Main content Main content

Ricoh's Common Criteria Certification Activities


Our customers' documents are their information assets. To increase document security, Ricoh has been addressing security countermeasures to prevent electronic and hardcopy documents from alterations and leaks. We have been developing security functions to cover all risks throughout the entire lifecycle of documents (generation, processing, storage, archiving, and disposal).

In February 2010, Ricoh obtained the world's first CC authentication, conforming to the IEEE 2600.1 Protection Profile, with its imagio MP 5000 SP/4000 SP (released in February 2008). IEEE 2600 is an international standard for security functions of hardcopy devices, including multifunction and ordinary printers.

To assure our customers of the security of our products, we offer a broad line of CC-authenticated products that comply with IEEE 2600. For more information, see the Ricoh Products Authenticated with CC (ISO/IEC 15408).

Common Criteria (ISO/IEC 15408 *1) certification

Common Criteria(CC)refers to international criteria for evaluation of information technology security. It is used for evaluating whether security functions are appropriately developed for IT products. Customers can use CC certification conforming to the IEEE 2600 security standard to clearly communicate the product requirements to suppliers so that the security functions from different suppliers can be compared and examined.

Today, the CC is a standard recognized by more than 25 nations of the world. Domestic and overseas multifunction copier vendors are eager to obtain the authentication for digital multifunction copiers. The system is also used by companies of other industries to maintain their competitiveness in the international market.

  • *1 The CC and ISO/IEC 15408 are the same standards, although they are updated in different timings.

IEEE 2600

IEEE 2600 is a family of international standards that was created by an IEEE working group in 2008. Before IEEE 2600, different vendors had different definitions for the functions subject to CC authentication. The working group, primarily consisting of representatives from the major vendors of digital multifunction copiers, re-defined the functions from the viewpoint of end users. Ricoh has been an active member in the IEEE working group, and contributed to the development of protection profiles (PPs).

PPs are part of the IEEE 2600 series, addressing the security requirements of different environments – military forces and governments, major companies, public environments, and SOHOs. PPs are used to clarify the security functions and conditions to be evaluated for CC certification. Conformance to a PP is represented in the security target (ST)*2 document for products submitted for CC evaluation. Through this process, PP conformance is confirmed by CC certification. Thus, products conforming to the same PP of the IEEE 2600 series have the same levels of security functions.

The PPs of the IEEE 2600 series are as follows, each of which specifies the security requirements of a different operational environment.

IEEE 2600.1 [Operational Environment A]: Specifies functional requirements for high level security environments.
IEEE 2600.2 [Operational Environment B]: Specifies functional requirements for military forces, governments and major companies, or other high level security environments that are equivalent to those specified in [Operational Environment A].
IEEE 2600.3 [Operational Environment C]: Specifies functional requirements for the public level security environment.
IEEE 2600.4 [Operational Environment D]: Specifies functional requirements for SOHO level security environment.

IEEE 2600

  • *2 Security targets (STs) refer to the security design documentation describing the requirements and specifications of the security functions that IT products and systems should have. The form and required content of STs are defined under the ISO/IEC 15408 international standard.