can only send emails; it does not accept inbound emails.
Each HCD contains a user interface called the Control Panel. The Control Panel consists of a
touchscreen LCD, and a physical home screen button that are attached to the HCD. In addition, flow MFP
models include a pull-out keyboard as part of the Control Panel. The Control Panel is the physical
interface that a user uses to communicate with the TOE when physically using the HCD. The LCD screen
displays information such as menus and status to the user. It also provides virtual buttons to the user
such as an alphanumeric keypad for entering usernames and passwords. When a user signs in at the
Control Panel, a Permission Set is associated with their session which determines the functions the user
is permitted to perform.
The TOE’s Control Panel supports both local and remote sign-in methods. The local sign-in method is
called Local Device Sign In which supports individual user accounts. The user account information is
maintained in the Local Device Sign In database within the TOE. The remote sign-in methods are called
LDAP Sign In and Windows Sign In (i.e., Kerberos). The TOE uses IPsec with X.509v3 certificates to
protect both the LDAP and Kerberos communications.
The Scanner in Figure 1 converts hardcopy documents into electronic form. The Print Engine in Figure 1
converts electronic documents into hardcopy form.
All MFP models contain a persistent storage drive (a.k.a. storage drive) that resides in the Operational
Environment. The storage drive contains a section called Job Storage which is a user-visible file system
where stored print, stored copy, and stored received faxes are stored/held. All MFP models, except the
M527dn, contain the HP High-Performance Secure Hard Disk. The M527dn contains eMMC with the HP
High-Performance Secure Hard Disk available as an accessory.
If the MFP model contains the HP High Performance Secure Hard Disk, jobs in Job Storage can persist
across power-cycles or can be deleted, depending on how the administrator configures the TOE and on
the job type. If the MFP model contains an eMMC, all jobs in Job Storage are automatically deleted when
the HCD is turned off. (Job types are discussed in section 1.5.4.2.1.)
To Next Page
Loading...