manualshive.com logo in svg

Samsung X4220, Instruction Manual

Share
Download
Samsung X4220 Instruction Manual Download Page 70

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 

 

70

 

Copyright

 2014 SAMSUNG ELECTRONICS Co., Ltd., All rights reserved

 

 

Content and presentation elements: 

ASE_REQ.2.1C   

The  statement  of  security  requirements  shall  describe  the  SFRs  and 
the SARs. 

ASE_REQ.2.2C   

All  subjects,  objects,  operations,  security  attributes, external entities 
and  other  terms  that  are  used  in  the  SFRs  and  the  SARs  shall  be 
defined. 

ASE_REQ.2.3C   

The  statement  of  security  requirements  shall  identify  all  operations 
on the security requirements. 

ASE_REQ.2.4C   

All operations shall be performed correctly. 

ASE_REQ.2.5C   

Each dependency of the security requirements shall either be satisfied, 

or the security requirements rationale shall justify the dependency not 
being satisfied. 

ASE_REQ.2.6C   

The security requirements rationale shall trace each SFR back to the 
security objectives for the TOE. 

ASE_REQ.2.7C   

The  security  requirements  rationale  shall  demonstrate  that  the  SFRs 
meet all security objectives for the TOE. 

ASE_REQ.2.8C   

The security requirements rationale shall explain why the SARs were 
chosen. 

ASE_REQ.2.9C   

The statement of security requirements shall be internally consistent. 

Evaluator action elements: 

ASE_REQ.2.1E   

The  evaluator  shall  confirm  that  the  information  provided  meets  all 
requirements for content and presentation of evidence. 

 

6.2.1.6

 

ASE_SPD.1 Security problem definition 

Dependencies:   

No dependencies. 

Developer action elements: 

ASE_SPD.1.1D   

The developer shall provide a security problem definition. 

Content and presentation elements: 

ASE_SPD.1.1C   

The security problem definition shall describe the threats. 

ASE_SPD.1.2C   

All threats shall be described in terms of a threat agent, an asset, and 
an adverse action. 

ASE_SPD.1.3C   

The security problem definition shall describe the OSPs. 

ASE_SPD.1.4C   

The security problem definition shall describe the assumptions about 
the operational environment of the TOE. 

Evaluator action elements: 

ASE_SPD.1.1E   

The  evaluator  shall  confirm  that  the  information  provided  meets  all 
requirements for content and presentation of evidence. 

 

6.2.1.7

 

ASE_TSS.1 TOE summary specification 

Dependencies:   

ASE_INT.1 ST introduction 

Summary of Contents for X4220

Page 1: ...part of the information contained in this document may be reproduced without the prior consent of SAMSUNG ELECTRONICS Co Ltd Samsung Multifunction MultiXpress X4220 X4250 X4300 X401 K4250 K4300 K4350 K401 Series Security Target Version 1 2 SAMSUNG ELECTRONICS Co Ltd ...

Page 2: ...yright 2014 SAMSUNG ELECTRONICS Co Ltd All rights reserved Document History VERSION DATE DESCRIPTION OF CHANGE SECTIONS AFFECTED REVISED BY 1 0 2014 04 27 Initial version ALL Kwangwoo Lee 1 1 2014 09 30 KSEL CC 2014 EOR 03 V1 00 ALL Kwangwoo Lee 1 2 2014 10 14 Error Correction ALL Kwangwoo Lee ...

Page 3: ...ale 27 2 4 3 Security Functional Requirements related Conformance Claim Rationale 28 2 4 4 Security Assurance Requirements related Conformance Claim Rationale 30 2 4 5 TOE type related Conformance Claim Rationale 31 3 Security Problem Definition 32 3 1 THREATS AGENTS 32 3 1 1 Threats to TOE Assets 32 3 2 ORGANIZATIONAL SECURITY POLICIES 33 3 3 ASSUMPTIONS 33 3 3 1 Assumptions for the TOE 33 4 Secu...

Page 4: ...port 74 6 2 5 Class ATE Tests 76 6 2 6 Class AVA Vulnerability assessment 78 6 3 SECURITY REQUIREMENTS RATIONALE 79 6 3 1 Security Functional Requirements Rationale 79 6 3 2 Security Assurance Requirements Rationale 84 6 4 DEPENDENCY RATIONALE 84 6 4 1 SFR Dependencies 84 6 4 2 SAR Dependencies 86 7 TOE Summary Specification 87 7 1 TOE SECURITY FUNCTIONS 87 7 1 1 Identification Authentication TSF_...

Page 5: ...ion MultiXpress X4220 X4250 X4300 X401 K4250 K4300 K4350 K401 Series 5 Copyright 2014 SAMSUNG ELECTRONICS Co Ltd All rights reserved LIST OF FIGURES Figure 1 Operational Environment of the TOE 9 Figure 2 Logical Scope 15 ...

Page 6: ...to User Data for the TOE 32 Table 15 Threats to TSF Data for the TOE 32 Table 16 Organizational Security Policies 33 Table 17 Assumptions for the TOE 33 Table 18 Security Objectives for the TOE 35 Table 19 Security Objectives for the TOE Additional 36 Table 20 Security Objectives for Operational Environment 36 Table 21 Completeness of Security Objectives 38 Table 22 Sufficiency of Security Objecti...

Page 7: ...nsumers home or office use by small businesses office use by medium or large organizations self service use by the public in retail copy shops libraries business centers or educational institutions and production use by commercial service providers This TOE may contain or process valuable or sensitive assets that need to be protected from unauthorized disclosure and alteration The utility of the d...

Page 8: ...able security functions manage TSF data and the security attributes and maintain security roles Security Audit The TOE stores and manages internal events occurring in the TOE Audit logs are stored on the hard disk drive and can be reviewed or exported by U ADMINISTRATOR through the remote user interface Image Overwrite The TOE provides an image overwrite function to securely delete temporary files...

Page 9: ... are allowed Figure 1 Operational Environment of the TOE The TOE is intended to operate in a network environment that is protected by a firewall from external malicious attacks and with reliable PCs and authenticated servers U USER is able to access the TOE by using local user interface LUI or remote user interface RUI The LUI is designed to be accessed by U USER The U USER can operate copy scan a...

Page 10: ...cation server identifies and authenticates the U NORMAL if external authentication mode is enabled by U ADMINISTRATOR PC A computer for U USER to access TOE if it is connected to the LAN and U USER can remotely operate the TOE from the client computer A web browser allows U ADMINISTRATOR to connect to the TOE to use security management functions e g audit log review network access control etc and ...

Page 11: ... web browser allows U ADMINISTRATOR to connect to the TOE to use security management functions e g audit log review network access control etc and allows U NORMAL to use basic functions e g print information etc Note that U USER shall set the IPSec configuration to connect the MFP U USER can install the printer driver to print out the documents System Requirement Operating System Windows 7 32bit 6...

Page 12: ... is consists of UI control board power button LED indicators and a TFT LCD touch screen The UI control board manages the LUI Local User Interface operation and display U USER can operate the MFP through LCD touch screen and button LED indicators show the current status of TOE DADF Engine A DADF Duplexing Automatic Document Feeder Engine controls the DADF features It scans both sides in one pass Th...

Page 13: ...ding or collating Optional Tray The Optional Tray automatically takes paper HDD The HDD is a hard disk drive that is a non volatile memory The HDD removal is prevented by the design of the system The physical scope of the TOE is as follows 1 The physical scope of the TOE consists of all hardware and firmware of the MFP MFP Model X4220 X4250 X4300LX X401 Series K4250 K4300 K4350 K401 Series TOE ver...

Page 14: ...ess X4220 X4250 X4300 X401 K4250 K4300 K4350 K401 Series 14 Copyright 2014 SAMSUNG ELECTRONICS Co Ltd All rights reserved Samsung Multifunction MultiXpress X4220 X4250 X4300 X401 K4250 K4300 K4350 K401 Series Installation Guide V1 1 ...

Page 15: ... electronic document from its hardcopy form Copy Function duplicating a hardcopy document Fax Function scanning documents in hardcopy form and transmitting them in electronic form over telephone lines and receiving documents in electronic form over telephone lines and printing them in hardcopy form Shared medium Interfaces transmitting or receiving User Data or TSF Data between the MFP and externa...

Page 16: ...n for U USER to only use certain feature of the machine The TOE provides the Common Access Control TOE Function Access Control based on the user role assigned to a user group ID by U ADMINISTRATOR when U NORMAL performs read delete modify operations on the data owned by U NORMAL or when U NORMAL accesses print scan copy fax functions offered by the MFP The TOE shall terminate an interactive sessio...

Page 17: ... ADMINISTRATOR is authorized to view or export the audit data but even U ADMINISTRATOR shall not delete log data manually The TOE protects Security Audit Data stored on the hard disk drive It prevents any unauthorized alteration to the Security Audit Data and when each log events exceeds the maximum number the TOE overwrites the oldest stored audit records and generates an audit record of overwrit...

Page 18: ...icious content it may threaten the TOE asset To prevent this kind of threat the TOE inspects whether the received fax image is standardized with MMR MR or MH of T 4 specification or not before forwarding the received fax image to e mail or SMB FTP U ADMINISTRATOR can restrict this forwarding function When non standardized format data are discovered the TOE destroys the fax image Self Testing TSF_S...

Page 19: ...rovided by the CC in stating a requirement Selections are denoted by underlined italicized text Assignment The assignment operation is used to assign a specific value to an unspecified parameter such as the length of a password Showing the value in square brackets assignment_value s indicates an assignment Iteration Iterated functional components are given unique identifiers by appending to the co...

Page 20: ...Series 20 Copyright 2014 SAMSUNG ELECTRONICS Co Ltd All rights reserved Application note clarifies the definition of requirement It also can be used when an additional statement except for the four presentations previously mentioned Application notes are denoted by underlined text ...

Page 21: ...tiple devices copy print scan or fax in one Manual Image Overwrite The Manual Image Overwrite function overwrites all stored files including image files and preserved files on the hard disk drive and the function should only be manually performed by a U ADMINISTRATOR through the LUI U ADMINISTRATOR This is an authorized user who manages the TOE System administrator manages the TOE through LUI and ...

Page 22: ...rwrite automatically carries out overwriting operations on temporary image files at the end of each job such as copy scan scan to email scan to FTP or scan to SMB Or the Automatic Image Overwrite overwrites the files on the hard disk drive when a user initiates a delete operation FAX This is a function that transmits data scanned in the MFP through a fax line and receives fax data directly from a ...

Page 23: ...ia for Information Technology Security Evaluation CEM Common Methodology for Information Technology Security Evaluation EAL Evaluation Assurance Level HDD Hard Disk Drive ISO International Standards Organization IT Information Technology LUI Local User Interface MFP Multi Function Peripheral OSP Organizational Security Policy PP Protection Profile PPM Pages Per Minute PSTN Public Switched Telephon...

Page 24: ...apter 3 defines security problems based on the TOE security threats security policies of the organization and assumptions from the TOE or the TOE operational environment point of view Chapter 4 describes TOE security objectives for corresponding with recognized threats performing the security policy of the organization and supporting the assumptions It also describes security objectives about the ...

Page 25: ...ion 3 1r4 2012 9 CCMB 2012 09 003 Common Criteria Conformance Common Criteria for Information Technology Security Evaluation Part 2 extended Common Criteria for Information Technology Security Evaluation Part 3 conformant 2 2 Conformance to Protection Profiles This Security Target conforms to the following Protection Profile Protection Profile Identification Title U S Government Approved Protectio...

Page 26: ...ironment B Package version 1 0 dated March 2009 2 4 Conformance Claim Rationale Protection Profile conformance method Demonstrable Conformance to the Security Problem Definition APE_SPD Security Objectives APE_OBJ Extended Components Definitions APE_ECD and the Common Security Functional Requirements APE_REQ Note This ST must provide adequate rationale to demonstrate that the ST is equivalent or m...

Page 27: ...e Claim Rationale Assumptions Assumption Rationale A ACCESS MANAGED Equal to the PP the assumptions in this ST are defined the same as the PP Therefore it satisfies the demonstrable conformance A USER TRAINING A ADMIN TRAINING A ADMIN TRUST 2 4 2 Security Objectives Related Conformance Claim Rationale The security objectives related conformance claim rationale is as shown in Table 9 and Table 10 b...

Page 28: ...y Objectives for the Operational Environment Security Objectives for Operational Environment Rationale OE PHYSICAL MANAGED Equal to the PP the security objectives in this ST are defined the same as the PP Therefore it satisfies the demonstrable conformance OE USER AUTHORIZED OE USER TRAINED OE ADMIN TRAINED OE ADMIN TRUSTED OE AUDIT REVIEWED OE AUDIT_STORAGE PROTECTED OE AUDIT_ACCESS AUTHORIZED OE...

Page 29: ...1 1 2 FMT_MSA 3 a b FMT_MSA 3 1 2 FMT_MTD 1 FMT_MTD 1 FMT_SMF 1 FMT_SMF 1 FMT_SMR 1 FMT_SMR 1 FPT_TST 1 FPT_TST 1 FTA_SSL 3 FTA_SSL 3 FPT_STM 1 FPT_STM 1 PRT Package Requirements from the PP FDP_ACC 1 FDP_ACC 1 3 Equal to the PP in this ST the operations allowed in the PP on SFR were performed It satisfies the demonstrable conformance FDP_ACF 1 FDP_ACF 1 3 SCN Package Requirements from the PP FDP_...

Page 30: ...nted to protect the User data and TSF data against unauthorized disclosure or alteration These augmented SFRs do not affect the PP SFR Rather it is more restrictive than the PP Therefore it satisfies the demonstrable conformance FCS_CKM 4 FCS_COP 1 FMT_MSA 1 4 These SFRs are augmented to enforce the interface by requiring network access control and management These augmented SFRs do not affect the...

Page 31: ...nale The Hardcopy Devices HCDs considered in this Protection Profile are used for the purpose of converting hardcopy documents into digital form scanning converting digital documents into hardcopy form printing transmitting hardcopy documents over telephone lines faxing or duplicating hardcopy documents copying Hardcopy documents are commonly in paper form but they can also take other forms such a...

Page 32: ...OE functions for which they are not authorized Persons who are authorized to use the TOE who may attempt to access data in ways for which they are not authorized Persons who unintentionally cause a software malfunction that may expose the TOE to unanticipated threats 3 1 1 Threats to TOE Assets The threats taken from the PP to which this Security Target conforms are as shown in Table 14 and Table ...

Page 33: ...able code in the TSF procedures will exist to self verify executable code in the TSF P AUDIT LOGGING To preserve operational accountability and security records that provide an audit trail of TOE use and security relevant events will be created maintained and protected from unauthorized disclosure or alteration and will be reviewed by authorized personnel P INTERFACE MANAGEMENT To prevent unauthor...

Page 34: ...t to follow those policies and procedures A ADMIN TRAINING Administrators are aware of the security policies and procedures of their organization are trained and competent to follow the manufacturer s guidance and documentation and to correctly configure and operate the TOE in accordance with those policies and procedures A ADMIN TRUST Administrators do not use their privileged access rights for m...

Page 35: ...he PP Table 18 Security Objectives for the TOE Objective Definition O DOC NO_DIS The TOE shall protect User Document Data from unauthorized disclosure O DOC NO_ALT The TOE shall protect User Document Data from unauthorized alteration O FUNC NO_ALT The TOE shall protect User Function Data from unauthorized alteration O PROT NO_ALT The TOE shall protect TSF Protected Data from unauthorized alteratio...

Page 36: ... for the operational environment taken from the PP to which this Security Target conforms are as shown in the following Table 20 they are completely the same as the PP Table 20 Security Objectives for Operational Environment Objective Definition OE AUDIT_STORAGE PROTECTED If audit records are exported from the TOE to another trusted IT product the TOE Owner shall ensure that those records are prot...

Page 37: ...The TOE Owner shall ensure that TOE Administrators are aware of the security policies and procedures of their organization have the training competency and time to follow the manufacturer s guidance and documentation and correctly configure and operate the TOE in accordance with those policies and procedures OE ADMIN TRUSTED The TOE Owner shall establish trust that TOE Administrators will not use ...

Page 38: ...each security problem is covered by the defined security objectives Table 21 Completeness of Security Objectives Threats Policies Assumptions Objective O DOC NO_DIS O DOC NO_ALT O FUNC NO_ALT O PROT NO_ALT O CONF NO_DIS O CONF NO_ALT O USER AUTHORIZED OE USER AUTHORIZED O SOFTWARE VERIFIED O AUDIT LOGGED O AUDIT_STORAGE PROTECT ED O AUDIT_ACCESS AUTHORIZE D OE AUDIT_STORAGE PROTEC TED OE AUDIT_ACC...

Page 39: ...ORIZED establishes responsibility of the TOE Owner to appropriately grant authorization T PROT ALT TSF Protected Data may be altered by unauthorized persons O PROT NO_ALT protects D PROT from unauthorized alteration O USER AUTHORIZED establishes user identification and authentication as the basis for authorization OE USER AUTHORIZED establishes responsibility of the TOE Owner to appropriately gran...

Page 40: ...orted audit records OE AUDIT REVIEWED establishes responsibility of the TOE Owner to ensure that audit logs are appropriately reviewed P INTERFACAE MA NAGEMENT Operation of external interfaces will be controlled by the TOE and its IT environment O INTERFACE MANAGED manages the operation of external interfaces in accordance with security policies OE INTERFACE MANAGED establishes a protected environ...

Page 41: ...EXP 1 Restricted forwarding of data to external interfaces provides for the functionality to require TSF controlled processing of data received over defined external interfaces before these data are sent out on another external interface Direct forwarding of data from one external interface to another one requires explicit allowance by an authorized administrative role Management FPT_FDI_EXP 1 The...

Page 42: ... found that using FDP_IFF and FDP_IFC for this purpose resulted in SFRs that were either too implementation specific for a Protection Profile or too unwieldy for refinement in a Security Target Therefore the authors decided to define an extended component to address this functionality This extended component protects both user data and TSF data and it could therefore be placed in either the FDP or...

Page 43: ...TSP Administrators may possess special privileges that provide capabilities to override portions of the TSP Objects Assets Objects are passive entities in the TOE that contain or receive information and upon which Subjects perform Operations In this ST Objects are equivalent to TOE Assets There are three types of Objects User Data TSF Data and Functions User Data User Data are data created by and ...

Page 44: ...ich disclosure is acceptable D CONF TSF Confidential Data are assets for which either disclosure or alteration by a User who is neither an Administrator nor the owner of the data would have an effect on the operational security of the TOE A list of the TSF data used in this TOE is given in Table 26 Table 26 TSF Data TSF Data D CONF D PROT Kerberos Server Configuration SMB Server Configuration LDAP...

Page 45: ...cument output F CPY Copying a function in which physical document input is duplicated to physical document output F FAX Faxing a function in which physical document input is converted to a telephone based document facsimile fax transmission and a function in which a telephone based document facsimile fax reception is converted to physical document output F SMI Shared medium interface a function th...

Page 46: ...ion Authentication Server The authentication servers Kerberos LDAP and SMB servers identify and authenticate U NORMAL if remote authentication mode is enabled Storage Server The TOE sends received fax and scan data to the storage servers FTP SMB Channels Channels are the mechanisms through which data can be transferred into and out of the TOE Private Medium Interface mechanisms for exchanging info...

Page 47: ...nally FAU_STG 1 Protected audit trail storage This ST additionally FAU_STG 4 Prevention of audit data loss This ST additionally Cryptographic Support FCS_CKM 1 Cryptographic key generation This ST additionally FCS_CKM 4 Cryptographic key destruction This ST additionally FCS_COP 1 Cryptographic operation This ST additionally User Data Protection FDP_ACC 1 1 2 3 Subset access control PP PRT package ...

Page 48: ...gement functions PP FMT_SMR 1 Security roles PP Protection of the TSF FPT_STM 1 Reliable time stamps PP FPT_TST 1 TSF testing PP FPT_FDI_EXP 1 Restricted forwarding of data to external interfaces PP SMI package TOE Access FTA_SSL 3 TSF initiated termination PP Trusted paths channels FTP_ITC 1 Inter TSF trusted channel PP SMI package 6 1 1 Class FAU Security Audit 6 1 1 1 FAU_GEN 1 Audit data gener...

Page 49: ...entication mechanism FIA_UAU 1 Basic None required Both successful and unsuccessful use of the identification mechanism FIA_UID 1 Basic Attempted user identity if available Termination of an interactive session by the session termination mechanism FTA_SSL 3 Minimum None required Use of the management functions FMT_SMF 1 Minimum None required Modifications to the group of users that are part of a r...

Page 50: ...AU_SAR 2 Restricted audit review Hierarchical to No other components Dependencies FAU_SAR 1 Audit review FAU_SAR 2 1 The TSF shall prohibit all users read access to the audit records except those users that have been granted explicit read access 6 1 1 5 FAU_STG 1 Protected audit trail storage Hierarchical to No other components Dependencies FAU_GEN 1 Audit data generation FAU_STG 1 1 The TSF shall...

Page 51: ...method and specified cryptographic key sizes 256 bit that meet the following None 6 1 2 2 FCS_CKM 4 Cryptographic key destruction Hierarchical to No other components Dependencies FDP_ITC 1 or FDP_ITC 2 or FCS_CKM 1Cryptographic key generation FCS_CKM 4 1 The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method an overwrite updates a cryptographic...

Page 52: ... Dependencies FDP_ACF 1 Security attribute based access control FDP_ACC 1 1 2 The TSF shall enforce the TOE Function Access Control SFP in Table 33 on users as subjects TOE functions as objects and the right to use the functions as operations 6 1 3 3 FDP_ACC 1 3 Subset access control Hierarchical to No other components Dependencies FDP_ACF 1 Security attribute based access control FDP_ACC 1 1 3 Th...

Page 53: ...The TSF shall explicitly authorize access of subjects to objects based on the following additional rules none FDP_ACF 1 4 1 The TSF shall explicitly deny access of subjects to objects based on the following additional rules none Table 32 Common Access Control SFP Access Control SFP Object Attribute Object Operation s Subject Security Attribute Access control rule Common Access Control D DOC PRT SC...

Page 54: ... User group ID Denied except for the U NORMAL explicitly authorized by U ADMINISTRATOR to use a function F SCN F CPY F FAX 6 1 3 6 FDP_ACF 1 3 Security attribute based access control Hierarchical to No other components Dependencies FDP_ACC 1 Subset access control FMT_MSA 3 Static attribute initialization FDP_ACF 1 1 3 The TSF shall enforce the Service PRT SCN CPY FAX Access Control SFP in Table 34...

Page 55: ...resent in a conforming TOE SCN Refers as a minimum to the transmission of User Document Data through an Interface to a destination of the user s choice It may also be used to refer to previewing documents on a display device if such a feature is present in a conforming TOE CPY Refers to the release of pending hardcopy output to a Hardcopy Output Handler It may also be used to refer to previewing d...

Page 56: ...et Service Port Number FDP_IFF 1 2 The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold a The source IP MAC address should not match the IP MAC filtering rule blocking list registered by U ADMINISTRATOR b The service port number of information should match the service port number registered by U ADMI...

Page 57: ...l lockout the U ADMINISTRATOR and U NORMAL s login for a period of 5 minutes 6 1 4 2 FIA_ATD 1 User attribute definition Hierarchical to No other components Dependencies No dependencies FIA_ATD 1 1 The TSF shall maintain the following list of security attributes belonging to individual users User ID Group ID and User Role 6 1 4 3 FIA_UAU 1 User authentication before any action Hierarchical to No o...

Page 58: ...e TSF shall provide only obscured feedback to the user while the authentication is in progress 6 1 4 5 FIA_UID 1 Timing of identification Hierarchical to No other components Dependencies No dependencies FIA_UID 1 1 The TSF shall allow Incoming faxes and usage of the menus that has no relation with security Device Information Supplies Information Options and Capabilities Usage Counters Address Book...

Page 59: ...that they are acting on behalf of the users FIA_USB 1 3 The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users the security attributes do not change during a session 6 1 5 Class FMT Security management 6 1 5 1 FMT_MSA 1 1 Management of security attributes Hierarchical to No other components Dependencies FDP...

Page 60: ...set information flow control FMT_SMR 1 Security roles FMT_SMF 1 Specification of Management Functions FMT_MSA 1 1 3 The TSF shall enforce the Service PRN SCN CPY FAX Access Control SFP in Table 34 to restrict the ability to query delete create the security attributes list of security attributes in Table 34 to U ADMINISTRATOR 6 1 5 4 FMT_MSA 1 4 Management of security attributes Hierarchical to No ...

Page 61: ...ernative initial values to override the default values when an object or information is created 6 1 5 6 FMT_MSA 3 2 Static attribute initialization Hierarchical to No other components Dependencies FMT_MSA 1 Management of security attributes FMT_SMR 1 Security roles FMT_MSA 3 1 2 The TSF shall enforce the TOE Function Access Control SFP in Table 33 none to provide restrictive default values for sec...

Page 62: ...oles FMT_MSA 3 1 4 The TSF shall enforce the NAC Policy to provide restrictive default values for security attributes that are used to enforce the SFP FMT_MSA 3 2 4 The TSF shall allow the none to specify alternative initial values to override the default values when an object or information is created 6 1 5 9 FMT_MTD 1 Management of TSF data Hierarchical to No other components Dependencies FMT_SM...

Page 63: ...rt Configuration 6 1 5 10 FMT_SMF 1 Specification of Management Functions Hierarchical to No other components Dependencies No dependencies FMT_SMF 1 1 The TSF shall be capable of performing the following management functions the list of Management Functions in Table 37 Table 37 Management Functions Management Functions Management of Audit data review Management of Common Access Control rules Manag...

Page 64: ... 6 1 6 1 FPT_FDI_EXP 1 Restricted forwarding of data to external interfaces Hierarchical to No other components Dependencies FMT_SMF 1 Specification of Management Functions FMT_SMR 1 Security roles FPT_FDI_EXP 1 1 The TSF shall provide the capability to restrict data received on any external Interface from being forwarded without further processing by the TSF to any Shared medium Interface 6 1 6 2...

Page 65: ...A_SSL 3 TSF initiated termination Hierarchical to No other components Dependencies No dependencies FTA_SSL 3 1 The TSF shall terminate an interactive session after a 3 minutes of U ADMINISTRATOR and U NORMAL inactivity 6 1 8 Class FTP Trusted path channels 6 1 8 1 FTP_ITC 1 Inter TSF trusted channel Hierarchical to No other components Dependencies No dependencies FTP_ITC 1 1 The TSF shall provide ...

Page 66: ...Table 38 Security Assurance Requirements EAL2 augmented by ALC_FLR 2 Assurance Class Assurance components ASE Security Target evaluation ASE_CCL 1 Conformance claims ASE_ECD 1 Extended components definition ASE_INT 1 ST Introduction ASE_OBJ 2 Security objectives ASE_REQ 2 Derived security requirements ASE_SPD 1 Security problem definition ASE_TSS 1 TOE summary specification ADV Development ADV_ARC...

Page 67: ...ponents definition ASE_CCL 1 5C The conformance claim shall identify all PPs and security requirement packages to which the ST claims conformance ASE_CCL 1 6C The conformance claim shall describe any conformance of the ST to a package as either package conformant or package augmented ASE_CCL 1 7C The conformance claim rationale shall demonstrate that the TOE type is consistent with the TOE type in...

Page 68: ...a model for presentation ASE_ECD 1 5C The extended components shall consist of measurable and objective elements such that conformance or non conformance to these elements can be demonstrated Evaluator action elements ASE_ECD 1 1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence ASE_ECD 1 2E The evaluator shall confirm that n...

Page 69: ... security objectives rationale shall trace each security objective for the TOE back to threats countered by that security objective and OSPs enforced by that security objective ASE_OBJ 2 3C The security objectives rationale shall trace each security objective for the operational environment back to threats countered by that security objective OSPs enforced by that security objective and assumption...

Page 70: ...ecurity objectives for the TOE ASE_REQ 2 8C The security requirements rationale shall explain why the SARs were chosen ASE_REQ 2 9C The statement of security requirements shall be internally consistent Evaluator action elements ASE_REQ 2 1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence 6 2 1 6 ASE_SPD 1 Security problem de...

Page 71: ...r action elements ADV_ARC 1 1D The developer shall design and implement the TOE so that the security features of the TSF cannot be bypassed ADV_ARC 1 2D The developer shall design and implement the TSF so that it is able to protect itself from tampering by untrusted active entities ADV_ARC 1 3D The developer shall provide a security architecture description of the TSF Content and presentation elem...

Page 72: ...shall describethe SFR enforcing actions associated with the TSFI ADV_FSP 2 5C For each SFR enforcing TSFI the functional specification shall describe direct error messages resulting from processing associated with the SFR enforcing actions ADV_FSP 2 6C The tracing shall demonstrate that the SFRs trace to TSFIs in the functional specification Evaluator action elements ADV_FSP 2 1E The evaluator sha...

Page 73: ...s AGD_OPE 1 1D The developer shall provide operational user guidance Content and presentation elements AGD_OPE 1 1C The operational user guidance shall describe for each user role the user accessible functions and privileges that should be controlled in a secure processing environment including appropriate warnings AGD_OPE 1 2C The operational user guidance shall describe for each user role how to...

Page 74: ...in accordance with the security objectives for the operational environment as described in the ST Evaluator action elements AGD_PRE 1 1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence AGD_PRE 1 2E The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared securely for operation 6 2 4 Class ...

Page 75: ...s for content and presentation of evidence 6 2 4 3 ALC_DEL 1 Delivery procedures Dependencies No dependencies Developer action elements ALC_DEL 1 1D The developer shall document and provide procedures for delivery of the TOE or parts of it to the consumer ALC_DEL 1 2D The developer shall use the delivery procedures Content and presentation elements ALC_DEL 1 1C The delivery documentation shall des...

Page 76: ...veloper receives from TOE users reports and enquiries of suspected security flaws in the TOE ALC_FLR 2 6C The procedures for processing reported security flaws shall ensure that any reported flaws are remediated and the remediation procedures issued to TOE users ALC_FLR 2 7C The procedures for processing reported security flaws shall provide safeguards that any corrections to these security flaws ...

Page 77: ...ed outputs from a successful execution of the tests ATE_FUN 1 4C The actual test results shall be consistent with the expected test results Evaluator action elements ATE_FUN 1 1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence 6 2 5 3 ATE_IND 2 Independent testing sample Dependencies ADV_FSP 2 Security enforcing functional s...

Page 78: ...tent and presentation elements AVA_VAN 2 1C The TOE shall be suitable for testing Evaluator action elements AVA_VAN 2 1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence AVA_VAN 2 2E The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE AVA_VAN 2 3E The evaluator shall ...

Page 79: ...h the security objectives for the TOE 6 3 1 Security Functional Requirements Rationale The security functional requirements rationale shall demonstrate the following Each security objective is addressed based on at least one security functional requirement Each security functional requirement addresses at least one security objective Bold typeface items provide principal P fulfillment of the objec...

Page 80: ...ERFACE MANAGED FAU_GEN 1 P FAU_GEN 2 P FAU_SAR 1 P FAU_SAR 2 P FAU_STG 1 P FAU_STG 4 P FCS_CKM 1 S S S S S S FCS_CKM 4 S S S S S S FCS_COP 1 P P P P P P FDP_ACC 1 1 P P P FDP_ACC 1 2 P FDP_ACC 1 3 P P P FDP_ACF 1 1 S S S FDP_ACF 1 2 S FDP_ACF 1 3 S S S FDP_IFC 2 P FDP_IFF 1 S FDP_RIP 1 P FIA_AFL 1 S FIA_ATD 1 S FIA_UAU 1 P P FIA_UAU 7 S FIA_UID 1 S S S S S S P S P FIA_USB 1 P FMT_MSA 1 1 S S S FMT...

Page 81: ...functions to control attributes FMT_SMR 1 Supports control of security attributes by requiring security roles FCS_CKM 1 Supports cryptographic operation by requiring the key generation for HDD encryption FCS_CKM 4 Supports cryptographic operation by requiring the key destruction for HDD encryption FCS_COP 1 Enforces protection by requiring the cryptographic operation for HDD encryption FTP_ITC 1 E...

Page 82: ...l function FIA_AFL 1 Supports authentication by handling authentication failure FIA_ATD 1 Supports authorization by associating security attributes with users FIA_UAU 1 Enforces authorization by requiring user authentication FIA_UAU 7 Supports authorization by protecting authentication feedback FIA_UID 1 Enforces authorization by requiring user identification FIA_USB 1 Enforces authorization by di...

Page 83: ... Enforces verification of software by requiring self tests O AUDIT LOGGED Logging and authorized access to audit events FAU_GEN 1 Enforces audit policies by requiring logging of relevant events FAU_GEN 2 Enforces audit policies by requiring logging of information associated with audited events FIA_UID 1 Supports audit policies by associating a user s identity with events FPT_STM 1 Supports audit p...

Page 84: ...ged access to the TOE and its data interfaces Agents cannot physically access any non volatile storage without disassembling the TOE except for removable non volatile storage devices where protection of User and TSF Data are provided when such devices are removed from the TOE environment Agents have limited or no means of infiltrating the TOE with code to effect a change and the TOE self verifies ...

Page 85: ...A 3 1 10 29 14 FDP_ACF 1 2 FDP_ACC 1 2 FMT_MSA 3 2 11 30 15 FDP_ACF 1 3 FDP_ACC 1 3 FMT_MSA 3 3 11 31 16 FDP_IFC 2 FDP_IFF 1 17 17 FDP_IFF 1 FDP_IFC 1 FMT_MSA 3 4 16 32 18 FDP_RIP 1 19 FIA_AFL 1 FIA_UAU 1 21 20 FIA_ATD 1 21 FIA_UAU 1 FIA_UID 1 23 22 FIA_UAU 7 FIA_UAU 1 21 23 FIA_UID 1 FIA_UAU 1 21 24 FIA_USB 1 FIA_ATD 1 20 25 FMT_MSA 1 1 FDP_ACC 1 1 or FDP_IFC 1 FMT_SMR 1 FMT_SMF 1 10 34 35 26 FMT...

Page 86: ..._MSA 1 3 FMT_SMR 1 27 34 32 FMT_MSA 3 4 FMT_MSA 1 4 FMT_SMR 1 28 34 33 FMT_MTD 1 FMT_SMR 1 FMT_SMF 1 34 35 34 FMT_SMF 1 35 FMT_SMR 1 FIA_UID 1 23 36 FPT_FDI_EXP 1 FMT_SMF 1 FMT_SMR 1 34 35 37 FPT_STM 1 38 FPT_TST 1 39 FTA_SSL 3 40 FTP_ITC 1 6 4 2 SAR Dependencies The dependency of each assurance package EAL2 provided by the CC is already satisfied ALC_FLR 2 added to the assurance package EAL2 has ...

Page 87: ... authentication selected it requests U USER to login before using all device applications In this case U USER cannot use any application without logging in U ADMINISTRATOR can select the login identification method Local authentication is performed internally by the TOE for U USER Remote authentication is performed externally by authentication servers SMB Kerberos LDAP server in the operational en...

Page 88: ...t job and U NORMAL is able to perform delete operation on the objects D DOC owned by his her own In other words U NORAL is denied to perform the operations on the object except for his her own documents TOE Function Access Control SFP Base on security attribute User ID User Role User Group ID U NORMAL is able to execute the printing scanning copying faxing functions explicitly authorized by U ADMI...

Page 89: ...TRATOR can register priority to perform a filtering and services to accept Services to accept Raw TCP IP Printing LPR LPD HTTP IPP SNMP Priority 1 9 2 MAC filtering All packets via MAC addresses registered by U ADMINISTRATOR are not allowed In summary all packets are denied if one of the below conditions are not satisfied a The source IP MAC address should not match the IP MAC filtering rule block...

Page 90: ...le Authority External User Role User Profile Id Password Group Group Profile Name Role Audit Log Data Network Protocol and Port Configuration Digital Certificate IP filtering Address MAC filtering Address Image Overwrite configuration Application Management Password U NORMAL U NORMAL Network Protocol and Port Configuration The TOE shall be capable of performing the following management functions T...

Page 91: ...e TOE shall store U USER s information on the TOE U ADMINISTRATOR can use this feature to manage the U USER s authorization The U NORMAL is allowed to modify his her password 7 1 4 Security Audit TSF_FAU Relevant SFR FAU_GEN 1 FAU_GEN 2 FAU_SAR 1 FAU_SAR 2 FAU_STG 1 FAU_STG 4 FPT_STM 1 The TOE provides an internal capability to generate a audit record of the security audit event job log security e...

Page 92: ...ng printing faxing and scanning scan to email scan to FTP or scan to SMB task processes The image overwrite security function can also be invoked manually only by U ADMINISTRATOR Manual Image Overwrite through the LUI Once invoked the Manual Image Overwrite cancels all print and scan jobs halts the printer interface network overwrites the contents of the reserved section on the hard disk according...

Page 93: ...r protocol The fax modem controller provides only a standardized fax image format of MMR MR or MH of T 4 specification Therefore the TOE does not answer to non standardized format data The TOE restricts forwarding of data to external interfaces Direct forwarding of data from one external interface to another one requires explicit allowance by an authorized administrative role 7 1 8 Self Testing TS...

Page 94: ...PSec provides securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session IPSec supports ESP to provide confidentiality origin authentication integrity and IKE for key exchange IPSec supports 3DES AES for encryption SHA 1 for integrity and DH Group for key agreement The IPSec will be initialized in the process of booting on MFP The network u...

Reviews:

No comments

Brands by name

Popular brands

Load more brands