Ricoh imagio MP 6001 series, Aficio MP 9001 Series Manual Download Page 32

Page: 32 / 83

Page 31 of 82

Table 4: Relationship between security environment and security objectives

TOE
security
Environment

Security objectives

A.ADMIN

A.SUPERVISOR

A.NETWORK

T.ILLEGAL_USE

T.UNAUTH_ACCESS

T.ABUSE_SEC_MNG

T.SALVAGE

T.TRANSIT

T.FAX_LINE

P.SOFTWARE

O.AUDIT

O.I&A

O.DOC_ACC

O.MANAGE

O.MEM.PROTECT

O.NET.PROTECT

O.GENUINE

O.LINE_PROTECT

OE.ADMIN

OE.SUPERVISOR

OE.NETWORK

4.3.2

Tracing Justification

The following are the rationale for each security objectives being appropriate to satisfy "3.1 Threats", "3.2

Organisational Security Policies" and "3.3 Assumptions".

A.ADMIN

(Assumptions for administrators)

As specified by A.ADMIN, administrators shall have sufficient knowledge to operate the TOE securely in

the roles assigned to them and instruct general users to operate the TOE securely also. Additionally,

administrators are unlikely to abuse their permissions.

As specified by OE.ADMIN, the responsible manager of the MFP shall select trusted persons as

administrators and instruct them on their administrator roles. Once instructed, administrators then shall

instruct general users, familiarising them with the compliance rules for secure TOE operation as defined in

the administrator guidance for the TOE. Therefore, A.ADMIN is upheld.

A.SUPERVISOR

(Assumptions for supervisor)

As specified by A.SUPERVISOR, a supervisor shall have sufficient knowledge to operate the TOE

securely in the roles assigned to him/her, and be unlikely to abuse his/her permissions.

As specified by OE.SUPERVISOR, the responsible manager of the MFP shall select a trusted person as a

supervisor and instruct him/her on the role of supervisor. Therefore, A.SUPERVISOR is upheld.

Summary of Contents for imagio MP 6001 series, Aficio MP 9001 Series

Page 1: ...Copyright c 2010 RICOH COMPANY LTD All Rights Reserved imagio MP 7501 6001 series Aficio MP 9001 8001 7001 6001 series Security Target Author RICOH COMPANY LTD Date 2010 08 31 Version 1 00 ...

Page 3: ... 12 1 4 2 Guidance Documents 15 1 4 3 User Roles 17 1 4 3 1 Responsible Manager of MFP 17 1 4 3 2 Administrator 17 1 4 3 3 Supervisor 17 1 4 3 4 General User 18 1 4 3 5 Customer Engineer 18 1 4 4 Logical Boundaries of TOE 18 1 4 4 1 Basic Functions 19 1 4 4 2 Security Functions 21 1 4 5 Protected Assets 25 1 4 5 1 Document Data 25 1 4 5 2 Print Data 25 2 Conformance Claim 26 2 1 CC Conformance Cla...

Page 4: ...cation 44 6 1 5 Class FMT Security management 46 6 1 6 Class FPT Protection of the TSF 53 6 1 7 Class FTP Trusted path channels 53 6 2 Security Assurance Requirements 55 6 3 Security Requirements Rationale 56 6 3 1 Tracing 56 6 3 2 Justification of Traceability 57 6 3 3 Dependency Analysis 61 6 3 4 Security Assurance Requirements Rationale 63 7 TOE Summary Specification 64 7 1 TOE Security Functio...

Page 5: ...rmation 73 7 1 4 4 Management of General User Information 73 7 1 4 5 Management of Machine Control Data 74 7 1 5 SF CE_OPE_LOCK Service Mode Lock Function 75 7 1 6 SF CIPHER Encryption Function 75 7 1 6 1 Encryption of Document Data 75 7 1 7 SF NET_PROT Network Communication Data Protection Function 76 7 1 7 1 Use of Web Service Function from Client Computer 76 7 1 7 2 Printing and Faxing from Cli...

Page 6: ...tion 43 Table 14 List of authentication events 44 Table 15 Lockout release actions 44 Table 16 Rules for initial association of attributes 46 Table 17 Management roles of security attributes 47 Table 18 Characteristics of static attribute initialisation 48 Table 19 List of TSF data management 48 Table 20 List of specifications of Management Functions 50 Table 21 Services requiring trusted paths 54...

Page 8: ...th an optional product Fax Controller Unit hereafter called FCU The MFP is identified by the product name of the MFP hereafter called MFP name MFP model and version of software hardware and the FCU is identified by the product name of the FCU hereafter called FCU name and the version of FCU The following are the identification information for the TOE Manufacturer RICOH COMPANY LTD MFP Name Table 1...

Page 9: ...ier LD390 Lanier MP 6001 Lanier MP 7001 Lanier MP 8001 Lanier MP 9001 Gestetner MP 6001 Gestetner MP 7001 Gestetner MP 8001 Gestetner MP 9001 nashuatec MP 6001 nashuatec MP 7001 nashuatec MP 8001 nashuatec MP 9001 Rex Rotary MP 6001 Rex Rotary MP 7001 Rex Rotary MP 8001 Rex Rotary MP 9001 infotec MP 6001 infotec MP 7001 infotec MP 8001 infotec MP 9001 MFP Model SP MFP Version Software System Copy ...

Page 10: ...T device that provides the functions of a copier scanner printer and fax optional These functions are for digitising paper documents and managing and printing them 1 3 2 TOE Usage and Major Security Features of TOE The TOE has functions for inputting paper and electronic documents into the TOE storing the input document data and outputting it Paper documents are input using the MFP s scanning devi...

Page 11: ... above each function is described in 1 4 4 2 Security Functions 1 3 3 Environment for TOE Usage and Non TOE Configuration Items The TOE is assumed to be located in a general office The TOE can be connected to other devices over a network telephone line or USB connection according to users needs Users can operate the TOEfrom the Operation Panel a client computer connected to the local network or a ...

Page 12: ...nstalled on the client computer To print and fax from the client computer via the internal network or USB connection the printer driver RPCS printer driver for Ricoh imagio MP 7501 6001 series MFP and the PCL printer driver for Ricoh Internal network Internal network Internet External network Telephone line Office Firewall USB Connect Printer driver Fax driver Web browser Printer driver Fax driver...

Page 13: ...ine A telephone line is a line used to send and receive fax data from an external fax when the optional fax is installed Firewall A firewall is a device that is set between the internal and the external network and prote cts the internal network from the external network 1 4 TOE Description This section describes thephysical boundaries of the TOE user guidance documents user roles logical boundari...

Page 14: ... after input information has been sent from the key switches and LCD touch screen to the MFP Control Software or in response to direct instructions from the MFP Control Software Engine Unit The Engine Unit contains a Scanner Engine Printer Engine and the Engine Control Board The Scanner Engine is an input device to read the paper documents The Printer Engine is an output device for printing and ou...

Page 15: ... carries out the basic arithmetic processing of the MFP operation FlashROM A memory medium that System Copy Network Support Fax Web Support Web Uapl and Network Doc Box are installed on These components identify the TOE of theMFP Control Software RAM A volatile memory medium used for image processing NVRAM A non volatile memory medium in which MFP Control Data for configuring the MFP operation is ...

Page 16: ...the guidance document sets depends on the sales areas and or companies Details of the document sets are as follows Japanese version imagio MP 9001 7501 6001 series Operating Instructions About This Machine Written in Japanese imagio MP 9001 7501 6001 series Operating Instructions Troubleshooting Written in Japanese imagio MP 9001 7501 6001 series Operating Instructions Copy Document Server Referen...

Page 17: ...P 6001 MP 6001 SP MP 7001 MP 7001 SP MP 8001 MP 8001 SP MP 9001 MP 9001 SP Manuals for Administrators 9060 9060sp 9070 9070sp 9080 9080sp 9090 9090sp MP 6001 MP 6001 SP MP 7001 MP 7001 SP MP 8001 MP 8001 SP MP 9001 MP 9001 SP LD360 LD360 sp LD370 LD370 sp LD380 LD380 sp LD390 LD390 sp Aficio MP 6001 MP 6001 SP MP 7001 MP 7001 SP MP 8001 MP8001 SP MP 9001 MP 9001 SP Notes for Security Functions Not...

Page 18: ...nistrator One to four administrators can be registered for the TOE Administrator roles for administrators include user administration machine administration network administration and file administration Administrators may have concurrent administrator roles and administrator roles can be assigned to one or more administrators One default administrator is registered and assigned to all four admini...

Page 19: ... data in the TOE and perform operations on the document data 1 4 3 5 Customer Engineer A customer engineer hereafter CE is an expert in maintenance of the TOE and is employed by manufacturers technical support service companies and sales companies 1 4 4 Logical Boundaries of TOE The logical boundaries of the TOE comprise the functions provided by the TOE This section describes the Basic Functions ...

Page 20: ...upervisor are provided with the Management Function These functions are accessed by pushing the relevant buttons on the Operation Panel General users administrators and supervisor can use the Web Service Functions depending on their role Copy Function This function is for scanning originals and printing the scanned image according to the Print Settings specified by the user Print Settings include ...

Page 21: ...in the D BOX for faxing can be printed and deleted using the Document Server Function which is part of the Basic Functions and described later Although the MFP provides IP Fax and Internet Fax Function as a part of the Fax Function no evaluation based on this document is applied to these functions Scanner Function This function is for scanning and digitising paper originals and delivering scanned ...

Page 22: ...rinter Function can be printed When document data is printed the Print Setting information for the stored document data will be updated according to the user s settings 2 Sending document data stored in the D BOX Document data stored using the Scanner Function can be sent 3 Deleting document data stored in the D BOX 4 Downloading document data stored in the D BOX Document data stored using the Sca...

Page 23: ...word being viewed by others Password Quality Maintenance This forces users to register passwords that satisfy both the Minimum Password Length and Password Complexity Setting which the user administrator sets in advance Although this TOE has other Identification and Authentication Functions this evaluation does not cover the functions other than those listed above Document Data Access Control Func...

Page 24: ...s The communication protocol that is used to protect the communication data differs according to the method by which the document or print data is sent The network administrator decides the communication protocol to apply based on the environment in which the TOE is operating and the intended usage of the TOE 1 Download document data using the Web Service Function from a client computer SSL protoc...

Page 25: ...ave at least one administrator role one or more of their roles must be given to a new administrator when they register another administrator If administrators delete all of their own administrator roles their administrator information will be automatically deleted 3 Management of general user information Allows only users with specified user roles to newly create change and delete general user inf...

Page 26: ...twork or the USB Port that is then converted to a format that the TOE can handle Storing Document Data Document data stored inside the TOE is stored in the D BOX The D BOX protects the document data from unauthorised access and leakage Outputting Document Data Document data can be output by the following five methods 1 Sent by e mail to a client computer to the e mail address 2 Sent to SMB or FTP ...

Page 27: ...Part 2 Security functional components September 2007 Version 3 1 Revision 2 Japanese translation ver 2 0 CCMB 2007 09 002 Part 3 Security assurance components September 2007 Version 3 1 Revision 2 Japanese translation ver 2 0 CCMB 2007 09 003 Functional requirements Part 2 conformance Assurance requirements Part 3 conformance 2 2 PP Claims Package Claims This ST and TOE do not conform to any PPs T...

Page 28: ...ss violation to protected assets stored in TOE Authorised TOE users may breach the limits of authorised usage and access document data through the external TOE interfaces the Operation Panel network interface or USB Port that are provided forthem T ABUSE_SEC_MNG Abuse of Security Management Function Persons not authorised to use Security Management Functions may abuse them T SALVAGE Salvaging memo...

Page 29: ...OE securely in the roles assigned to them and will instruct general users to operate the TOE securely also Additionally administrators shall not abuse their permissions maliciously A SUPERVISOR Assumptions for supervisor A supervisor shall have sufficient knowledge to operate the TOE securely in the roles assigned to him her and shall not abuse his her permission maliciously A NETWORK Assumption f...

Page 30: ...hich they have permission O DOC_ACC Access control to protected assets The TOE shall ensure general users have access to document data according to their permissions to process document data The TOE shall also allow the file administrator to delete document data stored in the D BOX O MANAGE Security management The TOE shall only allow specified users to manage its Security Functions TSF data and s...

Page 31: ...cted to an external network such as the Internet the organisation that manages operation of the internal network shall close any unnecessary ports between the external and internal networks e g by employing a firewall 4 3 Security Objectives Rationale This section describes the rationale of the security objectives If all security objectives are fulfilled as explained in the following the security ...

Page 32: ...operate the TOE securely in the roles assigned to them and instruct general users to operate the TOE securely also Additionally administrators are unlikely to abuse their permissions As specified by OE ADMIN the responsible manager of the MFP shall select trusted persons as administrators and instruct them on their administrator roles Once instructed administrators then shall instruct general user...

Page 33: ...dentified by O I A to access to document data according to the operation permission on document data that are assigned to the authorised users roles and the authorised users by O DOC_ACC For example if the authorised user is the general user the TOE allows the general user to perform operations on document data according to the operation permissions If the authorised user is a file administrator t...

Page 34: ... or not O NET PROTECT was performed Therefore the TOE can counter T TRANSIT T FAX_LINE Intrusion via telephone line To counter this threat the TOE prevents the intrusion from a telephone line connected to Fax Unit to the TOE by O LINE_PROTECT In addition the performance of O LINE_PROTECT is recorded as audit logs by O AUDIT and the function to read audit logs is only provided to the machine admini...

Page 35: ...s Reserved 5 Extended Components Definition In this ST and TOE there are no extended components i e the new security requirements and security assurance requirements that are not described in the CC which is claimed the conformance in 2 1 CC Conformance Claim ...

Page 36: ...encies FPT_STM 1 Reliable time stamps FAU_GEN 1 1 The TSF shall be able to generate an audit record of the following auditable events a Start up and shutdown of the Audit Functions b All auditable events for the selection not specified level of audit and c assignment auditable events of the TOE shown inTable 5 Table 5 shows the actions CC rules recommended by the CC as auditable for each functiona...

Page 37: ... Basic All requests to perform an operation on an object covered by the SFP c Detailed The specific security attributes used in making an access check Individually defined auditable events 1 Storage of document data successful 2 Reading of document data successful 3 Deletion of document data successful FDP_IFC 1 None FDP_IFF 1 a Minimal Decisions to permit requested information flows b Basic All d...

Page 38: ... authentication mechanism Basic 1 Login Outcome Success Failure FIA_UAU 7 None FIA_UID 2 a Minimal Unsuccessful use of the user identification mechanism including the user identity provided b Basic All use of the user identification mechanism including the user identity provided Basic 1 Login Outcome Success Failure FIA_USB 1 a Minimal Unsuccessful binding of user security attributes to a subject ...

Page 39: ...ministrator roles 2 Lockout release by the unlocking administrator 3 Changing time and date of system clock FMT_SMR 1 a Minimal modifications to the group of users that are part of a role b Detailed every use of the rights of a role a Minimal 1 Adding and deleting administrator roles FPT_STM 1 a Minimal changes to the time b Detailed providing a timestamp a Minimal 1 Changing time and date of syst...

Page 40: ...ncluded in the PP ST assignment communication IP address IDs of persons whose authentication information is created changed deleted Locking out users release of user Lockout method of Lockout release IDs of object d ocument data FAU_SAR 1 Audit review Hierarchical to No other components Dependencies FAU_GEN 1 Audit data generation FAU_SAR 1 1 The TSF shall provide assignment the machine administra...

Page 41: ...ith a specified cryptographic key generation algorithm assignment cryptographic key generation algorithm shown in Table 6 and specified cryptographic key size assignment cryptographic key size shown in Table 6 that meet the following assignment standard shown in Table 6 Table 6 List of cryptographic key generation Key type Standard Cryptographic key generation algorithm Cryptographic key size HDD ...

Page 42: ...ts and operations among subjects and objects Subjects Objects Operations among subjects and objects Administrator process Document data Deleting document data General user process Document data Storing document data Reading document data Deleting document data FDP_ACF 1 Security attribute based access control Hierarchical to No other components Dependencies FDP_ACC 1 Subset access control FMT_MSA ...

Page 43: ...s has permission to delete document data if the general user ID associated with the general user process matches either the document file owner ID or a document file user ID in the document data ACL associated with the document data and if the matched ID has permission for editing deleting or full control permission FDP_ACF 1 3 The TSF shall explicitly authorise access of subjects to objects based...

Page 44: ...curity attributes Subject Fax process on Fax Unit No security attributes Subject Fax reception process on Controller Board No security attributes Information Data received from a telephone line Data type Note Data type means the type of data received from a telephone line and indicates whether this is fax or non fax data FDP_IFF 1 2 The TSF shall permit an information flow between a controlled sub...

Page 45: ... of the Lockout release actions shown in Table 15 is taken Table 15 Lockout release actions Lockout release actions Details Auto Lockout Release If the user fails to authenticate after making the number of attempts specified for Lockout release and the Lockout time between 1 and 9999 minutes set in advance by the machine administrator has elapsed then Lockout will be released upon the first succes...

Page 46: ...user administrator 8 32 characters and no more than 128 characters For administrators and a supervisor No fewer than theMinimum Password Length specified by the user administrator 8 32 characters and no more than 32 characters 3 Rule Passwords that are composed of a combination of characters based on the Password Complexity Setting specified by the user administrator can be registered The user adm...

Page 47: ...nforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users assignment rules for the initial association of attributes listed in Table16 Table 16 Rules for initial association of attributes Users Subjects Security attributes of users General user General user process General user ID Document data default ACL Administrator Administra...

Page 48: ...o own the administrator IDs Administrator IDs Query Supervisor Administrator roles Query add delete Administrators who are assigned these administrator roles Supervisor ID Query change Supervisor Document data ACL Query modify File administrator Document file owner General users who have full control operation permissions for the relevant document data Document data default ACL a data item of gene...

Page 49: ...cation of Management Functions FMT_MTD 1 1The TSF shall restrict the ability to selection query modify delete assignment register change entirely delete newly create the assignment list of TSF data management in Table 19 to assignment roles in Table 19 Table 19 List of TSF data management TSF data Operations User roles Newly create change delete User administrator Authentication information of gen...

Page 50: ...e administrator Supervisor Lockout Flag for general users Query modify User administrator Lockout Flag for administrators Query modify Supervisor Lockout Flag for supervisor Query modify Machine administrator Query newly create delete change User administrator Applicable general users of S MIME user information S MIME user information a data item of general user information Query General users Des...

Page 51: ...tes used to make explicit access based decisions None Attributes data type used to make explicit access based decisions are fixed and there are no interfaces to change FIA_AFL 1 a Management of the threshold for unsuccessful authentication attempts b Management of actions to be taken in the event of an authentication failure a Security Management Function management of machine control data managem...

Page 52: ...administrator authentication information by supervisor Security Management Function management of supervisor information management of supervisor authentication information by supervisor FIA_UAU 7 None FIA_UID 2 a Management of the user identities Security Management Function management of general user information management of general user IDs by the user administrator Security Management Functio...

Page 53: ...general user information c None No rules by which security attributes inherit specified values FMT_MTD 1 a Managing the group of roles that can interact with the TSF data None No groups of roles can interact with TSF data FMT_SMF 1 None FMT_SMR 1 a Managing the group of users that are part of a role Management of administrator roles by administrators FPT_STM 1 a Management of the time Security Man...

Page 54: ...nt encryption function of the Ic Ctlr FPT_TST 1 2 The TSF shall provide authorised users with the capability to verify the integrity of the selection assignment HDD cryptographic key FPT_TST 1 3 The TSF shall provide authorised users with the capability to verify the integrity of stored TSF executable code 6 1 7 Class FTP Trusted path channels FTP_ITC 1 Inter TSF trusted channel Hierarchical to No...

Page 55: ...trusted path FTP_TRP 1 3 The TSF shall require the use of the trusted path for selection initial user authentication assignment TOE web service printing service from a client computer fax s ervice from a client computer and e mail service to a client computer from the TOE Table 21 shows the services that require the trusted path defined in FTP_TRP 1 3 and used by each user who communicates via tru...

Page 56: ...guidance AGD Guidance documents AGD_PRE 1 Preparative procedures ALC_CMC 3 Authorisation controls ALC_CMS 3 Implementation representation CM coverage ALC_DEL 1 Delivery procedures ALC_DVS 1 Identification of security measures ALC Life cycle support ALC_LCD 1 Developer defined life cycle model ASE_CCL 1 Conformance claims ASE_ECD 1 Extended components definition ASE_INT 1 ST introduction ASE_OBJ 2 ...

Page 57: ...nts and TOE security objectives The v in the table indicates that the TOE security functional requirement fulfils the TOE security objective Table 23 shows that each TOE security functional requirementfulfils at least one TOE security objective Table 23 Relationship between security objectives and functional requirements O AUDIT O I A O DOC_ACC O MANAGE O MEM PROTECT O NET PROTECT O GENUINE O LINE...

Page 58: ...formation whenever an AuditFunction starts and ends whenever an identification or authentication function is performed whenever users operate protected assets whenever protected assets are encrypted and whenever a major Management Function is performed The log also records the date time type subject identity and outcome of each event b Provide Audit Function To fulfil O AUDIT access to audit logs ...

Page 59: ...FIA_UAU 7 prevents passwords being viewed by displaying masking characters asterisks or bullets in place of each password character entered in the authentication feedback area FIA_SOS 1 accepts only passwords that satisfy theMinimum Password Length and password character combination specified by the user administrator and it enables only passwords that are not easily guessable FIA_AFL 1 also reduc...

Page 60: ... general users with full control operation permission for the document data to query and modify the default ACLs of document data FMT_MSA 3 specifies the default value of the document data ACL for storage of new document data 2 Management and protection of TSF data To fulfil O MANAGE access to TSF data shall be limited to specified users For this FMT_MTD 1 allows the machine administrator to query...

Page 61: ...orithm based on BSI AIS31 and FCS_COP 1 encrypts document data when it is stored on the HDD and decrypts it when it is read from the HDD using the encryption keys generated with the AES encryption algorithm which corresponds to FIPS197 Additionally FTP_TST 1 tests at the TOE start up the validity of encryption keys and the performance of the IcCtlr where encryption is performed and this prevents s...

Page 62: ... To fulfil O LINE_PROTECT unauthorised access by an attacker to the TOE via telephone line shall be prevented For this FDP_IFC 1 and FDP_IFF 1 allow fax data to pass from thefax process on the Fax Unit to the fax reception process on the Controller Board only if the data received from the telephone line is fax data 6 3 3 Dependency Analysis Table 24 shows the correspondence of dependencies in this...

Page 63: ..._SMR 1 None FMT_SMF 1 None None None FMT_SMR 1 FIA_UID 1 FIA_UID 2 FIA_UID 1 FPT_STM 1 None None None FPT_TST 1 None None None FTP_ITC 1 None None None FTP_TRP 1 None None None The following explains the rationale of acceptability in all cases where a dependency is not satisfied Rationale for Removing Dependencies on FCS_CKM 4 In this TOE the HDD encryption keys are stored in an area that cannot b...

Page 64: ... TOE exists Architectural design ADV_TDS 2 is adequate to show the validity of commercially available products A high attack potential is required for attacks that circumvent or tamper with the TSF which is not covered in this evaluation The vulnerability analysis AVA_VAN 2 is therefore adequate for general needs However protection of the secrecy of relevant information is required to make securit...

Page 65: ...SEC_MNG Security Management Function SF CE_OPE_LOCK Service Mode Lock Function SF CIPHER Encryption Function SF NET_PROT Network Communication Data Protection Function SF FAX_LINE Protection Function for Intrusion via Telephone Line SF GENUINE MFP Control Software Verification Function As Table 25 shows at least one TOE Security Function satisfies each security functional requirements described in...

Page 66: ...he security functional requirements that correspond to these TOE Security Functions 7 1 1 SF AUDIT Audit Function The TOE starts the AuditFunction when power is supplied and the TOE starts up and keeps running the Audit Function until power down While the AuditFunction is running the TOE creates audit logs whenever an auditable event occurs These audit logs must be protected from loss before audit...

Page 67: ...able events Basic audit information Expanded audit information Starting Audit Function 1 Ending Audit Function 1 Login Starting Lockout Locked out user Releasing Lockout Locked out user who is to be released Release methods auto Lockout release manual Lockout release Lockout release at TOE startup 2 HDD encryption key generation Successful storage of document data ID of object document data Succes...

Page 68: ...e the user IDs but can identify systems are set Since there are no interfaces on the TOE for modifying audit logs unauthorised modification for the audit logs are not performed and the machine administrator who can delete the audit logs will not carry out any malicious acts using administrator privileges By the above FAU_GEN 1 Audit data generation FAU_STG 1 Protected audit trail storage and FAU_S...

Page 69: ...ndings and associations If the user is a supervisor the TOE binds the supervisor to supervisor processes associates supervisor processes with the supervisor ID and maintains those bindings and associations Authentication methods vary according to the user s role Table 27 shows the authentication methods for each user role Table 27 User roles and authentication methods User roles Authentication met...

Page 70: ...nistrator any role or a supervisor is locked out as a special Lockout release operation restarting the TOE releases Lockout Table 28 Unlocking administrators for each user role User roles locked out users Unlocking administrators General users User administrator Administrators all administrator roles Supervisor Supervisor Machine administrator By the above FIA_AFL 1 Authentication failure handling...

Page 71: ...computer where the user authenticated Availability of document data is based on the roles assigne d to the user who has been successfully authenticated by the Identification and Authentication Function or the authorisation assigned to the individual user This section describes the access control function that allows users to access document data based on their user role Following are the explanati...

Page 72: ...F SEC_MNG Security Management Function and their corresponding security functional requirements 7 1 4 1 Management of Document Data ACL Management of the document data ACL allows operations on the document data ACL from theOperation Panel or Web Service Function to be restricted to specified users only Operations on the document data ACL include changing the document file owner and the document fi...

Page 73: ...stering and deleting document file users and changing the document file users operation permissions for the document data By the above FMT_MSA 1 Management of security attributes FMT_MSA 3 Static attribute initialisation and FMT_SMF 1 Specification of management functions are satisfied 7 1 4 2 Management of Administrator Information Management of administrator information allows only specified use...

Page 74: ...MT_MTD 1 Management of TSF data FMT_SMF 1 Specification of management functions and FMT_SMR 1 Security roles are satisfied 7 1 4 4 Management of General User Information Management of general user information allows only specified users to perform all or some of the operations involved in creating changing and deleting general user information from the Operation Panel or Web Service Function Gener...

Page 75: ...machine control data by specified users only The TOE allows only specified users to use the functions that set the machine control data from specified operation interfaces Table 33 shows for each item of machine control data the range of values that can be set the operations available the authorised setter and the operation interfaces allowed by the TOE The TOE also allows the user administrator a...

Page 76: ... all authorised users to view the value of the setting If the Service Mode Lock Function is set to Off the TOE allows only the CE to use theMaintenance Functions If it is set to On the TOE does not allow the CE to use theMaintenance Functions By the above FMT_MTD 1 Management of TSF data is satisfied 7 1 6 SF CIPHER Encryption Function The TOE encrypts the document data to be stored on the HDD Fol...

Page 77: ...raphic operation FMT_MTD 1 Management of TSF data and FPT_TST 1 TSF testing are satisfied 7 1 7 SF NET_PROT Network Communication Data Protection Function This protects document data and print data in transit on internal networks from leakage and also detects attempts at tampering Following are explanations of each functional item in SF NET_PROT Network Communication Data Protection Function and t...

Page 78: ... for Intrusion via Telephone Line When it receives fax data from the telephone line the TOE passes the data to theController Board If the received data is not fax data the TOE discards it By the above FDP_IFC 1 Subset information flow control and FDP_IFF 1 Simple security attributes are satisfied 7 1 9 SF GENUINE MFP Control Software Verification Function At every TOE start up the MFP Control Soft...

Page 79: ...connected to a telephone line MFP An abbreviation for digital multi function product In this ST MFP also refers to the TOE Responsible manager of MFP A person in an organisation in which MFPs are used and who has authority to assign MFP administrators and a supervisor Or the person who is responsible for the organisation Examples MFP purchaser MFP owner manager of a department where MFPs are used ...

Page 80: ... supervisor Network administration An administrator role assigning responsibility for management of the TOE s network connections The network administrator is a person with network management responsibility Network control data MFP control data for connecting MFP to networks Minimum Password Length The minimum number of digits that can be registered in passwords Password Complexity Setting The min...

Page 81: ...users as data items that include the general user ID general user authentication information document data default ACL and S MIME user information General user authentication information A password for identification and authentication of a general user Print data The document files in a client computer that are sent to the TOE from a client computer to be printed or faxed Drivers must be installe...

Page 82: ...a stored earlier in the D BOX Direct Print Function A function that prints print data received by the TOE Immediate Transmission A function that dials first then faxes data while scanning the original Internal networks Networks managed by an organisation that has an MFP Normally refers to an office LAN environment established as an intranet Document file owner General users who are registered in t...

Page 83: ... Japanese translated version Common Criteria for Information Technology Security Evaluation Version3 1 Part 1 Introduction and general model Revision 1 Japanese translation ver 1 2 Part 2 Security functional components Revision 2 Japanese translation ver 2 0 Part 3 Security assurance components Revision 2 Japanese translation ver 2 0 Evaluation Methodology English version Common Methodology for In...

Search results

Summary of Contents for imagio MP 6001 series, Aficio MP 9001 Series

Reviews:

Related manuals for imagio MP 6001 series, Aficio MP 9001 Series

Brands by name

Popular brands

Ricoh imagio MP 6001 series, Aficio MP 9001 Series, Manual

Search results

Summary of Contents for imagio MP 6001 series, Aficio MP 9001 Series

Reviews:

Related manuals for imagio MP 6001 series, Aficio MP 9001 Series

Brands by name

Popular brands