Xerox WorkCentre 5845, Информация пользователя

Страница: 3 / 83

Xerox Multi-Function Device Security Target
3
Copyright

2013 Xerox Corporation. All rights reserved.
Table of Contents
1. INTRODUCTION ........................................................................................................ 6
1.1. ST
AND
TOE I
DENTIFICATION
....................................................................................................... 6
1.2. TOE O
VERVIEW
........................................................................................................................ 7
1.2.1. Usage and Security Features ............................................................................................ 7
1.2.2. TOE Type ........................................................................................................................ 10
1.2.3. Required Non-TOE Hardware, Software and Firmware ................................................. 10
1.3. TOE D
ESCRIPTION
................................................................................................................... 11
1.3.1. Physical Scope of the TOE .............................................................................................. 11
1.3.2. Logical Scope of the TOE ................................................................................................ 12
1.4. E
VALUATED
C
ONFIGURATION
..................................................................................................... 15
2. CONFORMANCE CLAIMS ...................................................................................... 16
2.1. C
OMMON
C
RITERIA
C
ONFORMANCE
C
LAIMS
................................................................................ 16
2.2. P
ROTECTION
P
ROFILE
C
LAIMS
.................................................................................................... 16
2.3. P
ACKAGE
C
LAIMS
.................................................................................................................... 16
2.4. R
ATIONALE
............................................................................................................................. 17
3. SECURITY PROBLEM DEFINITION ....................................................................... 19
3.1. D
EFINITIONS
........................................................................................................................... 19
3.1.1. Users .............................................................................................................................. 19
3.1.2. Objects (Assets) .............................................................................................................. 19
3.1.3. Operations...................................................................................................................... 21
3.1.4. Channels ......................................................................................................................... 21
3.2. A
SSUMPTIONS
......................................................................................................................... 22
3.3. T
HREATS
................................................................................................................................ 23
3.3.1. Threats Addressed by the TOE ....................................................................................... 23
3.3.2. Threats Addressed by the IT Environment...................................................................... 23
3.4. O
RGANIZATIONAL
S
ECURITY
P
OLICIES
.......................................................................................... 24
4. SECURITY OBJECTIVES ........................................................................................ 25
4.1. S
ECURITY
O
BJECTIVES FOR THE
TOE ............................................................................................ 25
4.2. S
ECURITY
O
BJECTIVES FOR THE
O
PERATIONAL
E
NVIRONMENT
.......................................................... 26
4.3. S
ECURITY
O
BJECTIVES FOR THE
N
ON
-IT E
NVIRONMENT
.................................................................. 27
4.4. R
ATIONALE FOR
S
ECURITY
O
BJECTIVES
......................................................................................... 27
5. EXTENDED COMPONENTS DEFINITION .............................................................. 33
5.1. FPT_FDI_EXP R
ESTRICTED FORWARDING OF DATA TO EXTERNAL INTERFACES
.................................... 33
6. SECURITY REQUIREMENTS ................................................................................. 36
6.1. C
ONVENTIONS
........................................................................................................................ 36
6.2. TOE S
ECURITY
P
OLICIES
............................................................................................................ 37
6.2.1. IP Filter SFP ..................................................................................................................... 37
6.2.2. User Access Control SFP ................................................................................................. 37
6.2.3. TOE Function Access Control SFP ................................................................................... 39
6.3. S
ECURITY
F
UNCTIONAL
R
EQUIREMENTS
....................................................................................... 40
6.3.1. Class FAU: Security audit ................................................................................................ 41
6.3.2. Class FCO: Communication ............................................................................................ 43
6.3.3. Class FCS: Cryptographic support ................................................................................... 43