Main content Main content

Ricoh's Common Criteria Certification Activities

CC

Our customers' documents are their information assets. To increase document security, Ricoh has been addressing security countermeasures to prevent electronic and hardcopy documents from alterations and leaks. We have been developing security functions to cover all risks throughout the entire lifecycle of documents (generation, processing, storage, archiving, and disposal).

In February 2010, Ricoh obtained the world's first CC authentication, conforming to the IEEE 2600.1 Protection Profile, with its imagio MP 5000 SP/4000 SP (released in February 2008). IEEE 2600 is an international standard for security functions of hardcopy devices, including multifunction and ordinary printers. And in January 2020, the RICOH IM C6000/C5500/C4500/C3500/C3000/C2500/C2000(released in January 2019)received CC certification conforming to the “Hardcopy Device(Digital MFP)Protection Profile(HCD PPv1.0).”

To ensure that customers can use equipment with greater peace of mind, Ricoh offers a broad lineup of CC-certified products that conform to IEEE 2600.2 and HCD PPv1.0. For more information, see the Ricoh Products Authenticated with CC (ISO/IEC 15408).

Common Criteria (ISO/IEC 15408 *1) certification

Common Criteria(CC)refers to international criteria for evaluation of information technology security. It is used for evaluating whether security functions are appropriately developed for IT products. Customers can use CC certification conforming to the IEEE 2600 security standard to clearly communicate the product requirements to suppliers so that the security functions from different suppliers can be compared and examined.

Today, the CC is a standard recognized by more than 25 nations of the world. Domestic and overseas multifunction copier vendors are eager to obtain the authentication for digital multifunction copiers. The system is also used by companies of other industries to maintain their competitiveness in the international market.

  • *1 The CC and ISO/IEC 15408 are the same standards, although they are updated in different timings.

IEEE 2600

IEEE 2600 is a family of international standards that was created by an IEEE working group in 2008. Before IEEE 2600, different vendors had different definitions for the functions subject to CC authentication. The working group, primarily consisting of representatives from the major vendors of digital multifunction copiers, re-defined the functions from the viewpoint of end users. Ricoh has been an active member in the IEEE working group, and contributed to the development of protection profiles (PPs).

PPs are part of the IEEE 2600 series, addressing the security requirements of different environments – military forces and governments, major companies, public environments, and SOHOs. PPs are used to clarify the security functions and conditions to be evaluated for CC certification. Conformance to a PP is represented in the security target (ST)*2 document for products submitted for CC evaluation. Through this process, PP conformance is confirmed by CC certification. Thus, products conforming to the same PP of the IEEE 2600 series have the same levels of security functions.

The PPs of the IEEE 2600 series are as follows, each of which specifies the security requirements of a different operational environment.

IEEE 2600.1 [Operational Environment A]: Specifies functional requirements for high level security environments.
IEEE 2600.2 [Operational Environment B]: Specifies functional requirements for military forces, governments and major companies, or other high level security environments that are equivalent to those specified in [Operational Environment A].
IEEE 2600.3 [Operational Environment C]: Specifies functional requirements for the public level security environment.
IEEE 2600.4 [Operational Environment D]: Specifies functional requirements for SOHO level security environment.

IEEE 2600

  • *2 Security targets (STs) refer to the security design documentation describing the requirements and specifications of the security functions that IT products and systems should have. The form and required content of STs are defined under the ISO/IEC 15408 international standard.

Hardcopy Device Protection Profile(HCD PP v1.0)

 

The Hardcopy Device(MFP)Protection Profile v1.0 is a protection profile for MFPs that is a security requirement for government procurement led by Japanese and U.S. certification bodies and MFP manufacturers, including Ricoh.
It came about through the establishment in 2012 of the Multifunction Printers Technical Community(MFP TC)at the Common Criteria Users Forum(CCUF), an international user group for security evaluation and certification systems.
Many of the MFPs in Ricohʼs lineup have been evaluated based on HCD PP v1.0 in the areas listed at right.

 

 

Menu