Ricoh Aficio MP C300 Manual Download Page 4

Page: 4 / 92

Page 3 of

3.1

Threats

Threats ................................

................................

................................................................

................................

................................................................

................................

.........................................................

.........................

......................... 34

3.2

Organisational Security Policies

Organisational Security Policies................................

................................

................................................................

................................

..................................................

..................

.................. 35

3.3

Assumptions

Assumptions................................

................................

................................................................

................................

................................................................

................................

.................................................

.................

................. 35

Security Objectives

Security Objectives................................

................................

................................................................

................................

................................................................

................................

..............................................

..............

.............. 37

4.1

Security Objectives for TOE

Security Objectives for TOE................................

................................

................................................................

................................

.........................................................

.........................

......................... 37

4.2

Security Objectives of Operational Enviro

Security Objectives of Operational Environment

nment

nment................................

................................

........................................................

........................

........................ 38

4.2.1

IT Environment......................................................................................................... 38

4.2.2

Non-IT Environment................................................................................................. 39

4.3

Security Objectives Rationale

Security Objectives Rationale ................................

................................

................................................................

................................

......................................................

......................

...................... 40

4.3.1

Correspondence Table of Security Objectives ......................................................... 40

4.3.2

Security Objectives Descriptions ............................................................................. 41

Extended Components Definition

Extended Components Definition ................................

................................

................................................................

................................

.......................................................

.......................

....................... 45

5.1

Restricted forwarding of data to external interfaces (FPT_FDI_EXP)

Restricted forwarding of data to external interfaces (FPT_FDI_EXP) .......................

.......................

....................... 45

Security Requirements

Security Requirements................................

................................

................................................................

................................

................................................................

................................

........................................

........

........ 47

6.1

Security Functional Requirements

Security Functional Requirements ................................

................................

................................................................

................................

..............................................

..............

.............. 47

6.1.1

Class FAU: Security audit ........................................................................................ 47

6.1.2

Class FCS: Cryptographic support .......................................................................... 50

6.1.3

Class FDP: User data protection ............................................................................. 51

6.1.4

Class FIA: Identification and authentication ......................................................... 55

6.1.5

Class FMT: Security management........................................................................... 59

6.1.6

Class FPT: Protection of the TSF............................................................................. 65

6.1.7

Class FTA: TOE access ............................................................................................. 65

6.1.8

Class FTP: Trusted path/channels........................................................................... 65

6.2

Security Assurance Requirements

Security Assurance Requirements ................................

................................

................................................................

................................

...............................................

...............

............... 66

6.3

Security Requirements Rationale

Security Requirements Rationale ................................

................................

................................................................

................................

................................................

................

................ 67

6.3.1

Tracing ....................................................................................................................... 67

6.3.2

Justification of Traceability...................................................................................... 68

6.3.3

Dependency Analysis ................................................................................................ 75

6.3.4

Security Assurance Requirements Rationale.......................................................... 77

TOE Summary Specification

TOE Summary Specification................................

................................

................................................................

................................

...............................................................

...............................

............................... 78

7.1

Audit Function

Audit Function ................................

................................

................................................................

................................

................................................................

................................

.............................................

.............

............. 78

7.2

Identification and Authentication Function

Identification and Authentication Function ................................

................................

................................................................

................................

................................ 80

Summary of Contents for Aficio MP C300

Page 1: ...ns of Aficio MP C300 C300SR C400 C400SR series Security Target are reprinted with written permission from IEEE 445 Hoes Lane Piscataway New Jersey 08855 from IEEE 2600 1 Protection Profile for Hardcopy Devices Operational Environment A Copyright 2009 IEEE All rights reserved This document is a translation of the evaluated and certified security target written in Japanese ...

Page 3: ...5 Protected Assets 24 1 4 5 1 User Data 24 1 4 5 2 TSF Data 25 1 4 5 3 Functions 25 1 5 1 5 1 5 1 5 Glossary Glossary Glossary Glossary 25 25 25 25 1 5 1 Glossary for This ST 25 2 2 2 2 Conformance Claim Conformance Claim Conformance Claim Conformance Claim 29 29 29 29 2 1 2 1 2 1 2 1 CC Conformance Claim CC Conformance Claim CC Conformance Claim CC Conformance Claim 29 29 29 29 2 2 2 2 2 2 2 2 PP...

Page 4: ...PT_FDI_EXP Restricted forwarding of data to external interfaces FPT_FDI_EXP Restricted forwarding of data to external interfaces FPT_FDI_EXP 45 45 45 45 6 6 6 6 Security Requirements Security Requirements Security Requirements Security Requirements 47 47 47 47 6 1 6 1 6 1 6 1 Security Functional Requirements Security Functional Requirements Security Functional Requirements Security Functional Requ...

Page 5: ...6 7 6 Residual Data Ov Residual Data Ov Residual Data Ov Residual Data Overwrite Function erwrite Function erwrite Function erwrite Function 85 85 85 85 7 7 7 7 7 7 7 7 Stored Data Protection Function Stored Data Protection Function Stored Data Protection Function Stored Data Protection Function 86 86 86 86 7 8 7 8 7 8 7 8 Security Management Function Security Management Function Security Manageme...

Page 6: ...ttributes a 52 Table 17 Rules to Control Operations on Document Data and User Jobs a 53 Table 18 Additional Rules to Control Operations on Document Data and User Jobs a 54 Table 19 Subjects Objects and Security Attributes b 55 Table 20 Rule to Control Operations on MFP Applications b 55 Table 21 List of Authentication Events of Basic Authentication 56 Table 22 List of Actions for Authentication Fa...

Page 7: ...ess Control Rules for Normal Users 83 Table 37 Encrypted Communications Provided by the TOE 85 Table 38 List of Cryptographic Operations for Stored Data Protection 86 Table 39 Management of TSF Data 87 Table 40 List of Static Initialisation for Security Attributes of Document Access Control SFP 90 ...

Page 8: ...TOE is shown below Although there are several MFP product names depending on sales areas and or sales companies their components are identical Table 1 Identification Information of MFP MFP Names Ricoh Aficio MP C300 Ricoh Aficio MP C300SR Ricoh Aficio MP C400 Ricoh Aficio MP C400SR Savin C230 Savin C230SR Savin C240 Savin C240SR Lanier LD130C Lanier LD130CSR Lanier LD140C Lanier LD140CSR Lanier MP...

Page 9: ...ne 1 02 02 OpePanel 1 03 LANG0 1 03 LANG1 1 03 Hardware Ic Key 01020700 Ic Ctlr 03 Keywords Digital MFP Documents Copy Print Scanner Network Office Fax 1 3 TOE Overview This section defines TOE Type TOE Usage and Major Security Features of TOE 1 3 1 TOE Type This TOE is an MFP which is an IT device that inputs stores and outputs documents 1 3 2 TOE Usage The operational environment of the TOE is i...

Page 10: ...vided for the MFP which is the TOE itself and hardware and software other than the TOE MFP A machinery that is defined as the TOE The MFP is connected to the office LAN and users can perform the following operations from the Operation Panel of the MFP Various settings for the MFP Copy fax storage and network transmission of paper documents Print fax network transmission and deletion of the stored ...

Page 11: ...used by the TOE for folder transmission of the stored documents in the TOE to its folders SMB Server A server used by the TOE for folder transmission of the stored documents in the TOE to its folders SMTP Server A server used by the TOE for e mail transmission of the stored documents in the TOE External Authentication Server A server that identifies and authenticates the TOE user with Windows auth...

Page 12: ...eature Restriction Function Network Protection Function Residual Data Overwrite Function Stored Data Protection Function Security Management Function Software Verification Function Fax Line Separation Function 1 4 TOE Description This section describes Physical Boundary of TOE Guidance Documents Definition of Users Logical Boundary of TOE and Protected Assets 1 4 1 Physical Boundary of TOE The phy...

Page 13: ...processed by the MFP Control Software on the Controller Board The following describes the components of the Controller Board Processor A semiconductor chip that performs basic arithmetic processing for MFP operations RAM A volatile memory medium which is used as a working area for image processing such as compressing decompressing the image data It can also be used to temporarily read and write in...

Page 14: ...er Board OpePanel which is one of the components that constitute the TOE is the identifier for the Operation Panel Control Software Engine Unit The Engine Unit consists of Scanner Engine that is an input device to read paper documents Printer Engine that is an output device to print and eject paper documents and Engine Control Board The Engine Control Software is installed in the Engine Control Bo...

Page 15: ...emoved from the slot The SD Card where Data Erase Std is written is inserted into the slot in advance The SD Card Slot for users is used by users to print documents in the SD Card The slot is disabled at the time of installation 1 4 2 Guidance Documents The following sets of user guidance documents are available for this TOE English version 1 English version 2 and English version 3 Selection of th...

Page 16: ...uals for Users Aficio MP C300 MP C300SR MP C400 MP C400SR C230 C230SR C240 C240SR LD130C LD130CSR LD140C LD140CSR M026 6908 Manuals for Administrators Aficio MP C300 MP C300SR MP C400 MP C400SR C230 C230SR C240 C240SR LD130C LD130CSR LD140C LD140CSR M026 6909 Help 83NHBVENZ1 00 v118 FCU Quick Reference Fax Guide D483 8504 Fax Option Type C400 Machine Code D483 Installation Procedure For Machine Co...

Page 17: ... 7440 Operating Instructions Notes on Security Functions M026 7441 Manuals for Users Aficio MP C300 MP C300SR MP C400 MP C400SR MP C300 MP C300SR MP C400 MP C400SR A M026 6906 Manuals for Administrators Security Reference Aficio MP C300 MP C300SR MP C400 MP C400SR MP C300 MP C300SR MP C400 MP C400SR M026 6910 Help 83NHBVENZ1 00 v118 FCU Fax Option Type C400 Machine Code D483 Installation Procedure...

Page 18: ...unctions M026 7443 Manuals for Users Aficio MP C300 MP C300SR MP C400 MP C400SR MP C300 MP C300SR MP C400 MP C400SR M026 6904 Manuals for Administrators Aficio MP C300 MP C300SR MP C400 MP C400SR MP C300 MP C300SR MP C400 MP C400SR M026 6905 Help 83NHBVENZ1 00 v118 FCU Quick Reference Fax Guide D483 8505 Fax Option Type C400 Machine Code D483 Installation Procedure For Machine Code M022 M024 M026 ...

Page 19: ...and selectively authorised to perform user management machine management network management and file management Therefore the different roles of the management privilege can be allocated to multiple MFP administrators individually The MFP administrator in this ST refers to the MFP administrator who has all management privileges Table 6 Table 6 List of Administrative Roles Definition of Administrat...

Page 20: ...mer engineer is in charge of installation setup and maintenance of the TOE 1 4 4 Logical Boundary of TOE The Basic Functions and Security Functions are described as follows Figure 3 Logical Scope of the TOE 1 4 4 1 Basic Functions The overview of the Basic Functions is described as follows Copy Function The Copy Function is to scan paper documents and copy scanned image data from the Operation Pan...

Page 21: ... the Operation Panel Operating from a Web browser The TOE can print or delete printer documents according to the operations by users from a Web browser Deleting printer documents by the TOE The deletion of printer documents by the TOE differs depending on printing methods If locked print hold print or sample print is specified the TOE deletes printer documents when printing is complete If stored p...

Page 22: ...Data Storage Function A function to temporarily store paper documents or documents in the client computer for fax transmission in the TOE Those documents stored in the TOE are called fax documents Paper documents will be scanned and stored using the Operation Panel The documents in the client computer are sent to and stored in the TOE by operating the fax driver installed on the client computer Op...

Page 23: ...ly If the MFP administrator sets the Service Mode Lock Function to ON the customer engineer cannot use this function In this ST the Service Mode Lock Function is set to ON for the target of evaluation Web Function A function for the TOE user to remotely control the TOE from the client computer To control the TOE remotely the TOE user needs to install the designated Web browser on the client comput...

Page 24: ...is function can be used to register passwords that fulfil the requirements of the Minimum Character No i e minimum password length and obligatory character types the MFP administrator specifies so that the lockout function can be enabled and login password quality can be protected Document Access Control Function The Document Access Control Function is to authorise the operations for documents and...

Page 25: ...rmal users MFP administrator and supervisor Software Verification Function The Software Verification Function is to verify the integrity of the executable codes of the MFP Control Software and FCU Control Software and to ensure that they can be trusted Fax Line Separation Function The Fax Line Separation Function is to restrict input information from the telephone lines so that only fax data can b...

Page 26: ...and reading by users without viewing permissions In this ST confidential data listed below is referred to as TSF confidential data Login password audit log and HDD cryptographic key 1 4 5 3 Functions The MFP applications Copy Function Document Server Function Printer Function Scanner Function and Fax Function that are for management of the document data of user data are classified as protected ass...

Page 27: ...ification and authentication of TOE users who are authorised to use the TOE The TOE authenticates TOE users by using the login user names and the login passwords registered on the TOE External Authentication One of the procedures for identification and authentication of TOE users who are authorised to use the TOE The TOE authenticates TOE users by using the login user names and the login passwords...

Page 28: ... Function and Fax Function Stored document type Classification of stored documents according to their purpose of use This includes Document Server documents printer documents scanner documents fax documents and received fax documents Document Server documents One of the stored document types Documents stored in the TOE when Document Server storage is selected as the printing method for Copy Functi...

Page 29: ...MFP via networks to the SMTP Server The documents that can be delivered using this function include scanned documents using Scanner Function and scanned and stored document data using Scanner Function S MIME protects the communication for realising this function S MIME user information This information is required for e mail transmission using S MIME Also this information consists of e mail addres...

Page 30: ...uly 2009 Version 3 1 Revision 3 Final Japanese translation ver 1 0 Final CCMB 2009 07 003 Functional requirements Part 2 extended Assurance requirements Part 3 conformance 2 2 PP Claims The PP to which this ST and TOE are demonstrable conformant is PP Name Identification 2600 1 Protection Profile for Hardcopy Devices Operational Environment A Version 1 0 dated June 2009 Notes The PP name which is ...

Page 31: ... PP is written in English the security problem definitions in chapter 3 and security objectives in chapter 4 are translated from English into Japanese If the literal translation of the PP was thought to be difficult for readers to understand the PP in Japanese the translation was made comprehensible This however does not mean that its description deviates from the requirements of the PP conformanc...

Page 32: ...AU 7 and FIA_SOS 1 For the Basic Authentication function of the TOE FIA_AFL 1 FIA_UAU 7 and FIA_SOS 1 are augmented according to PP APPLICATION NOTE36 Refinement of FIA_UAU 1 a FIA_UAU 1 b FIA_UID 1 a FIA_UID 1 b and FIA_SOS 1 For authentication of normal users of this TOE Basic Authentication conducted by the TOE and authentication conducted by the external authentication server can be used Accor...

Page 33: ..._FDI_EXP Consistency Rationale of FDP_ACF 1 a While FDP_ACF 1 1 a and FDP_ACF 1 2 a in the PP require the access control SFP to the document data that is defined for each SFR package in the PP this ST requires the access control SFP to the document data that is defined for each document data attribute which is the security attribute for objects This is not a deviation from the PP but an instantiat...

Page 34: ... 1 a and as a result the TSF restrictively allows the MFP administrator to access the TOE functions Therefore the requirements described in FDP_ACF 1 3 b in the PP are satisfied at the same time The fax reception process which is accessed when receiving from a telephone line is regarded as a user with administrator privileges Therefore FDP_ACF 1 3 b in this ST satisfies FDP_ACF 1 3 b in the PP ...

Page 35: ...ons with a login user name but without an access permission to the document T FUNC ALT User job alteration User jobs under the TOE management may be altered by persons without a login user name or by persons with a login user name but without an access permission to the user job T PROT ALT Alteration of TSF protected data TSF Protected Data under the TOE management may be altered by persons withou...

Page 36: ... use of the external interfaces of the TOE operation of those interfaces shall be controlled by the TOE and its IT environment P STORAGE ENCRYPTION Encryption of storage devices The data stored on the HDD inside the TOE shall be encrypted P RCGATE COMM PROTECT Protection of communication with RC Gate As for communication with RC Gate the TOE shall protect the communication data between itself and ...

Page 37: ...procedures of their organisation are competent to correctly configure and operate the TOE in accordance with the guidance document following those policies and procedures A ADMIN TRUST Trusted administrator The responsible manager of MFP selects administrators who do not use their privileged access rights for malicious purposes according to the guidance document ...

Page 38: ...of user job alteration The TOE shall protect user jobs from unauthorised alteration by persons without a login user name or by persons with a login user name but without an access permission to the job O PROT NO_ALT Protection of TSF protected data alteration The TOE shall protect TSF Protected Data from unauthorised alteration by persons without a login user name or by persons with a login user n...

Page 39: ...yption of storage devices The TOE shall ensure that the data is encrypted first and then stored on the HDD O RCGATE COMM PROTECT Protection of communication with RC Gate The TOE shall conceal the communication data on the communication path between itself and RC Gate and detect any tampering with those communication data 4 2 Security Objectives of Operational Environment This section describes the...

Page 40: ...in users according to the guidance document and ensure that users are aware of the security policies and procedures of their organisation and have the competence to follow those policies and procedures OE ADMIN TRAINED Administrator training The responsible manager of MFP shall ensure that administrators are aware of the security policies and procedures of their organisation have the training comp...

Page 41: ...r Security Objectives O DOC NO_DIS O DOC NO_ALT O FUNC NO_ALT O PROT NO_ALT O CONF NO_DIS O CONF NO_ALT O USER AUTHORIZED OE USER AUTHORIZED O SOFTWARE VERIFIED O AUDIT LOGGED OE AUDIT_STORAGE PROTCTED OE AUDIT_ACCESS_AUTHORIZED OE AUDIT REVIEWED O INTERFACE MANAGED OE PHYSICAL MANAGED OE INTERFACE MANAGED O STORAGE ENCRYPTED O RCGATE COMM PROTECT OE ADMIN TRAINED OE ADMIN TRUSTED OE USER TRAINED ...

Page 42: ...orised in accordance with the security policies before being allowed to use the TOE By O DOC NO_ALT the TOE protects the documents from unauthorised alteration by persons without a login user name or by persons with a login user name but without an access permission to the document T DOC ALT is countered by these objectives T FUNC ALT T FUNC ALT is countered by O FUNC NO_ALT O USER AUTHORIZED and ...

Page 43: ...ble manager of MFP gives the authority to use the TOE to users who follow the security policies and procedures of their organisation By O USER AUTHORIZED the TOE requires identification and authentication of users and users are authorised in accordance with the security policies before being allowed to use the TOE By O CONF NO_ALT the TOE protects the TSF confidential data from unauthorised altera...

Page 44: ...nforced by O INTERFACE MANAGED and OE INTERFACE MANAGED By O INTERFACE MANAGED the TOE manages the operation of the external interfaces in accordance with the security policies By OE INTERFACE MANAGED the TOE constructs the IT environment that prevents unmanaged access to TOE external interfaces P INTERFACE MANAGEMENT is enforced by these objectives P STORAGE ENCRYPTION P STORAGE ENCRYPTION is enf...

Page 45: ...s upheld by this objective A ADMIN TRUST A ADMIN TRUST is upheld by OE ADMIN TRUSTED By OE ADMIN TRUSTED the responsible manager of MFP selects the administrators and they will not abuse their privileges in accordance with the guidance documents A ADMIN TRUST is upheld by this objective A USER TRAINING A USER TRAINING is upheld by OE USER TRAINED By OE USER TRAINED the responsible manager of MFP i...

Page 46: ...ily FPT_FDI_EXP has been defined to specify this kind of functionality Component levelling FPT_FDI_EXP Restricted forwarding of data to external interfaces 1 FPT_FDI_EXP 1 Restricted forwarding of data to external interfaces provides for the functionality to require TSF controlled processing of data received over defined external interfaces before these data are sent out on another external interf...

Page 47: ...ntrol instead of attribute based control It was found that using FDP_IFF and FDP_IFC for this purpose resulted in SFRs that were either too implementation specific for a Protection Profile or too unwieldy for refinement in a Security Target Therefore the authors decided to define an extended component to address this functionality This extended component protects both user data and TSF data and it...

Page 48: ...pendencies FPT_STM 1 Reliable time stamps FAU_GEN 1 1 The TSF shall be able to generate an audit record of the following auditable events a Start up and shutdown of the audit functions b All auditable events for the selection not specified level of audit and c assignment auditable events of the TOE shown in Table 11 FAU_GEN 1 2 The TSF shall record within each audit record at least the following i...

Page 49: ...ation of deleting document data Those described above storing printing downloading faxing sending by e mail delivering to folder and deleting are the job types of additional information that are required by the PP FDP_ACF 1 b a Minimal Successful requests to perform an operation on an object covered by the SFP b Basic All requests to perform an operation on an object covered by the SFP c Detailed ...

Page 50: ...se of the user identification mechanism including the user identity provided b Basic All use of the user identification mechanism including the user identity provided b Basic Success and failure of login operation FMT_SMF 1 a Minimal Use of the management functions a Minimal Record of management items in Table 29 FMT_SMR 1 a Minimal modifications to the group of users that are part of a role b Det...

Page 51: ...nt no other actions to be taken in case of audit storage failure if the audit trail is full FAU_SAR 1 Audit review Hierarchical to No other components Dependencies FAU_GEN 1 Audit data generation FAU_SAR 1 1 The TSF shall provide assignment the MFP administrators with the capability to read assignment all of log items from the audit records FAU_SAR 1 2 The TSF shall provide the audit records in a ...

Page 52: ...ignment cryptographic operations shown in Table 13 in accordance with a specified cryptographic algorithm assignment cryptographic algorithm shown in Table 13 and cryptographic key sizes assignment cryptographic key sizes shown in Table 13 that meet the following assignment standards shown in Table 13 Table 13 List of Cryptographic Operation Key Type Standard Cryptographic Algorithm Cryptographic ...

Page 53: ...bjects Objects and Operations among Subjects and Objects b Subjects Normal user process MFP administrator process Supervisor process RC Gate process Object MFP application Operation Execute FDP_ACF 1 a Security attribute based access control Hierarchical to No other components Dependencies FDP_ACC 1 Subset access control FMT_MSA 3 Static attribute initialisation FDP_ACF 1 1 a The TSF shall enforce...

Page 54: ...ata Document data SCN Delete Normal user process Not allowed However it is allowed for normal user process that created the document data Document data SCN Read Normal user process Not allowed However it is allowed for normal user process that created the document data Document data FAXOUT Delete Normal user process Not allowed However it is allowed for normal user process that created the documen...

Page 55: ...SF shall explicitly authorise access of subjects to objects based on the following additional rules assignment rules to control operations among subjects and objects shown in Table 18 Table 18 Additional Rules to Control Operations on Document Data and User Jobs a Objects Document Data Attributes Operations Subjects Rules to control Operations Document data PRT Delete MFP administrator process All...

Page 56: ...t Rule to control Operations MFP application Execute Normal user process Allows executing MFP application which MFP administrator allowed in available function list for normal user process FDP_ACF 1 3 b The TSF shall explicitly authorise access of subjects to objects based on the following additional rules assignment rules that the Fax Reception Function operated using administrator permission is ...

Page 57: ...Authentication Failure Unsuccessfully Authenticated Users Actions for Authentication Failure Normal user The lockout for the normal user is released by the lockout time set by the MFP administrator or release operation by the MFP administrator Supervisor The lockout for a supervisor is released by the lockout time set by the MFP administrator release operation by the MFP administrator or the TOE s...

Page 58: ...mplexity setting specified by the MFP administrator can be registered The MFP administrator specifies either Level 1 or Level 2 for password complexity setting FIA_UAU 1 a Timing of authentication Hierarchical to No other components Dependencies FIA_UID 1 Timing of identification FIA_UAU 1 1 a The TSF shall allow assignment the viewing of the list of user jobs Web Image Monitor Help from a Web bro...

Page 59: ...ndencies No dependencies FIA_UID 1 1 a The TSF shall allow assignment the viewing of the list of user jobs Web Image Monitor Help from a Web browser system status counter and information of inquiries execution of fax reception and repair request notification on behalf of the user to be performed before the user is identified refinement identification with Basic Authentication FIA_UID 1 2 a The TSF...

Page 60: ...ble 24 Rules for Initial Association of Attributes Users Subjects User Security Attributes Normal user Normal user process Login user name of normal user User role Available function list Supervisor Supervisor process User role MFP administrator MFP administrator process Login user name of MFP administrator User role RC Gate RC Gate process User role FIA_USB 1 3 The TSF shall enforce the following...

Page 61: ...operation permitted None Document user list when document data attributes are PRT SCN CPY and FAXOUT No operation permitted None Document user list when document data attribute is DSR Query modify MFP administrator applicable normal user who stored the document data Document user list when document data attribute is FAXIN Query modify MFP administrator FMT_MSA 1 b Management of security attributes...

Page 62: ... FMT_MSA 3 a Static attribute initialisation Hierarchical to No other components Dependencies FMT_MSA 1 Management of security attributes FMT_SMR 1 Security roles FMT_MSA 3 1 a The TSF shall enforce the assignment document access control SFP to provide selection restrictive default values for security attributes that are used to enforce the SFP FMT_MSA 3 2 a The TSF shall allow the assignment auth...

Page 63: ... alternative initial values to override the default values when an object or information is created FMT_MTD 1 Management of TSF data Hierarchical to No other components Dependencies FMT_SMR 1 Security roles FMT_SMF 1 Specification of Management Functions FMT_MTD 1 1 The TSF shall restrict the ability to selection query modify delete assignment newly create the assignment list of TSF data in Table ...

Page 64: ...er Newly create modify query delete MFP administrator Destination information for folder transmission Query Normal user Stored Reception File User Query modify MFP administrator User authentication procedures Query MFP administrator FMT_SMF 1 Specification of Management Functions Hierarchical to No other components Dependencies No dependencies FMT_SMF 1 1 The TSF shall be capable of performing the...

Page 65: ...trator when the Basic Authentication is used Query and modification of document user list by MFP administrator Query and modification of document user list by the normal user who stored the document Query and modification of available function list by MFP administrator Query of own available function list by normal user when the Basic Authentication is used Query and modification of date and time ...

Page 66: ...assignment the stored TSF executable code FPT_FDI_EXP 1 Restricted forwarding of data to external interfaces Hierarchical to No other components Dependencies FMT_SMF 1 Specification of Management Functions FMT_SMR 1 Security roles FPT_FDI_EXP 1 1 The TSF shall provide the capability to restrict data received on assignment the Operation Panel LAN telephone line from being forwarded without further ...

Page 67: ...FLR 2 was added to the set of components defined in evaluation assurance level 3 EAL3 Table 30 TOE Security Assurance Requirements EAL3 ALC_FLR 2 Assurance Classes Assurance Components ADV_ARC 1 Security architecture description ADV_FSP 3 Functional specification with complete summary ADV Development ADV_TDS 2 Architectural design AGD_OPE 1 Operational user guidance AGD Guidance documents AGD_PRE ...

Page 68: ...ing Table 31 shows the relationship between the TOE security functional requirements and TOE security objectives Table 31 shows that each TOE security functional requirement fulfils at least one TOE security objective Table 31 Relationship between Security Objectives and Functional Requirements O DOC NO_DIS O DOC NO_ALT O FUNC NO_ALT O PROT NO_ALT O CONF NO_DIS O CONF NO_ALT O USER AUTHORIZED O IN...

Page 69: ... X FIA_UAU 1 a X X FIA_UAU 1 b X X FIA_UAU 2 X X FIA_UAU 7 X FIA_UID 1 a X X FIA_UID 1 b X X FIA_UID 2 X X FIA_USB 1 X FPT_FDI_EXP 1 X FMT_MSA 1 a X X X FMT_MSA 1 b X FMT_MSA 3 a X X X FMT_MSA 3 b X FMT_MTD 1 X X X X FMT_SMF 1 X X X X FMT_SMR 1 X X X X FPT_STM 1 X FPT_TST 1 X FTA_SSL 3 X X FTP_ITC 1 X X X X X X X 6 3 2 Justification of Traceability This section describes below how the TOE security...

Page 70: ...restrictive value to the security attributes of document data object when document data are generated By satisfying FDP_ACC 1 a FDP_ACF 1 a FDP_RIP 1 FTP_ITC 1 FMT_MSA 1 a and FMT_MSA 3 a which are the security functional requirements for these countermeasures O DOC NO_DIS is fulfilled O DOC NO_ALT Protection of document alteration O DOC NO_ALT is the security objective to prevent the documents fr...

Page 71: ...cts each available operation newly create query modify and delete for the login user name to specified users only FMT_MSA 3 a sets the restrictive value to the security attributes of user jobs object when the user jobs are generated By satisfying FDP_ACC 1 a FDP_ACF 1 a FTP_ITC 1 FMT_MSA 1 a and FMT_MSA 3 a which are the security functional requirements for these countermeasures O FUNC NO_ALT is f...

Page 72: ...by the TOE via the LAN are protected by FTP_ITC 1 By satisfying FMT_MTD 1 FMT_SMF 1 FMT_SMR 1 and FTP_ITC 1 which are the security functional requirements for these countermeasures O CONF NO_DIS is fulfilled O CONF NO_ALT Protection of TSF confidential data alteration O CONF NO_ALT is the security objective to allow only users who can maintain the security to alter the TSF confidential data To ful...

Page 73: ...associate the users who are successfully identified and authenticated with the access procedures FDP_ACC 1 b and FDP_ACF 1 b allow the applicable normal user to use the MFP application according to the operation permission granted to the successfully identified and authenticated normal user 3 Complicate decoding of login password FIA_UAU 7 displays dummy letters as authentication feedback and prev...

Page 74: ... and FIA_UAU 1 a and FIA_UAU 1 b authenticate the identified users FIA_UID 2 identifies the persons who attempt to use the TOE from the interface for RC Gate communication and FIA_UAU 2 authenticates the persons 2 Automatically terminate the connection to the Operation Panel and LAN interface FTA_SSL 3 terminates the session after no operation is performed from the Operation Panel or LAN interface...

Page 75: ...SAR 2 and FPT_STM 1 which are the security functional requirements for these countermeasures O AUDIT LOGGED is fulfilled O STORAGE ENCRYPTED Encryption of storage devices O STORAGE ENCRYPTED is the security objective to ensure the data to be written into the HDD is encrypted To fulfil this security objective it is required to implement the following countermeasures 1 Generate appropriate cryptogra...

Page 76: ...s Claimed Dependencies Dependencies Satisfied in ST Dependencies Not Satisfied in ST FAU_GEN 1 FPT_STM 1 FPT_STM 1 None FAU_GEN 2 FAU_GEN 1 FIA_UID 1 FAU_GEN 1 FIA_UID 1 None FAU_STG 1 FAU_GEN 1 FAU_GEN 1 None FAU_STG 4 FAU_STG 1 FAU_STG 1 None FAU_SAR 1 FAU_GEN 1 FAU_GEN 1 None FAU_SAR 2 FAU_SAR 1 FAU_SAR 1 None FCS_CKM 1 FCS_CKM 2 or FCS_COP 1 FCS_CKM 4 FCS_COP 1 FCS_CKM 4 FCS_COP 1 FDP_ITC 1 or...

Page 77: ... a FMT_SMR 1 None FMT_MSA 3 b FMT_MSA 1 b FMT_SMR 1 FMT_MSA 1 b FMT_SMR 1 None FMT_MTD 1 FMT_SMR 1 FMT_SMF 1 FMT_SMR 1 FMT_SMF 1 None FMT_SMF 1 None None None FMT_SMR 1 FIA_UID 1 FIA_UID 1 None FPT_STM 1 None None None FPT_TST 1 None None None FTA_SSL 3 None None None FTP_ITC 1 None None None The following explains the rationale for acceptability in all cases where a dependency is not satisfied Ra...

Page 78: ...rcumvent or tamper with the TSF which is not covered in this evaluation The vulnerability analysis AVA_VAN 2 is therefore adequate for general needs However protection of the secrecy of relevant information is required to make security attacks more difficult and it is important to ensure a secure development environment Development security ALC_DVS 1 is therefore important also In order to securel...

Page 79: ...anded log items are recorded only when audit events occur and the audit log items shown in Table 34 are recorded FPT_STM 1 The date year month day and time hour minute second the TOE records for the audit log are derived from the system clock of the TOE FAU_SAR 1 FAU_SAR 2 and FAU_STG 1 The TOE displays the operation menu for audit logs to be read on a Web browser screen only when it is accessed b...

Page 80: ...tems Audit Log Items Setting Values of Audit Log Items Audit Events to record Audit Logs Starting date time of an event Values of the TOE system clock at an event occurrence Ending date time of an event Values of the TOE system clock at an event occurrence Event types Audit event identity Subject identity User or TOE identity for an audit event caused by the user or TOE Basic Log Items Outcome Aud...

Page 81: ... password entered from each driver by a user When the entered login user name is the login user name of a normal user MFP administrator or supervisor the TOE checks if the entered login password match with the one pre registered in the TOE FIA_UAU 1 b and FIA_UID 1 b Application of External Authentication The TOE identifies and authenticates a user by checking the login user name and login passwor...

Page 82: ...inates a session with RC Gate immediately after the communication with RC Gate is complete FIA_UAU 7 Regarding login passwords entered by a person who intends to use the TOE from the Operation Panel or a Web browser the TOE does not display the entered login password but it displays a sequence of dummy characters whose length is the same as that of the entered password FIA_AFL 1 When Basic Authent...

Page 83: ...Gate When the TOE receives a certificate from an IT device to access the TOE via RC Gate communication interface the TOE checks if the certificate matches another certificate installed in the TOE Only if the certificate sent from the IT device matches the one installed in the TOE so that the IT device is identified as RC Gate the IT device whose user role is RC Gate is allowed to use the TOE FPT_F...

Page 84: ... list of the stored documents that register the login user names of the normal users who logged in to the document user list and an operation menu They will be displayed according to the rules shown in Table 36 The privileges that allow users to edit the document user list are shown in 7 8 Security Management Function Also the TOE allows only the user job owner to view and delete the document data...

Page 85: ...f normal users are privileged to use Document Server Function 2 Access control rule on user jobs The TOE displays on the Operation Panel a menu to cancel a user job only if the user who logs in from the Operation Panel is a user job owner or MFP administrator and a cancellation of a user job is attempted by the owner or MFP administrator Other users are not allowed to operate user jobs When a user...

Page 86: ...37 shows the encrypted communications provided by the TOE Table 37 Encrypted Communications Provided by the TOE Encrypted communications provided by the TOE Communicating Devices Protocols Cryptographic Algorithms Client computer TLS1 0 AES 128bits 256bits 3DES 168bits External authentication server Kerberos AES 128bits 256bits RC Gate SSL3 0 TLS1 0 AES 128bits 256bits 3DES 168bits FTP server IPSe...

Page 87: ...t the data so that data leakage can be prevented FCS_CKM 1 and FCS_COP 1 The TOE encrypts data before writing it on the HDD and decrypts the encrypted data after reading it from the HDD This process is applied to all data written on and read from the HDD Detailed cryptographic operations are shown in Table 38 Table 38 List of Cryptographic Operations for Stored Data Protection Encryption triggerin...

Page 88: ...wly create MFP administrator Query modify Applicable MFP administrator Login user name of MFP administrator Operation Panel Web browser Query Supervisor Document data attributes No operation interfaces available No operations allowed None Document user list Stored document types are Document Server document scanner document fax document and printer document with stored print Operation Panel Web br...

Page 89: ...applied Operation Panel Web browser Query MFP administrator Settings for Lockout Release Timer when Basic Authentication is applied Web browser Query MFP administrator Lockout time for Basic Authentication Web browser Query MFP administrator Query modify MFP administrator Date settings year month day Operation Panel Web browser Query Supervisor normal user Query modify MFP administrator Time Opera...

Page 90: ...ser Query MFP administrator 1 The login user name of a normal user that is registered on an external authentication server is not changed even though the MFP administrator newly creates modifies and deletes the login user name of the normal user 2 If the MFP administrator modifies Stored Reception File User and if the stored document type of the document user list of document data is received fax ...

Page 91: ...e Document Server document scanner document and fax document Document user list Default values of a document user list assigned to each user Document data stored document type is printer document Document user list Login user name of a normal user who stored the document data Document data stored document type is fax received document Document user list Login user name of a normal user included in...

Page 92: ...ion used for integrity verification so that the integrity of the FCU Control Software can be verified To check the integrity of the FCU Control Software the information the TOE outputs will be compared with the information described in the guidance documents so that the integrity of the FCU Control Software can be verified 7 10 Fax Line Separation Function The Fax Line Separation Function is to re...

Search results

Summary of Contents for Aficio MP C300

Reviews:

Related manuals for Aficio MP C300

Brands by name

Popular brands

Ricoh Aficio MP C300, Manual

Search results

Summary of Contents for Aficio MP C300

Reviews:

Related manuals for Aficio MP C300

Brands by name

Popular brands