background image

 
 
 
 

Xerox D110/D125 Copier/Printer 

セキュリティターゲット

 

 
 
 

Version

 

1.1.7 

 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 

Summary of Contents for D110

Page 1: ...2 Xerox D110 D125 Copier Printer Version 1 1 7...

Page 2: ...3 5 2012 03 02 1 0 4 6 2012 03 12 1 0 5 7 2012 03 15 1 0 6 8 2012 04 04 1 0 7 9 2012 04 06 1 0 8 10 2012 04 09 1 0 9 11 2012 04 12 1 1 0 12 2012 05 11 1 1 1 13 2012 05 29 1 1 2 14 2012 06 11 1 1 3 15...

Page 3: ...cal Scope and Boundary 14 1 4 4 Guidance 15 2 Conformance Claim 16 2 1 CC CC Conformance Claim 16 2 2 PP PP claim Package Claim 16 2 2 1 PP PP Claim 16 2 2 2 Package Claim 16 2 2 3 Conformance Rationa...

Page 4: ...FTA TOE Access 90 6 1 8 Class FTP Trusted Path Channels 90 6 2 Security Assurance Requirements 91 6 3 Security Requirement Rationale 92 6 3 1 Security Functional Requirements Rationale 92 6 3 2 Depen...

Page 5: ...CPY Access Control SFP 52 Table 22 DSR Access Control SFP 53 Table 23 D FUNC Operation List 54 Table 24 List of Security Functions 69 Table 25 Security Attributes and Authorized Roles 70 Table 26 Secu...

Page 6: ...v Table 36 Security Management Functions Provided by TSF 84 Table 37 91 Table 38 92 Table 39 94 Table 40 99 Table 41 TOE 104 Table 42 109 Table 43 110 Table 44 110 Table 45 116...

Page 7: ...erox D110 Copier Printer Xerox D125 Copier Printer TOE TOE TOE Xerox D110 D125 Copier Printer TOE Controller PS ROM Ver 1 201 1 IOT ROM Ver 83 25 0 IIT ROM Ver 9 8 0 ADF ROM Ver 13 10 0 1 3 TOE TOE Ov...

Page 8: ...Printer 2 Copyright 2012 by Fuji Xerox Co Ltd Table 1 TOE TOE CWIS TOE 2 TOE ST 2 LDAP Kerberos Kerberos SA LDAP TOE USB Store to USB Media Print 1 3 1 3 TOE Usage and Major Security Features of TOE T...

Page 9: ...25 Copier Printer 3 Copyright 2012 by Fuji Xerox Co Ltd CWIS MFD Web MFD TOE TSF IIT MFD Web CWIS IIT MFD FTP SMB Mail TOE 1 2 3 TOE CWIS ID 4 TOE 5 TOE 6 7 TOE TSF SSL TLS IPSec SNMPv3 S MIME 8 9 TOE...

Page 10: ...5 Copier Printer 4 Copyright 2012 by Fuji Xerox Co Ltd 1 3 2 TOE Environment Assumptions TOE IT TOE 1 1 TOE 1 3 3 TOE Required Non TOE Hardware and Software 1 TOE MFD TOE Mail FTP SMB Web Web USB LDAP...

Page 11: ...Fuji Xerox Co Ltd 1 PC MFD Web MFD MFD USB MFD 2 PC Web TOE TOE TSF 3 Mail OS PC MFD Mail 4 FTP OS PC MFD FTP FTP 5 SMB OS PC MFD SMB SMB 6 LDAP OS PC MFD LDAP LDAP SA 7 Kerberos OS PC MFD Kerberos K...

Page 12: ...f the TOE TOE TOE U ADMINISTRATOR A User who has been specifically granted the authority to manage some portion or all of the TOE and whose actions may affect the TOE security policy TSP Administrator...

Page 13: ...Private Medium Interface b Shared Medium Interface c Original Document Handler User Document Data TOE CWIS TOE User Data User Document Data User Function Data TSF Data TSF Procted Data NVRAM SEEPROM...

Page 14: ...y Fuji Xerox Co Ltd d HardCopy Output Handler User Document Data TOE 1 4 2 1 TOE Basic Functions TOE Table 3 CWIS Table 3 TOE MFD IIT IOT IOT IIT MFD MFD MFD IOT PDL CWIS IOT IOT MFD IIT CWIS MFD MFD...

Page 15: ...Xerox D110 D125 Copier Printer 9 Copyright 2012 by Fuji Xerox Co Ltd 1 4 2 2 TOE Security Functions TOE 1 On Demand Overwrite 2 3 TOE MFD CWIS ID a b CWIS CWIS CWIS 3...

Page 16: ...Xerox D110 D125 Copier Printer 10 Copyright 2012 by Fuji Xerox Co Ltd 3 MFD MFD ID CWIS ID ID MFD ID ID 3 IIT MFD ID IIT ID CWIS ID MFD ID TOE ID Web CWIS...

Page 17: ...Xerox D110 D125 Copier Printer 11 Copyright 2012 by Fuji Xerox Co Ltd SMB FTP 4 TOE ID SA ID SA SSL TLS IPSec S MIME On Demand Overwrite TOE Web CWIS CWIS ID SA ID SA SSL TLS IPSec...

Page 18: ...Copyright 2012 by Fuji Xerox Co Ltd SNMP S MIME X 509 On Demand Overwrite CWIS 5 TOE 4 CWIS 6 TOE Web CWIS SSL TLS 7 TOE TOE TSF SSL TLS IPSec SNMPv3 S MIME 8 TOE 9 TOE TSF TOE TSF 1 4 2 3 Settings fo...

Page 19: ...Xerox D110 D125 Copier Printer 13 Copyright 2012 by Fuji Xerox Co Ltd 1 3 5 SSL TLS IPSec S MIME On Demand Overwrite SNMPv3...

Page 20: ...ox Co Ltd 1 4 3 TOE Physical Scope and Boundary TOE 4 MFD TOE 4 MFD TOE MFD IIT IOT ADF IIT IOT MFD Ethernet USB IIT TOE Mail FTP SMB LDAP Kerberos USB NVRAM SEEP ROM DRAM Ethernet USB CPU IOT IOT IOT...

Page 21: ...TOE NVRAM 4 Channel TOE Private Medium Interface USB Shared Medium Interface Ethernet Original Document Handler IIT HardCopy Output Handler IOT 1 4 4 Guidance TOE Xerox D95 D110 D125 Copier Printer Us...

Page 22: ...art3 conformant 2 2 PP PP claim Package Claim 2 2 1 PP PP Claim ST Title 2600 1 Protection Profile for Hardcopy Devices Operational Environment A Version 1 0 dated June 2009 2 2 2 Package Claim EAL3 A...

Page 23: ...9 2 2 3 Conformance Rational ST 2600 1 Protection Profile for Hardcopy Devices Operational Environment A Common HCD Functions Print Functions Scan Functions Copy Functions Document Storage and Retriev...

Page 24: ...1 FDP_ACF 1 PP PP SFR SFR TOE ST SFR PP SFR ST PP SFR PP PP PP P AUDIT LOGGING OE AUDIT_STORAGE PROTECTED OE AUDIT_ACCESS AUTHORIZED O AUDIT_STORAGE PROTECTED O AUDIT_ACCESS AUTHORIZED T DOC DIS T CO...

Page 25: ...t Data consists of the information contained in a user s document This includes the original document itself in either hardcopy or electronic form image data or residually stored data created by the h...

Page 26: ...or which disclosure is acceptable TSF Table 34 Table 35 D CONF D CONF TSF Confidential Data are assets for which either disclosure or alteration by a User who is neither an Administrator nor the owner...

Page 27: ...5 Table 5 TSF NVRAM SEEPROM NVRAM SEEPROM TSF TOE NVRAM 3 1 2 Threats agents ST 4 TOE a Persons who are not permitted to use the TOE who may attempt to use the TOE b Persons who are authorized to use...

Page 28: ...C User Document Data may be altered by unauthorized persons T FUNC ALT D FUNC User Function Data may be altered by unauthorized persons T PROT ALT D PROT TSF Protected Data may be altered by unauthori...

Page 29: ...9 Assumption Definition A ACCESS MANAGED The TOE is located in a restricted or monitored environment that provides protection from unmanaged access to the physical components and data interfaces of th...

Page 30: ...horized alteration O USER AUTHORIZED The TOE shall require identification and authentication of Users and shall ensure that Users are authorized in accordance with security policies before allowing th...

Page 31: ...TRAINED The TOE Owner shall ensure that Users are aware of the security policies and procedures of their organization and have the training and competence to follow those policies and procedures OE AD...

Page 32: ...HORIZED OE USER AUTHORIZED O SOFTWARE VERIFIED O AUDIT LOGGED O AUDIT_STORAGE PROTECTED O AUDIT_ACCESS AUTHORIZED OE AUDIT REVIEWED OE INTERFACE MANAGED O INTERFACE MANAGED OE PHYISCAL MANAGED OE ADMI...

Page 33: ...nauthorized alteration O USER AUTHORIZED establishes user identification and authentication as the basis for authorization OE USER AUTHORIZED establishes responsibility of the TOE Owner to appropriate...

Page 34: ...O USER AUTHORIZED establishes user authorization to use the TOE identification and authentication as the basis for OE USER AUTHORIZED establishes responsibility of the TOE Owner to appropriately grant...

Page 35: ...cal components and data interfaces of the TOE OE PHYSICAL MANAGED establishes a protected physical environment for the TOE A ADMIN TRAINING TOE Users are aware of and trained to follow security polici...

Page 36: ...e security of the TOE or devices that are connected to the TOE s external interfaces Therefore direct forwarding of unprocessed data between different external interfaces is forbidden unless explicitl...

Page 37: ...nes attribute based control of user data flow in its FDP class However in this Protection Profile the authors needed to express the control of both user data and TSF data flow using administrative con...

Page 38: ...USER U ADMINISTRATOR U NORMAL Mailbox Personal Mailbox Shared Mailbox Personal Mailbox U NORMAL SA Shared Mailbox Store Print Private Print MFD Job Flow sheet Personal Job Flow sheet Shared Job Flow s...

Page 39: ...dify the behavior On Demand Overwrite modify TOE TSF General User role U NORMAL TOE SA role SA TOE Key Operator role TOE User identifier General User identifier SA identifier Key Operator identifier G...

Page 40: ...FD The Fuji Xerox s standard method FXOSENC AES FIPS Access denial due to authentication failure of system administrator ID ID Web Data on use of password entered from MFD control panel in user authen...

Page 41: ...ion TOE TSF MFD Data on Store Print TOE TSF Data on Internal Network Data Protection TOE TSF TOE TSF Data on Customer Engineer Operation Restriction TOE TSF Data on Hard Disk Data Encryption TOE TSF D...

Page 42: ...ion No SFR FCS_COP 1 Cryptographic operation No FDP_ACC 1 a Subset access control Yes Attributes Operations Access Control rule PP TOE Delete Modify FDP_ACC 1 b Subset access control Yes Access Contro...

Page 43: ...Subset residual information protection Yes TOE FIA_AFL 1 a FIA_AFL 1 b Authentication failure handling No SFR SA FIA_AFL 1 c FIA_AFL 1 d Authentication failure handling No SFR SA FIA_ATD 1 User attri...

Page 44: ...MTD 1 b D Conf FMT_SMF 1 Specification of Management Functions Yes TOE FMT_SMR 1 Security roles Yes TOE FPT_FDI_EXP 1 SMI SFR Package Restricted forwarding of data to external interfaces Yes PP FPT_ST...

Page 45: ...lly Defined Auditable Events Relevant SFR Auditable event Audit level Additional information Actions to be audited defined by CC FAU_GEN 1 There are no auditable events foreseen FAU_GEN 2 There are no...

Page 46: ...an object covered by the SFP b Basic All requests to perform an operation on an object covered by the SFP c Detailed The specific security attributes used in making an access check FDP_ACF 1 b Job co...

Page 47: ...nal FIA_AFL 1 c FIA_AFL 1 d Authentication failure from control panel and CWIS FIA_ATD 1 There are no auditable events foreseen FIA_SOS 1 Registration of user and changes in user registration data pas...

Page 48: ...fied None a Minimal Unsuccessful binding of user security attributes to a subject e g creation of a subject b Basic Success and failure of binding of user security attributes to a subject e g success...

Page 49: ...sword of system administrator FMT_SMF 1 Access to system administrator mode Minimal None required a Minimal Use of the management functions FMT_SMR 1 Registration of system administrator changes in us...

Page 50: ...oreseen FAU_GEN 1 2 The TSF shall record within each audit record at least the following information Date and time of the event type of event subject identity if applicable and the outcome success or...

Page 51: ...rds in a manner suitable for the user to interpret the information FAU_SAR 2 Restricted audit review Hierarchical to No other components Dependencies FAU_SAR 1 Audit review FAU_SAR 2 1 The TSF shall p...

Page 52: ...the oldest stored audit records assignment other actions to be taken in case of audit storage failure no other actions to be taken 6 1 2 Class FCS Cryptographic Support FCS_CKM 1 Cryptographic key ge...

Page 53: ...owing assignment list of standards assignment list of standards FIPS PUB 197 assignment cryptographic algorithm AES assignment cryptographic key sizes 256bits assignment list of cryptographic operatio...

Page 54: ...d R4 When the owner identifier of D FUNC matches the user identifier operation to modify and delete the Mailbox is permitted R5 When the owner identifier of D FUNC matches the user identifier operatio...

Page 55: ...ntrol SFP in Table16 FDP_ACC 1 b Subset access control Hierarchical to No other components Dependencies FDP_ACF 1 Security attribute based access control FDP_ACC 1 1 b The TSF shall enforce the assign...

Page 56: ...SER Mailbox Operation F DSR F SMI User identifier User identifier for each function Mailbox operation U USER Job abort for Print function is restricted to the control panel FDP_ACC 1 c Subset access c...

Page 57: ...ed by the SFP assignment access control SFP SCN Access Control SFP in Table20 assignment list of subjects objects and operations among subjects and objects covered by the SFP the list of subjects obje...

Page 58: ...ccess Control SFP Object Attribute s Operation Subject Access control rule D DOC CPY Read This package does not specify any access control restriction FDP_ACC 1 f Subset access control Hierarchical to...

Page 59: ...tions are permitted When the owner identifier of D FUNC matches the user identifier of D DOC execution of Job Flow sheet is permitted FDP_ACC 1 g Subset access control Hierarchical to No other compone...

Page 60: ...the SFP relevant security attributes or named groups of SFP relevant security attributes assignment access control SFP Common Access Control SFP in Table 16 assignment list of subjects and objects co...

Page 61: ...ted by Job Deletion function FDP_ACF 1 4 a The TSF shall explicitly deny access of subjects to objects based on the following additional rules assignment rules based on security attributes that explic...

Page 62: ...automatically authorized to use the functions assignment list of functions assignment other conditions assignment other conditions rules specified in the TOE Function Access Control SFP in Table 18 F...

Page 63: ...d SFP and for each the SFP relevant security attributes or named groups of SFP relevant security attributes the list of subjects and objects controlled under the PRT Access Control SFP in Table 19 and...

Page 64: ...FDP_ACF 1 1 d The TSF shall enforce the assignment access control SFP to objects based on the following assignment list of subjects and objects controlled under the indicated SFP and for each the SFP...

Page 65: ...explicitly deny access of subjects to objects based on the following additional rules assignment rules based on security attributes that explicitly deny access of subjects to objects assignment rules...

Page 66: ...SFP in Table 21 governing access among Users and controlled objects using controlled operations on controlled objects FDP_ACF 1 3 e The TSF shall explicitly authorize access of subjects to objects bas...

Page 67: ...operation among controlled subjects and controlled objects is allowed assignment rules governing access among controlled subjects and controlled objects using controlled operations on controlled obje...

Page 68: ...ects and objects controlled under the indicated SFP and for each the SFP relevant security attributes or named groups of SFP relevant security attributes the list of subjects and objects controlled un...

Page 69: ...at any previous information content of a resource is made unavailable upon the selection allocation of the resource to deallocation of the resource from the following objects D DOC assignment list of...

Page 70: ...cycled FIA_AFL 1 b Authentication failure handling Hierarchical to No other components Dependencies FIA_UAU 1 Timing of authentication FIA_AFL 1 1 b The TSF shall detect when selection assignment posi...

Page 71: ...vents U NORMAL authentication selection assignment positive integer number an administrator configurable positive integer within assignment range of acceptable values assignment positive integer numbe...

Page 72: ...et surpassed met assignment list of actions have the control panel to display the message of authentication was failed and to require reentry of the user information The TSF shall also have Web browse...

Page 73: ...ccessfully authenticated before allowing any other TSF mediated actions on behalf of that user FIA_UAU 7 Protected authentication feedback Hierarchical to No other components Dependencies FIA_UAU 1 Ti...

Page 74: ...nforce the following rules governing changes to the user security attributes with the subjects acting on behalf of users assignment rules for the changing of attributes assignment rules for the changi...

Page 75: ...dify the behavior U ADMINISTRATOR Customer Engineer Operation Restriction enable disable U ADMINISTRATOR Hard Disk Data Encryption enable disable U ADMINISTRATOR Hard Disk Data Overwrite enable disabl...

Page 76: ...les Key operator identifier modify Key Operator SA identifier query modify delete creation U ADMINISTRATOR General user identifier query modify delete creation U ADMINISTRATOR Owner identifier for D D...

Page 77: ...t list of security attributes to assignment the authorized identified roles assignment access control SFP s information flow control SFP s TOE Function Access Control SFP in Table 18 selection change...

Page 78: ...rol SFP s information flow control SFP s PRT Access Control SFP in Table 19 selection change default query modify delete assignment other operations query modify delete assignment other operations ass...

Page 79: ...ess control SFP s information flow control SFP s SCN Access Control SFP in Table 20 selection change default query modify delete assignment other operations query modify delete assignment other operat...

Page 80: ...FMT_MSA 1 1 e The TSF shall enforce the assignment access control SFP s information flow control SFP s to restrict the ability to selection change default query modify delete assignment other operatio...

Page 81: ...rations assignment other operations Creation assignment list of security attributes the security attributes listed in Table 17 assignment the authorized identified roles the roles listed in Table 29 T...

Page 82: ...erations the security attributes assignment list of security attributes to assignment the authorized identified roles assignment access control SFP s information flow control SFP s D Func Control SFP...

Page 83: ...ion choose one of restrictive permissive assignment other property default values for security attributes that are used to enforce the SFP assignment access control SFP information flow control SFP Co...

Page 84: ...an as the default of security attribute FMT_MSA 3 2 b The TSF shall allow the assignment the authorized identified roles to specify alternative initial values to override the default values when an ob...

Page 85: ...nforce the assignment access control SFP information flow control SFP to provide selection choose one of restrictive permissive assignment other property default values for security attributes that ar...

Page 86: ...ated assignment the authorized identified roles none FMT_MSA 3 f Static attribute initialization Hierarchical to No other components Dependencies FMT_MSA 1 Management of security attributes FMT_SMR 1...

Page 87: ...permissive assignment other property assignment other property Initialization property in Table 33 Table 33 Initialization property Object Security Attributes Default D FUNC Owner identifier of D FUNC...

Page 88: ...ata on SA ID query modify delete creation U ADMINISTRATOR Data on SA Password modify U ADMINISTRATOR Data on User Authentication query modify U ADMINISTRATOR Data on use of password entered from MFD c...

Page 89: ...horized identified roles selection change default query modify delete clear assignment other operations query modify delete assignment other operations creation assignment list of TSF data list of TSF...

Page 90: ...here are no management activities foreseen FAU_SAR 1 Management of data on key operator and SA ID and password a maintenance deletion modification addition of the group of users with read access right...

Page 91: ...nt of owner identifier of D FUNC Management of data on Store Print FDP_ACF 1 e none Reason there are no additional security attributes and is not managed FDP_ACF 1 g Management of user identifier Mana...

Page 92: ...ken before the user is authenticated FIA_UAU 7 There are no management activities foreseen FIA_UID 2 Management of data on key operator SA and general user ID Management of data on user authentication...

Page 93: ...s not managed a Managing the group of users that are part of a role FPT_STM 1 Management of time and data a management of the time FPT_TST 1 Management of data on Self Test a management of the conditi...

Page 94: ...e able to associate users with roles except for the role Nobody to which no user shall be associated 6 1 6 Class FPT Protection of the TSF FPT_FDI_EXP 1 Restricted forwarding of data to external inter...

Page 95: ...conditions assignment conditions under which self test should occur at the conditions assignment conditions under which self test should occur assignment conditions under which self test should occur...

Page 96: ...onents Dependencies No dependencies FTP_ITC 1 1 The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other communication channels...

Page 97: ...tion representation CM coverage ALC_DEL 1 Delivery procedures ALC_DVS 1 Identification of security measures ALC_FLR 2 Flaw reporting procedures ALC_LCD 1 Developer defined life cycle model ASE Securit...

Page 98: ...NO_ALT O FUNC NO_ALT O PROT NO_ALT O CONF NO_DIS O CONF NO_ALT O USER AUTHORIZED O INTERFACE MANAGED O SOFTWARE VERIFIED O AUDIT LOGGED O AUDIT_STORAGE PROTECTED O AUDIT_ACCESS AUTHORIZED O CIPHER FAU...

Page 99: ...TWARE VERIFIED O AUDIT LOGGED O AUDIT_STORAGE PROTECTED O AUDIT_ACCESS AUTHORIZED O CIPHER FDP_ACF 1 f FDP_ACF 1 g FDP_RIP 1 FIA_AFL 1 a FIA_AFL 1 b FIA_AFL 1 c FIA_AFL 1 d FIA_ATD 1 FIA_SOS 1 FIA_UAU...

Page 100: ...ED O INTERFACE MANAGED O SOFTWARE VERIFIED O AUDIT LOGGED O AUDIT_STORAGE PROTECTED O AUDIT_ACCESS AUTHORIZED O CIPHER FMT_MTD 1 a FMT_MTD 1 b FMT_SMF 1 FMT_SMR 1 FPT_FDI_EXP 1 FPT_STM 1 FPT_TST 1 FTA...

Page 101: ...NAGED O INTERFACE MANAGED FIA_AFL 1 a FIA_AFL 1 b SA OFF ON FIA_AFL 1 c FIA_AFL 1 d SA FIA_UAU 1 FIA_UID 2 CWIS FIA_UID 2 FIA_UAU 7 FTA_SSL 3 CWIS FPT_FDI_EXP 1 O USER AUTHORI ZED TOE O USER AUTHORIZE...

Page 102: ...DP_ACC 1 c FDP_ACC 1 d FDP_ACC 1 e FDP_ACC 1 f FDP_ACF 1 a FDP_ACF 1 c FDP_ACF 1 d FDP_ACF 1 e FDP_ACF 1 f FIA_UID 2 User Document Data FMT_MSA 1 a FMT_MSA 1 c FMT_MSA 1 d FMT_MSA 1 e FMT_MSA 1 f FMT_...

Page 103: ...UNC NO_ALT TOE User Function Data FDP_ACC 1 a FDP_ACC 1 g FDP_ACF 1 a FDP_ACF 1 g FIA_UID 2 User Function Data FMT_MSA 1 a FMT_MSA 1 g FMT_MSA 3 a FMT_MSA 3 g FMT_SMR 1 SA FMT_SMF 1 TOE FTP_ITC 1 TOE...

Page 104: ...NO_DIS O CONF NO_ALT TSF O CONF NO_DIS O CONF NO_ALT TOE D CONF FIA_UID 2 D CONF FMT_MOF 1 FMT_MTD 1 a D CONF FMT_MTD 1 b FMT_SMF 1 TOE FMT_SMR 1 SA FTP_ITC 1 TOE IT D CONF O AUDIT_STORAG E PROTECTED...

Page 105: ...ty Functional Requirements Table 40 Table 40 FAU_GEN 1 Audit data generation FPT_STM 1 FAU_GEN 2 User identity association FAU_GEN 1 FIA_UID 1 FIA_UID 2 FIA_UAU 1 FIA_UAU 1 FAU_SAR 1 Audit review FAU_...

Page 106: ...c FDP_ACC 1 d Subset access control FDP_ACF 1 d FDP_ACC 1 e Subset access control FDP_ACF 1 e FDP_ACC 1 f Subset access control FDP_ACF 1 f FDP_ACC 1 g Subset access control FDP_ACF 1 g FDP_ACF 1 a S...

Page 107: ...on failure handling FIA_UAU 1 FIA_ATD 1 User attribute definition FIA_SOS 1 Verification of secrets FIA_UAU 1 Timing of authentication FIA_UID 1 FIA_UID 2 FIA_UID 1 FIA_UID 1 FIA_UAU 7 Protected authe...

Page 108: ...1 FMT_SMR 1 FMT_MSA 1 g Management of security attributes FDP_ACC 1 g FMT_SMF 1 FMT_SMR 1 FMT_MSA 3 a Static attribute initialization FMT_MSA 1 a FMT_SMR 1 FMT_MSA 3 b Static attribute initialization...

Page 109: ...ty operational accountability and information assurance The TOE environment will be exposed to only a low level of risk because it is assumed that the TOE will be located in a restricted or monitored...

Page 110: ...TSF_CIPHER TSF_USER_AUTH TSF_FMT TSF_CE_LIMIT TSF_FAU TSF_NET_PROT TSF_INF_FLOW TSF_S_TEST FAU_GEN 1 FAU_GEN 2 FAU_SAR 1 FAU_SAR 2 FAU_STG 1 FAU_STG 4 FCS_CKM 1 FCS_COP 1 FDP_ACC 1 a FDP_ACC 1 b FDP_A...

Page 111: ...ST FIA_AFL 1 c FIA_AFL 1 d FIA_ATD 1 FIA_SOS 1 FIA_UAU 1 FIA_UAU 7 FIA_UID 2 FIA_USB 1 FMT_MOF 1 FMT_MSA 1 a FMT_MSA 1 b FMT_MSA 1 c FMT_MSA 1 d FMT_MSA 1 e FMT_MSA 1 f FMT_MSA 1 g FMT_MSA 3 a FMT_MSA...

Page 112: ...3 3 3 On Demand Overwrite 1 FDP_RIP 1 Subset residual information protection TOE 1 0 3 0 TOE 7 1 2 TSF_CIPHER 1 FCS_CKM 1 Cryptographic key generation TOE FXOSENC 256 FXOSENC 2 FCS_COP 1 Cryptographi...

Page 113: ...Xerox Co Ltd MFD 2 a TOE b TOE LDAP Kerberos a b CWIS c MFD PDL TOE MFD ID TOE ID 1 FIA_AFL 1 a Authentication failure handling TOE ID 5 Web MFD 2 FIA_AFL 1 b Authentication failure handling TOE SA I...

Page 114: ...ification of secrets TOE SA 7 FIA_UAU 1 Timing of authentication FIA_UID 2 User identification before any action TOE Web MFD ID ID TOE TSF FIA_UAU 1 FIA_UID 2 ID TOE ID TOE 8 FIA_UAU 7 Protected authe...

Page 115: ...Xerox Co Ltd Table 42 SA SA SA SA D DOC SA D DOC SA D DOC D DOC SA D DOC SA D DOC SA D FUNC SA D FUNC D FUNC 11 FMT_MTD 1 a FMT_MTD 1 b Management of TSF data TSF FMT_SMF 1 Specification of Managemen...

Page 116: ...CWIS 20 30 900 14 FDP_ACC 1 a FDP_ACC 1 b FDP_ACC 1 c FDP_ACC 1 d FDP_ACC 1 e FDP_ACC 1 f FDP_ACC 1 g Subset access control FDP_ACF 1 a FDP_ACF 1 b FDP_ACF 1 c FDP_ACF 1 d FDP_ACF 1 e FDP_ACF 1 f FDP_...

Page 117: ...Xerox D110 D125 Copier Printer 111 Copyright 2012 by Fuji Xerox Co Ltd D FUNC D DOC 1 D FUNC D DOC 1 SA On Demand Overwrite D DOC SA D DOC SA D DOC On Demand Overwrite D DOC SA...

Page 118: ...Xerox D110 D125 Copier Printer 112 Copyright 2012 by Fuji Xerox Co Ltd D FUNC D FUNC D FUNC D DOC D DOC D FUNC D FUNC D FUNC D DOC D DOC SA TOE Table 44 MFD ID CWIS ID ID MFD ID ID...

Page 119: ...ji Xerox Co Ltd 3 IIT MFD ID IIT ID CWIS ID MFD ID 1 SMB FTP 1 CWIS 7 1 4 TSF_FMT TOE 1 FMT_MOF 1 Management of security functions behaviour FMT_MTD 1 a FMT_MTD 1 b Management of TSF data TSF FMT_SMF...

Page 120: ...Xerox D110 D125 Copier Printer 114 Copyright 2012 by Fuji Xerox Co Ltd TOE ID SA ID ID SA SSL TLS IPSec S MIME On Demand Overwrite Web CWIS TOE ID SA ID ID SA PC SSL TLS IPSec SNMP...

Page 121: ...3 d FMT_MSA 3 e FMT_MSA 3 f FMT_MSA 3 g Static attribute initialization TOE D DOC D FUNC 3 FMT_SMR 1 Security roles TOE SA 7 1 5 TSF_CE_LIMIT TSF_FMT 1 FMT_MOF 1 Management of security functions beha...

Page 122: ...Start End Scheduled Image Overwriting started Successful Failed Scheduled Image Overwriting finished Successful Failed Self Test Successful Failed Login Logout Login Successful Failed Invalid UserID...

Page 123: ...Device Settings Adjust Time Successful Failed Create Mailbox 1 Delete Mailbox 1 Switch Authentication Mode Successful Change Security Setting View Security Setting Successful Device Data Import Certif...

Page 124: ...TG 4 Prevention of audit data loss NVRAM 50 NVRAM 50 15 000 15 000 7 FPT_STM 1 Reliable time stamps TOE TSF_FMT 7 1 7 TSF_NET_PROT 4 1 FTP_ITC 1 Inter TSF trusted channel TSF TOE TOE IT User Document...

Page 125: ..._128_CBC_SHA AES 128 SHA1 TLS_RSA_WITH_AES_256_CBC_SHA AES 256 SHA1 SSL TLS HMAC Hashed Message Authentication Code IETF RFC2104 Web SSL TLS HTTPS SSL TLS IPSec SNMPv3 S MIME b IPSec IPSec TOE TSF IPS...

Page 126: ...Ltd MFD SNMPv3 DES 56 SHA1 d S MIME S MIME S MIME S MIME S MIME MFD S MIME RC2 128 SHA1 3Key Triple DES 168 SHA1 7 1 8 TSF_INF_FLOW external interfaces Shared medium interfaces 1 FPT_FDI_EXP 1 Restric...

Page 127: ...x D110 D125 Copier Printer 121 Copyright 2012 by Fuji Xerox Co Ltd TOE LDAP Kerberos TOE LDAP Kerberos 7 1 9 TSF_S_TEST TOE TSF TOE TSF 1 FPT_TST 1 TSF testing TSF TOE NVRAM SEEPROM TSF TOE Controller...

Page 128: ...ication IIT Image Input Terminal IOT Image Output Terminal IT Information Technology IP Internet Protocol MFD Multi Function Device NVRAM Non Volatile Random Access Memory PDL Page Description Languag...

Page 129: ...td 8 2 Terminology ST ST Scan Network Scan TOE TOE SMB FTP SMTP FTP PDF TIFF JPEG TOE TOE TOE CWIS TOE Web Web TOE CWIS Windows Web User Authentication TOE TOE Local Authentication TOE MFD Remote Auth...

Page 130: ...4 Copyright 2012 by Fuji Xerox Co Ltd ST system administrator mode MFD TOE TOE TOE Auto Clear CWIS Customer Engineer MFD attacker TOE Control Panel MFD Web MFD TOE TSF TOE Printer driver MFD PDL MFD P...

Page 131: ...Xerox D110 D125 Copier Printer 125 Copyright 2012 by Fuji Xerox Co Ltd ST MFD MFD IIT IOT IIT MFD TOE TOE TOE TSF TOE TOE TOE ID 12 256 TOE TOE MFD MFD PC ITU T X 509...

Page 132: ...21 12 1 0 CC 2 Part 2 Security functional components July 2009 Version 3 1 Revision 3 3 1 2 2009 7 CCMB 2009 07 002 21 12 1 0 CC 3 Part 3 Security assurance components July 2009 Version 3 1 Revision 3...

Reviews: