Ricoh imagio MP C6001 Series Скачать руководство пользователя страница 4

Страница: 4 / 90

Page 3 of

3.1

Threats ......................................................................................................................... 32

3.2

Organisational Security Policies.................................................................................. 33

3.3

Assumptions................................................................................................................. 33

Security Objectives.............................................................................................................. 35

4.1

Security Objectives for TOE......................................................................................... 35

4.2

Security Objectives of Operational Environment........................................................ 36

4.2.1 IT

Environment .......................................................................................................36

4.2.2 Non-IT

Environment ...............................................................................................37

4.3

Security Objectives Rationale ...................................................................................... 38

4.3.1

Correspondence Table of Security Objectives.........................................................38

4.3.2 Security

Objectives Descriptions ............................................................................39

Extended Components Definition....................................................................................... 43

5.1

Restricted forwarding of data to external interfaces (FPT_FDI_EXP) ....................... 43

Security Requirements........................................................................................................ 45

6.1

Security Functional Requirements .............................................................................. 45

6.1.1 Class

FAU:

Security audit.......................................................................................45

6.1.2

Class FCS: Cryptographic support .........................................................................48

6.1.3 Class

FDP:

User data protection ............................................................................49

6.1.4

Class FIA: Identification and authentication.........................................................54

6.1.5

Class FMT: Security management..........................................................................57

6.1.6 Class

FPT:

Protection of the TSF............................................................................63

6.1.7 Class

FTA: TOE access............................................................................................64

6.1.8 Class

FTP:

Trusted path/channels..........................................................................64

6.2

Security Assurance Requirements............................................................................... 64

6.3

Security Requirements Rationale................................................................................ 65

6.3.1 Tracing .....................................................................................................................65
6.3.2 Justification

of Traceability.....................................................................................67

6.3.3 Dependency Analysis...............................................................................................73
6.3.4 Security

Assurance

Requirements Rationale .........................................................75

TOE Summary Specification............................................................................................... 76

7.1

Audit Function ............................................................................................................. 76

7.2

Identification and Authentication Function ................................................................ 78

Содержание imagio MP C6001 Series

Страница 1: ...ns of imagio MP C6001 C7501 series Security Target are reprinted with written permission from IEEE 445 Hoes Lane Piscataway New Jersey 08855 from IEEE 2600 1 Protection Profile for Hardcopy Devices Operational Environment A Copyright 2009 IEEE All rights reserved This document is a translation of the evaluated and certified security target written in Japanese ...

Страница 3: ...Indirect User 16 1 4 4 Logical Boundary of TOE 17 1 4 4 1 Basic Functions 17 1 4 4 2 Security Functions 20 1 4 5 Protected Assets 22 1 4 5 1 User Data 22 1 4 5 2 TSF Data 23 1 4 5 3 Functions 23 1 5 Glossary 23 1 5 1 Glossary for This ST 23 2 Conformance Claim 27 2 1 CC Conformance Claim 27 2 2 PP Claims 27 2 3 Package Claims 27 2 4 Conformance Claim Rationale 28 2 4 1 Consistency Claim with TOE T...

Страница 4: ...terfaces FPT_FDI_EXP 43 6 Security Requirements 45 6 1 Security Functional Requirements 45 6 1 1 Class FAU Security audit 45 6 1 2 Class FCS Cryptographic support 48 6 1 3 Class FDP User data protection 49 6 1 4 Class FIA Identification and authentication 54 6 1 5 Class FMT Security management 57 6 1 6 Class FPT Protection of the TSF 63 6 1 7 Class FTA TOE access 64 6 1 8 Class FTP Trusted path ch...

Страница 5: ... Control Function 80 7 4 Use of Feature Restriction Function 82 7 5 Network Protection Function 83 7 6 Residual Data Overwrite Function 83 7 7 Stored Data Protection Function 84 7 8 Security Management Function 84 7 9 Software Verification Function 89 7 10 Fax Line Separation Function 89 ...

Страница 6: ...obs a 52 Table 16 Subjects Objects and Security Attributes b 53 Table 17 Rule to Control Operations on MFP Applications b 53 Table 18 List of Authentication Events of Basic Authentication 54 Table 19 List of Actions for Authentication Failure 54 Table 20 List of Security Attributes for Each User That Shall Be Maintained 55 Table 21 Rules for Initial Association of Attributes 57 Table 22 User Roles...

Страница 7: ...Page 6 of 89 Copyright c 2011 RICOH COMPANY LTD All rights reserved Table 36 Management of TSF Data 85 Table 37 List of Static Initialisation for Security Attributes of Document Access Control SFP 88 ...

Страница 8: ...ard residual data overwrite option and HDD Encryption Card all of which constitute the TOE The MFP is identified by its product name and version MFP versions consist of software and hardware versions The FCU and the Security Card are identified by their respective names and versions The HDD Encryption Card is identified by its name Table 1 shows the identification information of the TOE Table 1 Id...

Страница 9: ...t 1 01x HDD Encryption Card name imagio HDD Encryption Card Type7 Keywords Digital MFP Documents Copy Print Scanner Network Office Fax 1 3 TOE Overview This section defines TOE Type TOE Usage and Major Security Features of TOE 1 3 1 TOE Type This TOE is a digital multi function product hereafter MFP which is an IT device that inputs stores and outputs documents 1 3 2 TOE Usage The operational envi...

Страница 10: ...vided for the MFP which is the TOE itself and hardware and software other than the TOE MFP A machinery that is defined as the TOE The MFP is connected to the office LAN and users can perform the following operations from the Operation Panel of the MFP Various settings for the MFP Copy fax storage and network transmission of paper documents Print fax network transmission and deletion of the stored ...

Страница 11: ...ansmission of the stored documents in the TOE to its folders SMTP Server A server used by the TOE for e mail transmission of the stored documents in the TOE External Authentication Server A server that identifies and authenticates the TOE user with Windows authentication Kerberos authentication method This server is only used when External Authentication is applied The TOE identifies and authentic...

Страница 12: ...ty Management Function Software Verification Function Fax Line Separation Function 1 4 TOE Description This section describes Physical Boundary of TOE Guidance Documents Definition of Users Logical Boundary of TOE and Protected Assets 1 4 1 Physical Boundary of TOE The physical boundary of the TOE is the MFP which consists of the following hardware components shown in Figure 2 Operation Panel Unit...

Страница 13: ...processed by the MFP Control Software on the Controller Board The following describes the components of the Controller Board Processor A semiconductor chip that performs basic arithmetic processing for MFP operations RAM A volatile memory medium which is used as a working area for image processing such as compressing decompressing the image data It can also be used to temporarily read and write in...

Страница 14: ...ccording to display instructions from the Controller Board OpePanel which is one of the components that constitute the TOE is the identifier for the Operation Panel Control Software Engine Unit The Engine Unit consists of Scanner Engine that is an input device to read paper documents Printer Engine that is an output device to print and eject paper documents and Engine Control Board The Engine Cont...

Страница 15: ...nt sets of this TOE are as follows imagio MP C7501 C6001 series Operating Instructions About This Machine D081 7603 imagio MP C7501 C6001 series Operating Instructions Troubleshooting D081 7630 imagio MP C7501 C6001 series Operating Instructions Copy Function Document Server Function D081 7620 imagio MP C7501 C6001 series Quick guide Fax Function D498 8501 imagio MP C7501 C6001 series Quick guide ...

Страница 16: ...OE via RC Gate communication interface Copy Function Fax Function Scanner Function Printer Function Document Server Function and Management Function cannot be used The administrator means the user registered for TOE management According to its roles the administrator can be classified as the supervisor and the MFP administrator Up to four MFP administrators can be registered and selectively author...

Страница 17: ...ed documents This privilege allows access management of stored documents 1 4 3 2 Indirect User Responsible manager of MFP The responsible manager of MFP is a person who is responsible for selection of the TOE administrators in the organisation where the TOE is used Customer engineer The customer engineer is a person who belongs to the organisation which maintains TOE operation The customer enginee...

Страница 18: ...s Figure 3 Logical Scope of the TOE 1 4 4 1 Basic Functions The overview of the Basic Functions is described as follows Copy Function The Copy Function is to scan paper documents and copy scanned image data from the Operation Panel Magnification and other editorial jobs can be applied to the copy image It can also be stored on the HDD as a Document Server document ...

Страница 19: ... the Operation Panel Operating from a Web browser The TOE can print or delete printer documents according to the operations by users from a Web browser Deleting printer documents by the TOE The deletion of printer documents by the TOE differs depending on printing methods If locked print hold print or sample print is specified the TOE deletes printer documents when printing is complete If stored p...

Страница 20: ... documents or documents in the client computer for fax transmission in the TOE Those documents stored in the TOE are called fax documents Paper documents will be scanned and stored using the Operation Panel The documents in the client computer are sent to and stored in the TOE by operating the fax driver installed on the client computer Operation Function for Fax Documents A function to print or d...

Страница 21: ...the procedures that are allowed to customer engineers only If the MFP administrator sets the Service Mode Lock Function to ON the customer engineer cannot use this function In this ST the Service Mode Lock Function is set to ON for the target of evaluation Web Function A function for the TOE user to remotely control the TOE from the client computer To control the TOE remotely the TOE user needs to...

Страница 22: ...ion Panel In addition to this and for the Basic Authentication only this function can be used to register passwords that fulfil the requirements of the Minimum Character No i e minimum password length and obligatory character types the MFP administrator specifies so that the lockout function can be enabled and login password quality can be protected Document Access Control Function The Document Ac...

Страница 23: ...er role privileges or user privileges allocated to normal users MFP administrator and supervisor Software Verification Function The Software Verification Function is to verify the integrity of the executable codes of the MFP Control Software and FCU Control Software and to ensure that they can be trusted Fax Line Separation Function The Fax Line Separation Function is to restrict input information...

Страница 24: ...ges by unauthorised persons and reading by users without viewing permissions In this ST confidential data listed below is referred to as TSF confidential data Login password audit log and HDD cryptographic key 1 4 5 3 Functions The MFP applications Copy Function Document Server Function Printer Function Scanner Function and Fax Function that are for management of the document data of user data are...

Страница 25: ...the TOE The TOE authenticates TOE users by using the login user names and the login passwords registered on the TOE External Authentication One of the procedures for identification and authentication of TOE users who are authorised to use the TOE The TOE authenticates TOE users by using the login user names and the login passwords registered on the external authentication server connected to the M...

Страница 26: ... Function and Fax Function Stored document type Classification of stored documents according to their purpose of use This includes Document Server documents printer documents scanner documents fax documents and received fax documents Document Server documents One of the stored document types Documents stored in the TOE when Document Server storage is selected as the printing method for Copy Functi...

Страница 27: ...om the MFP via networks to the SMTP Server The documents that can be delivered using this function include scanned documents using Scanner Function and scanned and stored document data using Scanner Function S MIME protects the communication for realising this function S MIME user information This information is required for e mail transmission using S MIME Also this information consists of e mail...

Страница 28: ...uly 2009 Version 3 1 Revision 3 Final Japanese translation ver 1 0 Final CCMB 2009 07 003 Functional requirements Part 2 extended Assurance requirements Part 3 conformance 2 2 PP Claims The PP to which this ST and TOE are demonstrable conformant is PP Name Identification 2600 1 Protection Profile for Hardcopy Devices Operational Environment A Version 1 0 dated June 2009 Notes The PP name which is ...

Страница 29: ... PP is written in English the security problem definitions in chapter 3 and security objectives in chapter 4 are translated from English into Japanese If the literal translation of the PP was thought to be difficult for readers to understand the PP in Japanese the translation was made comprehensible This however does not mean that its description deviates from the requirements of the PP conformanc...

Страница 30: ...AU 7 and FIA_SOS 1 For the Basic Authentication function of the TOE FIA_AFL 1 FIA_UAU 7 and FIA_SOS 1 are augmented according to PP APPLICATION NOTE36 Refinement of FIA_UAU 1 a FIA_UAU 1 b FIA_UID 1 a FIA_UID 1 b and FIA_SOS 1 For authentication of normal users of this TOE Basic Authentication conducted by the TOE and authentication conducted by the external authentication server can be used Accor...

Страница 31: ..._FDI_EXP Consistency Rationale of FDP_ACF 1 a While FDP_ACF 1 1 a and FDP_ACF 1 2 a in the PP require the access control SFP to the document data that is defined for each SFR package in the PP this ST requires the access control SFP to the document data that is defined for each document data attribute which is the security attribute for objects This is not a deviation from the PP but an instantiat...

Страница 32: ... 1 a and as a result the TSF restrictively allows the MFP administrator to access the TOE functions Therefore the requirements described in FDP_ACF 1 3 b in the PP are satisfied at the same time The fax reception process which is accessed when receiving from a telephone line is regarded as a user with administrator privileges Therefore FDP_ACF 1 3 b in this ST satisfies FDP_ACF 1 3 b in the PP ...

Страница 33: ...ons with a login user name but without an access permission to the document T FUNC ALT User job alteration User jobs under the TOE management may be altered by persons without a login user name or by persons with a login user name but without an access permission to the user job T PROT ALT Alteration of TSF protected data TSF Protected Data under the TOE management may be altered by persons withou...

Страница 34: ... use of the external interfaces of the TOE operation of those interfaces shall be controlled by the TOE and its IT environment P STORAGE ENCRYPTION Encryption of storage devices The data stored on the HDD inside the TOE shall be encrypted P RCGATE COMM PROTECT Protection of communication with RC Gate As for communication with RC Gate the TOE shall protect the communication data between itself and ...

Страница 35: ...procedures of their organisation are competent to correctly configure and operate the TOE in accordance with the guidance document following those policies and procedures A ADMIN TRUST Trusted administrator The responsible manager of MFP selects administrators who do not use their privileged access rights for malicious purposes according to the guidance document ...

Страница 36: ...of user job alteration The TOE shall protect user jobs from unauthorised alteration by persons without a login user name or by persons with a login user name but without an access permission to the job O PROT NO_ALT Protection of TSF protected data alteration The TOE shall protect TSF Protected Data from unauthorised alteration by persons without a login user name or by persons with a login user n...

Страница 37: ...yption of storage devices The TOE shall ensure that the data is encrypted first and then stored on the HDD O RCGATE COMM PROTECT Protection of communication with RC Gate The TOE shall conceal the communication data on the communication path between itself and RC Gate and detect any tampering with those communication data 4 2 Security Objectives of Operational Environment This section describes the...

Страница 38: ...in users according to the guidance document and ensure that users are aware of the security policies and procedures of their organisation and have the competence to follow those policies and procedures OE ADMIN TRAINED Administrator training The responsible manager of MFP shall ensure that administrators are aware of the security policies and procedures of their organisation have the training comp...

Страница 39: ... Security Objectives O DOC NO_DIS O DOC NO_ALT O FUNC NO_ALT O PROT NO_ALT O CONF NO_DIS O CONF NO_ALT O USER AUTHORIZED OE USER AUTHORIZED O SOFTWARE VERIFIED O AUDIT LOGGED OE AUDIT_STORAGE PROTCTED OE AUDIT_ACCESS_AUTHORIZED OE AUDIT REVIEWED O INTERFACE MANAGED OE PHYSICAL MANAGED OE INTERFACE MANAGED O STORAGE ENCRYPTED O RCGATE COMM PROTECT OE ADMIN TRAINED OE ADMIN TRUSTED OE USER TRAINED T...

Страница 40: ...orised in accordance with the security policies before being allowed to use the TOE By O DOC NO_ALT the TOE protects the documents from unauthorised alteration by persons without a login user name or by persons with a login user name but without an access permission to the document T DOC ALT is countered by these objectives T FUNC ALT T FUNC ALT is countered by O FUNC NO_ALT O USER AUTHORIZED and ...

Страница 41: ...ble manager of MFP gives the authority to use the TOE to users who follow the security policies and procedures of their organisation By O USER AUTHORIZED the TOE requires identification and authentication of users and users are authorised in accordance with the security policies before being allowed to use the TOE By O CONF NO_ALT the TOE protects the TSF confidential data from unauthorised altera...

Страница 42: ...nforced by O INTERFACE MANAGED and OE INTERFACE MANAGED By O INTERFACE MANAGED the TOE manages the operation of the external interfaces in accordance with the security policies By OE INTERFACE MANAGED the TOE constructs the IT environment that prevents unmanaged access to TOE external interfaces P INTERFACE MANAGEMENT is enforced by these objectives P STORAGE ENCRYPTION P STORAGE ENCRYPTION is enf...

Страница 43: ...s upheld by this objective A ADMIN TRUST A ADMIN TRUST is upheld by OE ADMIN TRUSTED By OE ADMIN TRUSTED the responsible manager of MFP selects the administrators and they will not abuse their privileges in accordance with the guidance documents A ADMIN TRUST is upheld by this objective A USER TRAINING A USER TRAINING is upheld by OE USER TRAINED By OE USER TRAINED the responsible manager of MFP i...

Страница 44: ...ily FPT_FDI_EXP has been defined to specify this kind of functionality Component levelling FPT_FDI_EXP Restricted forwarding of data to external interfaces 1 FPT_FDI_EXP 1 Restricted forwarding of data to external interfaces provides for the functionality to require TSF controlled processing of data received over defined external interfaces before these data are sent out on another external interf...

Страница 45: ...ntrol instead of attribute based control It was found that using FDP_IFF and FDP_IFC for this purpose resulted in SFRs that were either too implementation specific for a Protection Profile or too unwieldy for refinement in a Security Target Therefore the authors decided to define an extended component to address this functionality This extended component protects both user data and TSF data and it...

Страница 46: ...ependencies FPT_STM 1 Reliable time stamps FAU_GEN 1 1 The TSF shall be able to generate an audit record of the following auditable events a Start up and shutdown of the audit functions b All auditable events for the selection not specified level of audit and c assignment auditable events of the TOE shown in Table 8 FAU_GEN 1 2 The TSF shall record within each audit record at least the following i...

Страница 47: ...ation of deleting document data Those described above storing printing downloading faxing sending by e mail delivering to folder and deleting are the job types of additional information that are required by the PP FDP_ACF 1 b a Minimal Successful requests to perform an operation on an object covered by the SFP b Basic All requests to perform an operation on an object covered by the SFP c Detailed ...

Страница 48: ...se of the user identification mechanism including the user identity provided b Basic All use of the user identification mechanism including the user identity provided b Basic Success and failure of login operation FMT_SMF 1 a Minimal Use of the management functions a Minimal Record of management items in Table 26 FMT_SMR 1 a Minimal modifications to the group of users that are part of a role b Det...

Страница 49: ...nt no other actions to be taken in case of audit storage failure if the audit trail is full FAU_SAR 1 Audit review Hierarchical to No other components Dependencies FAU_GEN 1 Audit data generation FAU_SAR 1 1 The TSF shall provide assignment the MFP administrators with the capability to read assignment all of log items from the audit records FAU_SAR 1 2 The TSF shall provide the audit records in a ...

Страница 50: ...nment cryptographic operations shown in Table 10 in accordance with a specified cryptographic algorithm assignment cryptographic algorithm shown in Table 10 and cryptographic key sizes assignment cryptographic key sizes shown in Table 10 that meet the following assignment standards shown in Table 10 Table 10 List of Cryptographic Operation Key Type Standard Cryptographic Algorithm Cryptographic Ke...

Страница 51: ...Table 12 List of Subjects Objects and Operations among Subjects and Objects b Subjects Normal user process MFP administrator process Supervisor process RC Gate process Object MFP application Operation Execute FDP_ACF 1 a Security attribute based access control Hierarchical to No other components Dependencies FDP_ACC 1 Subset access control FMT_MSA 3 Static attribute initialisation FDP_ACF 1 1 a Th...

Страница 52: ...ated the document data Document data SCN Delete Normal user process Not allowed However it is allowed for normal user process that created the document data Document data SCN Read Normal user process Not allowed However it is allowed for normal user process that created the document data Document data FAXOUT Delete Normal user process Not allowed However it is allowed for normal user process that ...

Страница 53: ...SF shall explicitly authorise access of subjects to objects based on the following additional rules assignment rules to control operations among subjects and objects shown in Table 15 Table 15 Additional Rules to Control Operations on Document Data and User Jobs a Objects Document Data Attributes Operations Subjects Rules to control Operations Document data PRT Delete MFP administrator process All...

Страница 54: ...Control Operations on MFP Applications b Object Operation Subject Rule to control Operations MFP application Execute Normal user process Allows executing MFP application which MFP administrator allowed in available function list for normal user process FDP_ACF 1 3 b The TSF shall explicitly authorise access of subjects to objects based on the following additional rules assignment rules that the Fa...

Страница 55: ...e defined number of unsuccessful authentication attempts has been selection met the TSF shall assignment perform actions shown in Table 19 Table 19 List of Actions for Authentication Failure Unsuccessfully Authenticated Users Actions for Authentication Failure Normal user The lockout for the normal user is released by the lockout time set by the MFP administrator or release operation by the MFP ad...

Страница 56: ...users No fewer than the minimum character number specified by MFP administrator 8 32 characters and no more than 128 characters For MFP administrators and a supervisor No fewer than the minimum character number specified by MFP administrator 8 32 characters and no more than 32 characters 3 Rule Passwords that are composed of a combination of characters based on the password complexity setting spec...

Страница 57: ...cated refinement authentication of a person who intends to use the TOE from RC Gate communication interface before allowing other TSF mediated actions on behalf of that user FIA_UAU 7 Protected authentication feedback Hierarchical to No other components Dependencies FIA_UAU 1 Timing of authentication FIA_UAU 7 1 The TSF shall provide only assignment displaying dummy letters as authentication feedb...

Страница 58: ...ser attribute definition FIA_USB 1 1 The TSF shall associate the following user security attributes with subjects acting on the behalf of that user assignment login user name of normal user login user name of MFP administrator available function list and user role FIA_USB 1 2 The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on th...

Страница 59: ...P administrator Login user name of normal user for Basic Authentication Query Normal user who owns the applicable login user name Login user name of normal user for External Authentication Query modify delete newly create MFP administrator Login user name of supervisor Query modify Supervisor Newly create MFP administrator Query modify MFP administrator who owns the applicable login user name Logi...

Страница 60: ...ation permission Query modify newly create delete MFP administrator Login user name of normal user for Basic Authentication Query Normal user who owns the applicable login user name Login user name of normal user for External Authentication Query modify delete newly create MFP administrator Query modify MFP administrator Available function list Query however query is not allowed in case of Externa...

Страница 61: ...hical to No other components Dependencies FMT_MSA 1 Management of security attributes FMT_SMR 1 Security roles FMT_MSA 3 1 b The TSF shall enforce the assignment TOE function access control SFP to provide selection assignment the permissive to the available function list restrictive to the function type restrictive to the user role default values for security attributes that are used to enforce th...

Страница 62: ...ator Query modify MFP administrator Date setting year month day time setting hour minute Query Supervisor normal user Minimum character number for Basic Authentication Query MFP administrator Password complexity setting for Basic Authentication Query MFP administrator Audit logs Query delete MFP administrator HDD cryptographic key Newly create MFP administrator Newly create modify query delete MFP...

Страница 63: ... of supervisor by supervisor Modification of login password of MFP administrator by supervisor New creation of login password of MFP administrator by MFP administrator Modification of own login password by MFP administrator Query of minimum character number by MFP administrator when the Basic Authentication is used Query of Password Complexity by MFP administrator when the Basic Authentication is ...

Страница 64: ...shall be able to provide reliable time stamps FPT_TST 1 TSF testing Hierarchical to No other components Dependencies No dependencies FPT_TST 1 1 The TSF shall run a suite of self tests selection during initial start up to demonstrate the correct operation of selection assignment the MFP Control Software FCU Control Software FPT_TST 1 2 The TSF shall provide authorised users with the capability to ...

Страница 65: ...m modification or disclosure FTP_ITC 1 2 The TSF shall permit selection the TSF another trusted IT product to initiate communication via the trusted channel FTP_ITC 1 3 The TSF shall initiate communication via the trusted channel for assignment communication via the LAN of document data function data protected data and confidential data and communication with RC Gate via the LAN 6 2 Security Assur...

Страница 66: ...on ASE_TSS 1 TOE summary specification ATE_COV 2 Analysis of coverage ATE_DPT 1 Testing basic design ATE_FUN 1 Functional testing ATE Tests ATE_IND 2 Independent testing sample AVA Vulnerability assessment AVA_VAN 2 Vulnerability analysis 6 3 Security Requirements Rationale This section describes the rationale for security requirements If all security functional requirements are satisfied as below...

Страница 67: ...O SOFTWARE VERIFIED O AUDIT LOGGED O STORAGE ENCRYPTED O RCGATE COMM PROTECT FAU_GEN 1 X FAU_GEN 2 X FAU_STG 1 X FAU_STG 4 X FAU_SAR 1 X FAU_SAR 2 X FCS_CKM 1 X FCS_COP 1 X FDP_ACC 1 a X X X FDP_ACC 1 b X FDP_ACF 1 a X X X FDP_ACF 1 b X FDP_RIP 1 X X FIA_AFL 1 X FIA_ATD 1 X FIA_SOS 1 X FIA_UAU 1 a X X FIA_UAU 1 b X X FIA_UAU 2 X X FIA_UAU 7 X FIA_UID 1 a X X FIA_UID 1 b X X FIA_UID 2 X X FIA_USB 1...

Страница 68: ...To fulfil this security objective it is required to implement the following countermeasures 1 Specify and implement the access control to the document data FDP_ACC 1 a and FDP_ACF 1 a only allow the following persons to view document data according to the document data attributes the normal user who generated the document data or the normal user who is registered on the document user list of the d...

Страница 69: ... by FDP_RIP 1 3 Use trusted channels for sending or receiving document data The document data sent and received by the TOE via the LAN interface are protected by FTP_ITC 1 4 Management of the security attributes FMT_MSA 1 a specifies the available operations newly create query modify and delete on the login user name and available operations query and modify on the document user list and a specifi...

Страница 70: ...d data The TSF protected data sent and received by the TOE via the LAN are protected by FTP_ITC 1 By satisfying FMT_MTD 1 FMT_SMF 1 FMT_SMR 1 and FTP_ITC 1 which are the security functional requirements for these countermeasures O PROT NO_ALT is fulfilled O CONF NO_DIS Protection of TSF confidential data disclosure O CONF NO_DIS is the security objective to allow only users who can maintain the se...

Страница 71: ...o that only valid users can use the TOE functions The authentication failure handling and verification of secrets are the security policies for authentication using passwords when the TOE is accessed from the Operation Panel or a Web browser of client computer documents are printed by using the client computer and faxed by LAN fax from the client computer To fulfil this security objective it is re...

Страница 72: ...ion type FMT_MSA 3 b sets the permissive default value to the available function list and sets the restrictive default value to the function type By satisfying FDP_ACC 1 b FDP_ACF 1 b FIA_UID 1 a FIA_UID 1 b FIA_UID 2 FIA_UAU 1 a FIA_UAU 1 b FIA_UAU 2 FIA_ATD 1 FIA_USB 1 FIA_UAU 7 FIA_AFL 1 FIA_SOS 1 FTA_SSL 3 FMT_MSA 1 b and FMT_MSA 3 b which are the security functional requirements for these cou...

Страница 73: ... the security intrusion and allow the MFP administrator to view the audit log To fulfil this security objective it is required to implement the following countermeasures 1 Record the audit log FAU_GEN 1 and FAU_GEN 2 record the events which should be auditable with the identification information of the occurrence factor 2 Protect the audit log FAU_STG 1 protects the audit logs from the alteration ...

Страница 74: ...ion data between the TOE and RC Gate are concealed and any tampering on the communication path is detected To fulfil this security objective it is required to implement the following countermeasure 1 Use trusted channel for the communication with RC Gate FTP_ITC 1 allows the TOE to establish the communication that protects the data from tampering and disclosure for the communication between the TO...

Страница 75: ...A_SOS 1 None None None FIA_UAU 1 a FIA_UID 1 a FIA_UID 1 a None FIA_UAU 1 b FIA_UID 1 b FIA_UID 1 b None FIA_UAU 2 FIA_UID 1 FIA_UID 2 None FIA_UAU 7 FIA_UAU 1 FIA_UAU 1 None FIA_UID 1 a None None None FIA_UID 1 b None None None FIA_UID 2 None None None FIA_USB 1 FIA_ATD 1 FIA_ATD 1 None FPT_FDI_EXP 1 FMT_SMF 1 FMT_SMR 1 FMT_SMF 1 FMT_SMR 1 None FMT_MSA 1 a FDP_ACC 1 a or FDP_IFC 1 FMT_SMR 1 FMT_S...

Страница 76: ...P is assumed that it will be used in a general office and this TOE does not assume the attackers with the possibility of moderate or greater level attacks Architectural design ADV_TDS 2 is adequate to show the validity of commercially available products A high attack potential is required for the attacks that circumvent or tamper with the TSF which is not covered in this evaluation The vulnerabili...

Страница 77: ...e recorded and expanded log items are recorded only when audit events occur and the audit log items shown in Table 31 are recorded FPT_STM 1 The date year month day and time hour minute second the TOE records for the audit log are derived from the system clock of the TOE FAU_SAR 1 FAU_SAR 2 and FAU_STG 1 The TOE displays the operation menu for audit logs to be read on a Web browser screen only whe...

Страница 78: ...n interface is excluded Table 31 List of Audit Log Items Audit Log Items Setting Values of Audit Log Items Audit Events to record Audit Logs Starting date time of an event Values of the TOE system clock at an event occurrence Ending date time of an event Values of the TOE system clock at an event occurrence Event types Audit event identity Subject identity User or TOE identity for an audit event c...

Страница 79: ... password entered from each driver by a user When the entered login user name is the login user name of a normal user MFP administrator or supervisor the TOE checks if the entered login password match with the one pre registered in the TOE FIA_UAU 1 b and FIA_UID 1 b Application of External Authentication The TOE identifies and authenticates a user by checking the login user name and login passwor...

Страница 80: ...inates a session with RC Gate immediately after the communication with RC Gate is complete FIA_UAU 7 Regarding login passwords entered by a person who intends to use the TOE from the Operation Panel or a Web browser the TOE does not display the entered login password but it displays a sequence of dummy characters whose length is the same as that of the entered password FIA_AFL 1 When Basic Authent...

Страница 81: ...Gate When the TOE receives a certificate from an IT device to access the TOE via RC Gate communication interface the TOE checks if the certificate matches another certificate installed in the TOE Only if the certificate sent from the IT device matches the one installed in the TOE so that the IT device is identified as RC Gate the IT device whose user role is RC Gate is allowed to use the TOE FPT_F...

Страница 82: ... list of the stored documents that register the login user names of the normal users who logged in to the document user list and an operation menu They will be displayed according to the rules shown in Table 33 The privileges that allow users to edit the document user list are shown in 7 8 Security Management Function Also the TOE allows only the user job owner to view and delete the document data...

Страница 83: ...s are privileged to use Document Server Function 2 Access control rule on user jobs The TOE displays on the Operation Panel a menu to cancel a user job only if the user who logs in from the Operation Panel is a user job owner or MFP administrator and a cancellation of a user job is attempted by the owner or MFP administrator Other users are not allowed to operate user jobs When a user job is cance...

Страница 84: ...ws the encrypted communications provided by the TOE Table 34 Encrypted Communications Provided by the TOE Encrypted communications provided by the TOE Communicating Devices Protocols Cryptographic Algorithms Client computer TLS1 0 AES 128bits 256bits 3DES 168bits External authentication server Kerberos AES 128bits 256bits 3DES 168bits RC Gate SSL3 0 TLS1 0 AES 128bits 256bits 3DES 168bits FTP serv...

Страница 85: ...the data so that data leakage can be prevented FCS_CKM 1 and FCS_COP 1 The TOE encrypts data before writing it on the HDD and decrypts the encrypted data after reading it from the HDD This process is applied to all data written on and read from the HDD Detailed cryptographic operations are shown in Table 35 Table 35 List of Cryptographic Operations for Stored Data Protection Encryption triggering ...

Страница 86: ... Newly create MFP administrator Query modify Applicable MFP administrator Login user name of MFP administrator Operation Panel Web browser Query Supervisor Document data attributes No operation interfaces available No operations allowed Document user list Stored document types are Document Server document scanner document fax document and printer document with stored print Operation Panel Web brow...

Страница 87: ...ed Operation Panel Web browser Query MFP administrator Settings for Lockout Release Timer when Basic Authentication is applied Web browser Query MFP administrator Lockout time for Basic Authentication Web browser Query MFP administrator Query modify MFP administrator Date settings year month day Operation Panel Web browser Query Supervisor normal user Query modify MFP administrator Time Operation ...

Страница 88: ...whose operations are allowed by the TOE 1 The login user name of a normal user that is registered on an external authentication server is not changed even though the MFP administrator newly creates modifies and deletes the login user name of the normal user 2 If the MFP administrator modifies stored and received document users and if the stored document type of the document user list of document d...

Страница 89: ...t from the client computer Document data stored document types are Document Server document scanner document and fax document Document user list Default values of a document user list assigned to each user Document data stored document type is printer document Document user list Login user name of a normal user who stored the document data Document data stored document type is fax received documen...

Страница 90: ...ays the error message and becomes unavailable If the hash matches its original value and the certificate is verified the TOE becomes available The TOE also verifies the integrity of the audit log data files The TOE outputs the information used for integrity verification so that the integrity of the FCU Control Software can be verified To check the integrity of the FCU Control Software the informat...

Результаты поиска

Содержание imagio MP C6001 Series

Отзывы:

Похожие инструкции для imagio MP C6001 Series

Бренды по названию

Популярные бренды

Ricoh imagio MP C6001 Series, Руководство пользователя

Результаты поиска

Содержание imagio MP C6001 Series

Отзывы:

Похожие инструкции для imagio MP C6001 Series

Бренды по названию

Популярные бренды