History

2008

Agencies should not enable a direct connection from a MFD to a telephone network of a lower classification unless the device: a. has been evaluated to at least Common Criteria Evaluation Assurance Level 2 and the scope of the evaluation includes: 1) information flow control functions to prevent unintended and unauthorised data flows 2) data export controls capable of blocking information based on protective markings 3) authentication 4) audit data generation and protection b. is configured to use the evaluated functionality in accordance with the relevant policies.