Common Criteria provides a framework to validate the security functionality of a system(s) by performing a set of rigorous and repeatable tests. This framework provides participating countries assurance that tested product(s) meet the internationally agreed upon security functional criteria. Lexmark devices are validated through an internationally approved independent laboratory using the latest policy guidance. For the last two evaluation cycles, Lexmark products has been validated using the CCRA-approved IEEE 2600 protection profiles. The IEEE 2600 protection profile was designed to define security threats related to hardcopy, security functionality to combat those threats, and provide assurance testing for a class of security devices related to hardcopy. Meeting the requirements defined in the Common Criteria framework, a product evaluated by one nation is considered to have a valid evaluation by all other nations who have signed the Common Criteria Recognition Agreement (CCRA) which includes U.S. National Information Assurance Partnership (NIAP). This, in practice, can result in common procurement requirements for the governments that are part of the CCRA.
In some cases, Lexmark may have two or more separate evaluations listed with similar model numbers. This is done because some Lexmark devices ship with a hard drive or have other functional differences, which require additional security targets to validate the security capabilities of the device. Adding these other validated devices gives Lexmark customers more options when selecting the appropriate device that meets their internal security requirements.