Ricoh imagio MP 6001 series, Aficio MP 9001 Series Скачать руководство пользователя страница 69

Страница: 69 / 83

Page 68 of 82

Following are the explanations of each functional item in "SF.I&A

User Identification and

Authentication Function" and their corresponding security functional requirements.

7.1.2.1

User Identification and Authentication

The TOE displays a login window when users attempt to use the TOE Security Functions from the

Operation Panel or the Web Service Function. This window requires the user to enter their ID and password,

and then identifies and authenticates the user based on the entered user IDs and passwords.

The TOE also identifies and authenticates the user based on the user ID and password sent from the client

computer when the TOE receives a request from the client computer for printing or transmitting faxes.

The TOE binds successfully authenticated users to the processes available to them (general user processes,

administrator processes, or supervisor processes) according to their user roles (general users, administrators,

or a supervisor), associates each process with the security attributes of that role, and maintains those

bindings and associations. If the user is a general user, the TOE binds the general user to general user

processes, associates general user processes with a general user ID and the document data default ACL, and

maintains those bindings and associations. If the user is an administrator, the TOE binds the administrator

to administrator processes, associates administrator processes with the administrator ID and the

administrator roles, and maintains those bindings and associations. If the user is a supervisor, the TOE

binds the supervisor to supervisor processes, associates supervisor processes with the supervisor ID, and

maintains those bindings and associations.

Authentication methods vary according to the user's role. Table 27 shows the authentication methods for

each user role.

Table 27: User roles and authentication methods

User roles

Authentication methods

General users

Check if the general user ID and password entered by the user match a general
user ID and corresponding password registered in the Address Book.

Administrators

Check if the administrator ID and password entered by the user match an
administrator ID and corresponding password registered to the TOE.

Supervisor

Check if the supervisor ID and password entered by the user match a supervisor
ID and corresponding password registered to the TOE.

By the above, FIA_ATD.1 (User attribute definition), FIA_UAU.2 (User authentication before any action),

FIA_UID.2 (User identification before any action), FIA_USB.1 (User-subject binding), FMT_SMF.1

(Specification of Management Functions), and FMT_SMR.1 (Security Roles) are satisfied.

7.1.2.2

Actions in Event of Identification and Authentication Failure

The TOE counts the number of failed identification and authentication attempts made under each ID, as

described in "7.1.2.1 User Identification and Authentication". When the number of failed consecutive

attempts reaches the machine administrator-specified Number of Attempts before Lockout, the TOE locks

out the user, and sets the Lockout Flag for that user to "Active". The machine administrator can specify 1 to

5 as the Number of Attempts before Lockout.

When a user authenticates successfully, as described in "7.1.2.1 User Identification and Authentication", the

Содержание imagio MP 6001 series, Aficio MP 9001 Series

Страница 1: ...Copyright c 2010 RICOH COMPANY LTD All Rights Reserved imagio MP 7501 6001 series Aficio MP 9001 8001 7001 6001 series Security Target Author RICOH COMPANY LTD Date 2010 08 31 Version 1 00 ...

Страница 3: ... 12 1 4 2 Guidance Documents 15 1 4 3 User Roles 17 1 4 3 1 Responsible Manager of MFP 17 1 4 3 2 Administrator 17 1 4 3 3 Supervisor 17 1 4 3 4 General User 18 1 4 3 5 Customer Engineer 18 1 4 4 Logical Boundaries of TOE 18 1 4 4 1 Basic Functions 19 1 4 4 2 Security Functions 21 1 4 5 Protected Assets 25 1 4 5 1 Document Data 25 1 4 5 2 Print Data 25 2 Conformance Claim 26 2 1 CC Conformance Cla...

Страница 4: ...cation 44 6 1 5 Class FMT Security management 46 6 1 6 Class FPT Protection of the TSF 53 6 1 7 Class FTP Trusted path channels 53 6 2 Security Assurance Requirements 55 6 3 Security Requirements Rationale 56 6 3 1 Tracing 56 6 3 2 Justification of Traceability 57 6 3 3 Dependency Analysis 61 6 3 4 Security Assurance Requirements Rationale 63 7 TOE Summary Specification 64 7 1 TOE Security Functio...

Страница 5: ...rmation 73 7 1 4 4 Management of General User Information 73 7 1 4 5 Management of Machine Control Data 74 7 1 5 SF CE_OPE_LOCK Service Mode Lock Function 75 7 1 6 SF CIPHER Encryption Function 75 7 1 6 1 Encryption of Document Data 75 7 1 7 SF NET_PROT Network Communication Data Protection Function 76 7 1 7 1 Use of Web Service Function from Client Computer 76 7 1 7 2 Printing and Faxing from Cli...

Страница 6: ...tion 43 Table 14 List of authentication events 44 Table 15 Lockout release actions 44 Table 16 Rules for initial association of attributes 46 Table 17 Management roles of security attributes 47 Table 18 Characteristics of static attribute initialisation 48 Table 19 List of TSF data management 48 Table 20 List of specifications of Management Functions 50 Table 21 Services requiring trusted paths 54...

Страница 7: ...Page 6 of 82 Copyright c 2010 RICOH COMPANY LTD All Rights Reserved Table 34 List of encryption operations on data stored on the HDD 76 Table 35 Specific terms used in this ST 78 ...

Страница 8: ...th an optional product Fax Controller Unit hereafter called FCU The MFP is identified by the product name of the MFP hereafter called MFP name MFP model and version of software hardware and the FCU is identified by the product name of the FCU hereafter called FCU name and the version of FCU The following are the identification information for the TOE Manufacturer RICOH COMPANY LTD MFP Name Table 1...

Страница 9: ...ier LD390 Lanier MP 6001 Lanier MP 7001 Lanier MP 8001 Lanier MP 9001 Gestetner MP 6001 Gestetner MP 7001 Gestetner MP 8001 Gestetner MP 9001 nashuatec MP 6001 nashuatec MP 7001 nashuatec MP 8001 nashuatec MP 9001 Rex Rotary MP 6001 Rex Rotary MP 7001 Rex Rotary MP 8001 Rex Rotary MP 9001 infotec MP 6001 infotec MP 7001 infotec MP 8001 infotec MP 9001 MFP Model SP MFP Version Software System Copy ...

Страница 10: ...T device that provides the functions of a copier scanner printer and fax optional These functions are for digitising paper documents and managing and printing them 1 3 2 TOE Usage and Major Security Features of TOE The TOE has functions for inputting paper and electronic documents into the TOE storing the input document data and outputting it Paper documents are input using the MFP s scanning devi...

Страница 11: ... above each function is described in 1 4 4 2 Security Functions 1 3 3 Environment for TOE Usage and Non TOE Configuration Items The TOE is assumed to be located in a general office The TOE can be connected to other devices over a network telephone line or USB connection according to users needs Users can operate the TOEfrom the Operation Panel a client computer connected to the local network or a ...

Страница 12: ...nstalled on the client computer To print and fax from the client computer via the internal network or USB connection the printer driver RPCS printer driver for Ricoh imagio MP 7501 6001 series MFP and the PCL printer driver for Ricoh Internal network Internal network Internet External network Telephone line Office Firewall USB Connect Printer driver Fax driver Web browser Printer driver Fax driver...

Страница 13: ...ine A telephone line is a line used to send and receive fax data from an external fax when the optional fax is installed Firewall A firewall is a device that is set between the internal and the external network and prote cts the internal network from the external network 1 4 TOE Description This section describes thephysical boundaries of the TOE user guidance documents user roles logical boundari...

Страница 14: ... after input information has been sent from the key switches and LCD touch screen to the MFP Control Software or in response to direct instructions from the MFP Control Software Engine Unit The Engine Unit contains a Scanner Engine Printer Engine and the Engine Control Board The Scanner Engine is an input device to read the paper documents The Printer Engine is an output device for printing and ou...

Страница 15: ... carries out the basic arithmetic processing of the MFP operation FlashROM A memory medium that System Copy Network Support Fax Web Support Web Uapl and Network Doc Box are installed on These components identify the TOE of theMFP Control Software RAM A volatile memory medium used for image processing NVRAM A non volatile memory medium in which MFP Control Data for configuring the MFP operation is ...

Страница 16: ...the guidance document sets depends on the sales areas and or companies Details of the document sets are as follows Japanese version imagio MP 9001 7501 6001 series Operating Instructions About This Machine Written in Japanese imagio MP 9001 7501 6001 series Operating Instructions Troubleshooting Written in Japanese imagio MP 9001 7501 6001 series Operating Instructions Copy Document Server Referen...

Страница 17: ...P 6001 MP 6001 SP MP 7001 MP 7001 SP MP 8001 MP 8001 SP MP 9001 MP 9001 SP Manuals for Administrators 9060 9060sp 9070 9070sp 9080 9080sp 9090 9090sp MP 6001 MP 6001 SP MP 7001 MP 7001 SP MP 8001 MP 8001 SP MP 9001 MP 9001 SP LD360 LD360 sp LD370 LD370 sp LD380 LD380 sp LD390 LD390 sp Aficio MP 6001 MP 6001 SP MP 7001 MP 7001 SP MP 8001 MP8001 SP MP 9001 MP 9001 SP Notes for Security Functions Not...

Страница 18: ...nistrator One to four administrators can be registered for the TOE Administrator roles for administrators include user administration machine administration network administration and file administration Administrators may have concurrent administrator roles and administrator roles can be assigned to one or more administrators One default administrator is registered and assigned to all four admini...

Страница 19: ... data in the TOE and perform operations on the document data 1 4 3 5 Customer Engineer A customer engineer hereafter CE is an expert in maintenance of the TOE and is employed by manufacturers technical support service companies and sales companies 1 4 4 Logical Boundaries of TOE The logical boundaries of the TOE comprise the functions provided by the TOE This section describes the Basic Functions ...

Страница 20: ...upervisor are provided with the Management Function These functions are accessed by pushing the relevant buttons on the Operation Panel General users administrators and supervisor can use the Web Service Functions depending on their role Copy Function This function is for scanning originals and printing the scanned image according to the Print Settings specified by the user Print Settings include ...

Страница 21: ...in the D BOX for faxing can be printed and deleted using the Document Server Function which is part of the Basic Functions and described later Although the MFP provides IP Fax and Internet Fax Function as a part of the Fax Function no evaluation based on this document is applied to these functions Scanner Function This function is for scanning and digitising paper originals and delivering scanned ...

Страница 22: ...rinter Function can be printed When document data is printed the Print Setting information for the stored document data will be updated according to the user s settings 2 Sending document data stored in the D BOX Document data stored using the Scanner Function can be sent 3 Deleting document data stored in the D BOX 4 Downloading document data stored in the D BOX Document data stored using the Sca...

Страница 23: ...word being viewed by others Password Quality Maintenance This forces users to register passwords that satisfy both the Minimum Password Length and Password Complexity Setting which the user administrator sets in advance Although this TOE has other Identification and Authentication Functions this evaluation does not cover the functions other than those listed above Document Data Access Control Func...

Страница 24: ...s The communication protocol that is used to protect the communication data differs according to the method by which the document or print data is sent The network administrator decides the communication protocol to apply based on the environment in which the TOE is operating and the intended usage of the TOE 1 Download document data using the Web Service Function from a client computer SSL protoc...

Страница 25: ...ave at least one administrator role one or more of their roles must be given to a new administrator when they register another administrator If administrators delete all of their own administrator roles their administrator information will be automatically deleted 3 Management of general user information Allows only users with specified user roles to newly create change and delete general user inf...

Страница 26: ...twork or the USB Port that is then converted to a format that the TOE can handle Storing Document Data Document data stored inside the TOE is stored in the D BOX The D BOX protects the document data from unauthorised access and leakage Outputting Document Data Document data can be output by the following five methods 1 Sent by e mail to a client computer to the e mail address 2 Sent to SMB or FTP ...

Страница 27: ...Part 2 Security functional components September 2007 Version 3 1 Revision 2 Japanese translation ver 2 0 CCMB 2007 09 002 Part 3 Security assurance components September 2007 Version 3 1 Revision 2 Japanese translation ver 2 0 CCMB 2007 09 003 Functional requirements Part 2 conformance Assurance requirements Part 3 conformance 2 2 PP Claims Package Claims This ST and TOE do not conform to any PPs T...

Страница 28: ...ss violation to protected assets stored in TOE Authorised TOE users may breach the limits of authorised usage and access document data through the external TOE interfaces the Operation Panel network interface or USB Port that are provided forthem T ABUSE_SEC_MNG Abuse of Security Management Function Persons not authorised to use Security Management Functions may abuse them T SALVAGE Salvaging memo...

Страница 29: ...OE securely in the roles assigned to them and will instruct general users to operate the TOE securely also Additionally administrators shall not abuse their permissions maliciously A SUPERVISOR Assumptions for supervisor A supervisor shall have sufficient knowledge to operate the TOE securely in the roles assigned to him her and shall not abuse his her permission maliciously A NETWORK Assumption f...

Страница 30: ...hich they have permission O DOC_ACC Access control to protected assets The TOE shall ensure general users have access to document data according to their permissions to process document data The TOE shall also allow the file administrator to delete document data stored in the D BOX O MANAGE Security management The TOE shall only allow specified users to manage its Security Functions TSF data and s...

Страница 31: ...cted to an external network such as the Internet the organisation that manages operation of the internal network shall close any unnecessary ports between the external and internal networks e g by employing a firewall 4 3 Security Objectives Rationale This section describes the rationale of the security objectives If all security objectives are fulfilled as explained in the following the security ...

Страница 32: ...operate the TOE securely in the roles assigned to them and instruct general users to operate the TOE securely also Additionally administrators are unlikely to abuse their permissions As specified by OE ADMIN the responsible manager of the MFP shall select trusted persons as administrators and instruct them on their administrator roles Once instructed administrators then shall instruct general user...

Страница 33: ...dentified by O I A to access to document data according to the operation permission on document data that are assigned to the authorised users roles and the authorised users by O DOC_ACC For example if the authorised user is the general user the TOE allows the general user to perform operations on document data according to the operation permissions If the authorised user is a file administrator t...

Страница 34: ... or not O NET PROTECT was performed Therefore the TOE can counter T TRANSIT T FAX_LINE Intrusion via telephone line To counter this threat the TOE prevents the intrusion from a telephone line connected to Fax Unit to the TOE by O LINE_PROTECT In addition the performance of O LINE_PROTECT is recorded as audit logs by O AUDIT and the function to read audit logs is only provided to the machine admini...

Страница 35: ...s Reserved 5 Extended Components Definition In this ST and TOE there are no extended components i e the new security requirements and security assurance requirements that are not described in the CC which is claimed the conformance in 2 1 CC Conformance Claim ...

Страница 36: ...encies FPT_STM 1 Reliable time stamps FAU_GEN 1 1 The TSF shall be able to generate an audit record of the following auditable events a Start up and shutdown of the Audit Functions b All auditable events for the selection not specified level of audit and c assignment auditable events of the TOE shown inTable 5 Table 5 shows the actions CC rules recommended by the CC as auditable for each functiona...

Страница 37: ... Basic All requests to perform an operation on an object covered by the SFP c Detailed The specific security attributes used in making an access check Individually defined auditable events 1 Storage of document data successful 2 Reading of document data successful 3 Deletion of document data successful FDP_IFC 1 None FDP_IFF 1 a Minimal Decisions to permit requested information flows b Basic All d...

Страница 38: ... authentication mechanism Basic 1 Login Outcome Success Failure FIA_UAU 7 None FIA_UID 2 a Minimal Unsuccessful use of the user identification mechanism including the user identity provided b Basic All use of the user identification mechanism including the user identity provided Basic 1 Login Outcome Success Failure FIA_USB 1 a Minimal Unsuccessful binding of user security attributes to a subject ...

Страница 39: ...ministrator roles 2 Lockout release by the unlocking administrator 3 Changing time and date of system clock FMT_SMR 1 a Minimal modifications to the group of users that are part of a role b Detailed every use of the rights of a role a Minimal 1 Adding and deleting administrator roles FPT_STM 1 a Minimal changes to the time b Detailed providing a timestamp a Minimal 1 Changing time and date of syst...

Страница 40: ...ncluded in the PP ST assignment communication IP address IDs of persons whose authentication information is created changed deleted Locking out users release of user Lockout method of Lockout release IDs of object d ocument data FAU_SAR 1 Audit review Hierarchical to No other components Dependencies FAU_GEN 1 Audit data generation FAU_SAR 1 1 The TSF shall provide assignment the machine administra...

Страница 41: ...ith a specified cryptographic key generation algorithm assignment cryptographic key generation algorithm shown in Table 6 and specified cryptographic key size assignment cryptographic key size shown in Table 6 that meet the following assignment standard shown in Table 6 Table 6 List of cryptographic key generation Key type Standard Cryptographic key generation algorithm Cryptographic key size HDD ...

Страница 42: ...ts and operations among subjects and objects Subjects Objects Operations among subjects and objects Administrator process Document data Deleting document data General user process Document data Storing document data Reading document data Deleting document data FDP_ACF 1 Security attribute based access control Hierarchical to No other components Dependencies FDP_ACC 1 Subset access control FMT_MSA ...

Страница 43: ...s has permission to delete document data if the general user ID associated with the general user process matches either the document file owner ID or a document file user ID in the document data ACL associated with the document data and if the matched ID has permission for editing deleting or full control permission FDP_ACF 1 3 The TSF shall explicitly authorise access of subjects to objects based...

Страница 44: ...curity attributes Subject Fax process on Fax Unit No security attributes Subject Fax reception process on Controller Board No security attributes Information Data received from a telephone line Data type Note Data type means the type of data received from a telephone line and indicates whether this is fax or non fax data FDP_IFF 1 2 The TSF shall permit an information flow between a controlled sub...

Страница 45: ... of the Lockout release actions shown in Table 15 is taken Table 15 Lockout release actions Lockout release actions Details Auto Lockout Release If the user fails to authenticate after making the number of attempts specified for Lockout release and the Lockout time between 1 and 9999 minutes set in advance by the machine administrator has elapsed then Lockout will be released upon the first succes...

Страница 46: ...user administrator 8 32 characters and no more than 128 characters For administrators and a supervisor No fewer than theMinimum Password Length specified by the user administrator 8 32 characters and no more than 32 characters 3 Rule Passwords that are composed of a combination of characters based on the Password Complexity Setting specified by the user administrator can be registered The user adm...

Страница 47: ...nforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users assignment rules for the initial association of attributes listed in Table16 Table 16 Rules for initial association of attributes Users Subjects Security attributes of users General user General user process General user ID Document data default ACL Administrator Administra...

Страница 48: ...o own the administrator IDs Administrator IDs Query Supervisor Administrator roles Query add delete Administrators who are assigned these administrator roles Supervisor ID Query change Supervisor Document data ACL Query modify File administrator Document file owner General users who have full control operation permissions for the relevant document data Document data default ACL a data item of gene...

Страница 49: ...cation of Management Functions FMT_MTD 1 1The TSF shall restrict the ability to selection query modify delete assignment register change entirely delete newly create the assignment list of TSF data management in Table 19 to assignment roles in Table 19 Table 19 List of TSF data management TSF data Operations User roles Newly create change delete User administrator Authentication information of gen...

Страница 50: ...e administrator Supervisor Lockout Flag for general users Query modify User administrator Lockout Flag for administrators Query modify Supervisor Lockout Flag for supervisor Query modify Machine administrator Query newly create delete change User administrator Applicable general users of S MIME user information S MIME user information a data item of general user information Query General users Des...

Страница 51: ...tes used to make explicit access based decisions None Attributes data type used to make explicit access based decisions are fixed and there are no interfaces to change FIA_AFL 1 a Management of the threshold for unsuccessful authentication attempts b Management of actions to be taken in the event of an authentication failure a Security Management Function management of machine control data managem...

Страница 52: ...administrator authentication information by supervisor Security Management Function management of supervisor information management of supervisor authentication information by supervisor FIA_UAU 7 None FIA_UID 2 a Management of the user identities Security Management Function management of general user information management of general user IDs by the user administrator Security Management Functio...

Страница 53: ...general user information c None No rules by which security attributes inherit specified values FMT_MTD 1 a Managing the group of roles that can interact with the TSF data None No groups of roles can interact with TSF data FMT_SMF 1 None FMT_SMR 1 a Managing the group of users that are part of a role Management of administrator roles by administrators FPT_STM 1 a Management of the time Security Man...

Страница 54: ...nt encryption function of the Ic Ctlr FPT_TST 1 2 The TSF shall provide authorised users with the capability to verify the integrity of the selection assignment HDD cryptographic key FPT_TST 1 3 The TSF shall provide authorised users with the capability to verify the integrity of stored TSF executable code 6 1 7 Class FTP Trusted path channels FTP_ITC 1 Inter TSF trusted channel Hierarchical to No...

Страница 55: ...trusted path FTP_TRP 1 3 The TSF shall require the use of the trusted path for selection initial user authentication assignment TOE web service printing service from a client computer fax s ervice from a client computer and e mail service to a client computer from the TOE Table 21 shows the services that require the trusted path defined in FTP_TRP 1 3 and used by each user who communicates via tru...

Страница 56: ...guidance AGD Guidance documents AGD_PRE 1 Preparative procedures ALC_CMC 3 Authorisation controls ALC_CMS 3 Implementation representation CM coverage ALC_DEL 1 Delivery procedures ALC_DVS 1 Identification of security measures ALC Life cycle support ALC_LCD 1 Developer defined life cycle model ASE_CCL 1 Conformance claims ASE_ECD 1 Extended components definition ASE_INT 1 ST introduction ASE_OBJ 2 ...

Страница 57: ...nts and TOE security objectives The v in the table indicates that the TOE security functional requirement fulfils the TOE security objective Table 23 shows that each TOE security functional requirementfulfils at least one TOE security objective Table 23 Relationship between security objectives and functional requirements O AUDIT O I A O DOC_ACC O MANAGE O MEM PROTECT O NET PROTECT O GENUINE O LINE...

Страница 58: ...formation whenever an AuditFunction starts and ends whenever an identification or authentication function is performed whenever users operate protected assets whenever protected assets are encrypted and whenever a major Management Function is performed The log also records the date time type subject identity and outcome of each event b Provide Audit Function To fulfil O AUDIT access to audit logs ...

Страница 59: ...FIA_UAU 7 prevents passwords being viewed by displaying masking characters asterisks or bullets in place of each password character entered in the authentication feedback area FIA_SOS 1 accepts only passwords that satisfy theMinimum Password Length and password character combination specified by the user administrator and it enables only passwords that are not easily guessable FIA_AFL 1 also reduc...

Страница 60: ... general users with full control operation permission for the document data to query and modify the default ACLs of document data FMT_MSA 3 specifies the default value of the document data ACL for storage of new document data 2 Management and protection of TSF data To fulfil O MANAGE access to TSF data shall be limited to specified users For this FMT_MTD 1 allows the machine administrator to query...

Страница 61: ...orithm based on BSI AIS31 and FCS_COP 1 encrypts document data when it is stored on the HDD and decrypts it when it is read from the HDD using the encryption keys generated with the AES encryption algorithm which corresponds to FIPS197 Additionally FTP_TST 1 tests at the TOE start up the validity of encryption keys and the performance of the IcCtlr where encryption is performed and this prevents s...

Страница 62: ... To fulfil O LINE_PROTECT unauthorised access by an attacker to the TOE via telephone line shall be prevented For this FDP_IFC 1 and FDP_IFF 1 allow fax data to pass from thefax process on the Fax Unit to the fax reception process on the Controller Board only if the data received from the telephone line is fax data 6 3 3 Dependency Analysis Table 24 shows the correspondence of dependencies in this...

Страница 63: ..._SMR 1 None FMT_SMF 1 None None None FMT_SMR 1 FIA_UID 1 FIA_UID 2 FIA_UID 1 FPT_STM 1 None None None FPT_TST 1 None None None FTP_ITC 1 None None None FTP_TRP 1 None None None The following explains the rationale of acceptability in all cases where a dependency is not satisfied Rationale for Removing Dependencies on FCS_CKM 4 In this TOE the HDD encryption keys are stored in an area that cannot b...

Страница 64: ... TOE exists Architectural design ADV_TDS 2 is adequate to show the validity of commercially available products A high attack potential is required for attacks that circumvent or tamper with the TSF which is not covered in this evaluation The vulnerability analysis AVA_VAN 2 is therefore adequate for general needs However protection of the secrecy of relevant information is required to make securit...

Страница 65: ...SEC_MNG Security Management Function SF CE_OPE_LOCK Service Mode Lock Function SF CIPHER Encryption Function SF NET_PROT Network Communication Data Protection Function SF FAX_LINE Protection Function for Intrusion via Telephone Line SF GENUINE MFP Control Software Verification Function As Table 25 shows at least one TOE Security Function satisfies each security functional requirements described in...

Страница 66: ...he security functional requirements that correspond to these TOE Security Functions 7 1 1 SF AUDIT Audit Function The TOE starts the AuditFunction when power is supplied and the TOE starts up and keeps running the Audit Function until power down While the AuditFunction is running the TOE creates audit logs whenever an auditable event occurs These audit logs must be protected from loss before audit...

Страница 67: ...able events Basic audit information Expanded audit information Starting Audit Function 1 Ending Audit Function 1 Login Starting Lockout Locked out user Releasing Lockout Locked out user who is to be released Release methods auto Lockout release manual Lockout release Lockout release at TOE startup 2 HDD encryption key generation Successful storage of document data ID of object document data Succes...

Страница 68: ...e the user IDs but can identify systems are set Since there are no interfaces on the TOE for modifying audit logs unauthorised modification for the audit logs are not performed and the machine administrator who can delete the audit logs will not carry out any malicious acts using administrator privileges By the above FAU_GEN 1 Audit data generation FAU_STG 1 Protected audit trail storage and FAU_S...

Страница 69: ...ndings and associations If the user is a supervisor the TOE binds the supervisor to supervisor processes associates supervisor processes with the supervisor ID and maintains those bindings and associations Authentication methods vary according to the user s role Table 27 shows the authentication methods for each user role Table 27 User roles and authentication methods User roles Authentication met...

Страница 70: ...nistrator any role or a supervisor is locked out as a special Lockout release operation restarting the TOE releases Lockout Table 28 Unlocking administrators for each user role User roles locked out users Unlocking administrators General users User administrator Administrators all administrator roles Supervisor Supervisor Machine administrator By the above FIA_AFL 1 Authentication failure handling...

Страница 71: ...computer where the user authenticated Availability of document data is based on the roles assigne d to the user who has been successfully authenticated by the Identification and Authentication Function or the authorisation assigned to the individual user This section describes the access control function that allows users to access document data based on their user role Following are the explanati...

Страница 72: ...F SEC_MNG Security Management Function and their corresponding security functional requirements 7 1 4 1 Management of Document Data ACL Management of the document data ACL allows operations on the document data ACL from theOperation Panel or Web Service Function to be restricted to specified users only Operations on the document data ACL include changing the document file owner and the document fi...

Страница 73: ...stering and deleting document file users and changing the document file users operation permissions for the document data By the above FMT_MSA 1 Management of security attributes FMT_MSA 3 Static attribute initialisation and FMT_SMF 1 Specification of management functions are satisfied 7 1 4 2 Management of Administrator Information Management of administrator information allows only specified use...

Страница 74: ...MT_MTD 1 Management of TSF data FMT_SMF 1 Specification of management functions and FMT_SMR 1 Security roles are satisfied 7 1 4 4 Management of General User Information Management of general user information allows only specified users to perform all or some of the operations involved in creating changing and deleting general user information from the Operation Panel or Web Service Function Gener...

Страница 75: ...machine control data by specified users only The TOE allows only specified users to use the functions that set the machine control data from specified operation interfaces Table 33 shows for each item of machine control data the range of values that can be set the operations available the authorised setter and the operation interfaces allowed by the TOE The TOE also allows the user administrator a...

Страница 76: ... all authorised users to view the value of the setting If the Service Mode Lock Function is set to Off the TOE allows only the CE to use theMaintenance Functions If it is set to On the TOE does not allow the CE to use theMaintenance Functions By the above FMT_MTD 1 Management of TSF data is satisfied 7 1 6 SF CIPHER Encryption Function The TOE encrypts the document data to be stored on the HDD Fol...

Страница 77: ...raphic operation FMT_MTD 1 Management of TSF data and FPT_TST 1 TSF testing are satisfied 7 1 7 SF NET_PROT Network Communication Data Protection Function This protects document data and print data in transit on internal networks from leakage and also detects attempts at tampering Following are explanations of each functional item in SF NET_PROT Network Communication Data Protection Function and t...

Страница 78: ... for Intrusion via Telephone Line When it receives fax data from the telephone line the TOE passes the data to theController Board If the received data is not fax data the TOE discards it By the above FDP_IFC 1 Subset information flow control and FDP_IFF 1 Simple security attributes are satisfied 7 1 9 SF GENUINE MFP Control Software Verification Function At every TOE start up the MFP Control Soft...

Страница 79: ...connected to a telephone line MFP An abbreviation for digital multi function product In this ST MFP also refers to the TOE Responsible manager of MFP A person in an organisation in which MFPs are used and who has authority to assign MFP administrators and a supervisor Or the person who is responsible for the organisation Examples MFP purchaser MFP owner manager of a department where MFPs are used ...

Страница 80: ... supervisor Network administration An administrator role assigning responsibility for management of the TOE s network connections The network administrator is a person with network management responsibility Network control data MFP control data for connecting MFP to networks Minimum Password Length The minimum number of digits that can be registered in passwords Password Complexity Setting The min...

Страница 81: ...users as data items that include the general user ID general user authentication information document data default ACL and S MIME user information General user authentication information A password for identification and authentication of a general user Print data The document files in a client computer that are sent to the TOE from a client computer to be printed or faxed Drivers must be installe...

Страница 82: ...a stored earlier in the D BOX Direct Print Function A function that prints print data received by the TOE Immediate Transmission A function that dials first then faxes data while scanning the original Internal networks Networks managed by an organisation that has an MFP Normally refers to an office LAN environment established as an intranet Document file owner General users who are registered in t...

Страница 83: ... Japanese translated version Common Criteria for Information Technology Security Evaluation Version3 1 Part 1 Introduction and general model Revision 1 Japanese translation ver 1 2 Part 2 Security functional components Revision 2 Japanese translation ver 2 0 Part 3 Security assurance components Revision 2 Japanese translation ver 2 0 Evaluation Methodology English version Common Methodology for In...

Результаты поиска

Содержание imagio MP 6001 series, Aficio MP 9001 Series

Отзывы:

Похожие инструкции для imagio MP 6001 series, Aficio MP 9001 Series

Бренды по названию

Популярные бренды

Ricoh imagio MP 6001 series, Aficio MP 9001 Series, Руководство пользователя

Результаты поиска

Содержание imagio MP 6001 series, Aficio MP 9001 Series

Отзывы:

Похожие инструкции для imagio MP 6001 series, Aficio MP 9001 Series

Бренды по названию

Популярные бренды