19
Modern printers and MFPs are a focus for compliance due to the
personal and sensitive data they access, store and communicate.
Non-compliance can lead to lost business opportunities, losing existing
customers or even legal action. Levels of required compliance vary by
country and vertical market.
The Health Insurance Portability and Accountability Act (HIPAA)
in the U.S. and the Data Protection Act in the UK are examples of
standards that may need to be met to continue business legally.
Common Criteria Certification is an internationally recognized security
standard that meets U.S. Department of Defense specifications.
With industry-leading security features and a flexible approach to
configuration and deployment, Xerox
®
devices can conform to any
standard and have the controls available to match any need.
Xerox
®
systems, software and services conform to recognized industry
standards and the latest governmental security regulations. Our
products offer features that enable our customers to meet those
standards. The following standards are examples:
•
Payment Card Industry (PCI) Data Security Standards Version 3.0
•
Sarbanes-Oxley
•
Basel II Framework
•
The Health Insurance Portability and Accountability Act (HIPAA)
•
E-Privacy Directive (2002/58/EC)
•
Gramm-Leach-Bliley Act
•
Family Educational Rights and Privacy Act
•
The Health Information Technology for Economic and Clinical
Health Act
•
Dodd-Frank Wall Street Reform and Consumer Protection Act
•
ISO-15408 Common Criteria for Information Technology Security
Evaluation
•
ISO-27001 Information Security Management System Standards
•
Control Objectives for Information and Related Technology
•
Statement on Auditing Standards No. 70
•
NIST 800-53, adopted by Federal Government and DOD in 2014
•
Federal Risk and Authorization Program (FedRAMP)
Regulatory and
Policy Compliance
Product Security Evaluation
Document security means peace of mind. One of the hallmarks of
the Xerox
®
product line is a commitment to information security.
Our systems, software and services comprehend and conform to
recognized industry standards and the latest governmental
security regulations.
Common Criteria Certification
Common Criteria Certification provides independent, objective
third-party validation of the reliability, quality and trustworthiness
of IT products. It is a standard that customers can rely on to help them
make informed decisions about their IT purchases. Common Criteria
sets specific information assurance goals including strict levels of
integrity, confidentiality, availability for systems and data,
accountability at the individual level and assurance that all goals are
met. Common Criteria Certification is a requirement of hardware
and software devices used by the federal government on national
security systems.
Achieving Common Criteria Certification
Common Criteria Certification is a rigorous process that includes
product testing by a third-party laboratory that has been accredited
by the National Voluntary Laboratory Accreditation Program (NVLAP)
to perform evaluation of products against security requirements.
Products are tested against security functional requirements based on
predefined Evaluation Assurance Levels (EALs) or specialized assurance
requirements.
For healthcare, financial services and other industries, the need for
security is no less important. Whether they are protecting their
customers’ privacy, or intellectual and financial assets, assurance
that networks, hard drives and phone lines are safe and secure from
hackers, viruses and other malicious activities is critical. Common
Criteria Certification, while not a requirement outside the federal
government, can provide independent validation.
With approximately 150 devices having completed the certification
process, Xerox has one of the largest numbers of Common Criteria
Certified MFPs. In addition, Xerox was the first manufacturer to certify
the entire device and Xerox is the only manufacturer to always certify
the entire device.
Visit www.xerox.com/information-security/common-criteria-certified
to see which Xerox
®
MFPs have achieved Common Criteria Certification.