Xerox WorkCentre 5845 Скачать руководство пользователя страница 34 | Manualshive

Страница: 34 / 83

background image

Xerox Multi-Function Device Security Target

34

Copyright



2013 Xerox Corporation. All rights reserved.

The following actions could be considered for the management functions in
FMT:

a) definition of the role(s) that are allowed to perform the management

activities;

b) management of the conditions under which direct forwarding can be

allowed by an administrative role;

c) revocation of such an allowance.

Audit:

FPT_FDI_EXP.1

The following actions should be auditable if FAU_GEN Security Audit Data
Generation is included in the PP/ST:

a) There are no auditable events foreseen.

Rationale:

Quite often a TOE is supposed to perform specific checks and process data
received on one external interface before such (processed) data is allowed to
be  transferred  to  another  external  interface.  Examples  are  firewall  systems
but also other systems that require a specific work flow for the incoming data
before  it  can  be  transferred.  Direct  forwarding  of  such  data  (i.e.  without
processing  the  data first)  between different  external  interfaces  is  therefore a
function that

– if allowed at all – can only be allowed by an authorized role.

It has been viewed as useful to have this functionality as a single component
that allows specifying the property to disallow direct forwarding and require
that only an authorized role can allow this. Since this is a function that is quite
common for a number of products, it has been viewed as useful to define an
extended component.

The  Common  Criteria  defines  attribute-based  control  of  user  data  flow  in  its
FDP  class.  However,  in  this  Security  Target,  the authors  needed  to  express
the  control  of  both  user  data  and TSF  data  flow  using  administrative  control
instead  of  attribute-based  control.  It  was  found  that  using  FDP_IFF  and
FDP_IFC  for  this  purpose  resulted  in  SFRs  that  were  too  unwieldy  for
refinement  in a Security Target. Therefore,  the authors decided to define an
extended component to address this functionality.

This  extended  component  protects  both  user  data  and  TSF  data,  and  could
therefore  be  placed  in  either  the  FDP  or  FPT  class.  Since  its  purpose  is  to
protect  the  TOE  from  misuse,  the  authors  believed  that  it  was  most
appropriate to place it in the FPT class. It did not fit well in any of the existing
families in either class, and this lead the authors to define a new family with
just one member.

FPT_FDI_EXP.1

Restricted forwarding of data to external interfaces

Hierarchical to:

No other components.

Dependencies:

FMT_SMF.1 Specification of Management Functions
FMT_SMR.1 Security roles.

«
...
32
33
34
35
36
...
»

Содержание WorkCentre 5845

Страница 1: ...evice Security Target WorkCentre 5845 5855 5865 5875 5890 7220 7225 7830 7835 7845 7855 ColorQube 9301 9302 9303 Prepared by Xerox Corporation Computer Sciences Corporation 800 Phillips Road 7231 Park...

Страница 2: ...reserved Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and or other counties All copyrights referenced herein are the property of their respectiv...

Страница 3: ...9 3 1 3 Operations 21 3 1 4 Channels 21 3 2 ASSUMPTIONS 22 3 3 THREATS 23 3 3 1 Threats Addressed by the TOE 23 3 3 2 Threats Addressed by the IT Environment 23 3 4 ORGANIZATIONAL SECURITY POLICIES 24...

Страница 4: ...SECURITY FUNCTIONAL REQUIREMENTS 57 6 7 RATIONALE FOR SECURITY ASSURANCE REQUIREMENTS 64 6 8 RATIONALE FOR DEPENDENCIES 65 6 8 1 Security Functional Requirement Dependencies 65 6 8 2 Security Assuran...

Страница 5: ...THE TOE 22 TABLE 13 THREATS TO USER DATA 23 TABLE 14 THREATS TO TSF DATA 23 TABLE 15 ORGANIZATIONAL SECURITY POLICIES 24 TABLE 16 SECURITY OBJECTIVES FOR THE TOE 25 TABLE 17 SECURITY OBJECTIVES FOR T...

Страница 6: ...Xerox Multi Function Device Security Target WorkCentre 5845 5855 5865 5875 5890 7220 7225 7830 7835 7845 7855 ColorQube 9301 9302 9303 ST Version 2 0 Revision Number 2 0 Publication Date 25 November...

Страница 7: ...Switched Telephone Network PSTN connections and also enables LanFax1 Xerox s Workflow Scanning Accessory is part of the TOE configuration This accessory allows documents to be scanned at the device wi...

Страница 8: ...i Function Device Security Target 8 Copyright 2013 Xerox Corporation All rights reserved Figure 2 Xerox WorkCentre 7220 7225 Figure 3 Xerox WorkCentre 7830 7835 7845 7855 Figure 4 Xerox ColorQube 9301...

Страница 9: ...ry image data consists of the original data submitted and additional files created during a job All partitions of the HDD used for spooling temporary files are encrypted The encryption key is created...

Страница 10: ...card Kerberos and Lightweight Directory Access Protocol LDAP for network authentication 1 2 2 TOE Type The TOE is an MFD that provides copy and print document scanning and optional fax services 1 2 3...

Страница 11: ...etwork Controller WorkCentre 5845 5855 5865 5875 5890 071 190 103 06400 071 193 06410 LL WorkCentre 7220 7225 071 030 103 06400 071 033 06410 LL WorkCentre 7830 7835 071 010 103 06400 071 043 06410 LL...

Страница 12: ...put 1 3 2 Logical Scope of the TOE The logical scope of the TOE includes all software and firmware that are installed on the product see Table 3 The TOE logical boundary is composed of the security fu...

Страница 13: ...TOE may alternatively be configured to use an external authentication store as described by section 1 3 2 3 The TOE enforces administrator defined session timeout periods for the LUI and Web UI 1 3 2...

Страница 14: ..._NET_SEC The TOE supports the following secure communication protocols TLS for Web UI SFTP and TLS for document transfers to the remote file depository IPsec for communication over IPv4 and IPv6 and K...

Страница 15: ...capabilities Network Authorization When configured the printer references an anauthorization server for authorization information such as role for the authenticated user Reprint Saved Jobs The Reprin...

Страница 16: ...ecurity Evaluation Part 3 Security Assurance Components Version 3 1 Revision 3 CCMB 2009 07 003 This ST claims the following CC conformance Part 2 extended Part 3 conformant Evaluation Assurance Level...

Страница 17: ...rity objective for the IT environment OE USER AUTHENTICATED has been added in accordance to application notes 37 42 and 43 from IEEE Std 2600 2 2009 The statement of Security Requirements contains the...

Страница 18: ...ntation Identification and Authentication FIA_UAU 7 The packages shown in Table 6 from IEEE Std 2600 2 2009 have been augmented with additional including iterated SFRs from CC Part 2 Table 6 IEEE Std...

Страница 19: ...TOE security policy TSP Administrators may possess special privileges that provide capabilities to override portions of the TSP This ST specifies U ADMINISTRATOR System Administrator U ADMINISTRATOR A...

Страница 20: ...on TSF Protected Data or protection from both unauthorized disclosure and unauthorized alteration TSF Confidential Data The data assets have been identified and categorized in Table 9 and Table 10 bel...

Страница 21: ...ch physical document input is duplicated to physical document output F FAX Faxing a function in which physical document input is converted to a telephone based document facsimile fax transmission and...

Страница 22: ...ast one input channel and one output channel would be present in any HCD configuration and at least one of those channels would be either an Original Document Handler or a Hardcopy Output Handler 3 2...

Страница 23: ...ts The threats and policies defined in this ST address the threats posed by these threat agents This section describes threats to assets described in section 3 1 2 Table 13 Threats to user data Threat...

Страница 24: ...R AUTHORIZATION To preserve operational accountability and security Users will be authorized to use the TOE only as permitted by the TOE Owner P SOFTWARE VERIFICATION To detect corruption of the execu...

Страница 25: ...Document Data from unauthorized alteration O FUNC NO_ALT The TOE shall protect User Function Data from unauthorized alteration O PROT NO_ALT The TOE shall protect TSF Protected Data from unauthorized...

Страница 26: ...exported from the TOE to another trusted IT product the TOE Owner shall ensure that those records are protected from unauthorized access deletion and modifications OE AUDIT_ACCESS AUTHORIZED If audit...

Страница 27: ...d have the training and competence to follow those policies and procedures OE ADMIN TRAINED The TOE Owner shall ensure that TOE Administrators are aware of the security policies and procedures of thei...

Страница 28: ...olicies and assumptions T DOC DIS X X X X T DOC ALT X X X X T FUNC ALT X X X X T PROT ALT X X X X T CONF DIS X X X X T CONF ALT X X X X P USER AUTHORIZATION X X X P SOFTWARE VERIFICATION X P AUDIT LOG...

Страница 29: ...OE USER AUTHENTICATED establishes alternative remote means for user identification and authentication as the basis for authorization T FUNC ALT User Function Data may be altered by unauthorized perso...

Страница 30: ...stablishes responsibility of the TOE Owner to appropriately grant authorization OE USER AUTHENTICATED establishes alternative remote means for user identification and authentication as the basis for a...

Страница 31: ...ewed O AUDIT LOGGED creates and maintains a log of TOE use and security relevant events and prevents unauthorized disclosure or alteration O AUDIT_STORAGE PROTECTE D protects internal audit records fr...

Страница 32: ...INING Administrators are aware of and trained to follow security policies and procedures OE ADMIN TRAINED establishes responsibility of the TOE Owner to provide appropriate Administrator training A AD...

Страница 33: ...capability for attackers to misuse external interfaces to violate the security of the TOE or devices that are connected to the TOE s external interfaces Therefore direct forwarding of unprocessed dat...

Страница 34: ...nality as a single component that allows specifying the property to disallow direct forwarding and require that only an authorized role can allow this Since this is a function that is quite common for...

Страница 35: ...Xerox Corporation All rights reserved FPT_FDI_EXP 1 1 The TSF shall provide the capability to restrict data received on assignment list of external interfaces from being forwarded without further pro...

Страница 36: ...eet its security objectives e g configuration management testing and vulnerability assessment These requirements are discussed separately within the following subsections 6 1 Conventions All operation...

Страница 37: ...affic to and from that destination Operations Pass network traffic Note The TOE cannot enforce the IP Filtering SFP when it is configured for IPv6 6 2 2 User Access Control SFP The Security Function P...

Страница 38: ...documents U ADMINISTRATOR System Administrator Allowed D FUNC Any Attribute except CPY Modify U NORMAL U ADMINISTRATOR Denied PRT Delete U NORMAL Denied except for his her own documents U ADMINISTRAT...

Страница 39: ...Hence the ST is conformant to IEEE Std 2600 2 2009 Application Note A document D DOC is owned by a User U User if that document was created or submitted to the TOE by that User The only exception are...

Страница 40: ...identified in Table 23 The rest of this section contains a description of each component and any related dependencies Table 23 TOE security functional requirements Functional Component ID Functional...

Страница 41: ...omponents Dependencies FPT_STM 1 Reliable time stamps FAU_GEN 1 1 The TSF shall be able to generate an audit record of the following auditable events Start up and shutdown of the audit functions All a...

Страница 42: ...ole FMT_SMR 1 Minimum None required Changes to the time FPT_STM 1 Minimum None required Failure of the trusted channel functions 2 FTP_ITC 1 Minimum Non required 6 3 1 2 FAU_GEN 2 User identity associ...

Страница 43: ...pendencies FDP_ITC 1 Import of user data without security attributes or FDP_ITC 2 Import of user data with security attributes or FCS_CKM 1 Cryptographic key generation FCS_CKM 4 Cryptographic key des...

Страница 44: ...rate cryptographic keys in accordance with a specified cryptographic key generation algorithm the cryptographic algorithms listed in the Cryptographic Algorithm column of Table 26 and specified crypto...

Страница 45: ...other components Dependencies FDP_ITC 1 Import of user data without security attributes or FDP_ITC 2 Import of user data with security attributes or FCS_CKM 1 Cryptographic key generation FCS_CKM 4 1...

Страница 46: ...bjects and objects controlled under the User Access Control SFP in Table 21 and for each the indicated security attributes in Table 21 FDP_ACF 1 2 USER The TSF shall enforce the following rules to det...

Страница 47: ...ed on the following additional rules none FDP_ACF 1 4 FUNC The TSF shall explicitly deny access of subjects to objects based on the none Application Note This SFR is FDP_ACF 1 b from The IEEE Std 2600...

Страница 48: ...information flow based on the following rules if there are no rules with matching security attributes or if a rule explicitly denies an information flow Application Note When custom rules have not bee...

Страница 49: ...ification Hierarchical to No other components Dependencies No dependencies FIA_UID 1 1 The TSF shall allow job requests to be received via printing protocols on behalf of the user to be performed befo...

Страница 50: ...change_default modify delete read the security attributes all to U ADMINISTRATOR System Administrator Application Note This SFR is FMT_MSA 1 a from The IEEE Std 2600 2 PP 6 3 6 2 FMT_MSA 1 FUNC Manage...

Страница 51: ...l enforce the TOE Function Access Control Policy to provide permissive default values for security attributes that are used to enforce the SFP FMT_MSA 3 2 FUNC The TSF shall allow the U ADMINISTRATOR...

Страница 52: ...archical to No other components Dependencies FMT_SMF 1 Specification of Management Functions FMT_SMR 1 Security Roles FMT_MTD 1 1 KEY The TSF shall restrict the ability to modify delete create the IPs...

Страница 53: ...e 802 1x Enable disable and configure IPsec Configure specify the IP address and or IP address range port and port range for remote trusted IT products presumed allowed to connect to the TOE via the n...

Страница 54: ...in other SFRs 6 3 7 Class FPR Privacy There are no Class FPR security functional requirements for this Security Target 6 3 8 Class FPT Protection of the TSF 6 3 8 1 FPT_STM 1 Reliable time stamps Hie...

Страница 55: ...configurable amount of time in the LUI or on the WebUI 6 3 10 Class FTP Trusted paths channels 6 3 10 1 FTP_ITC 1 Inter TSF trusted channel Hierarchical to No other components Dependencies No dependen...

Страница 56: ...les This extended component as defined in IEEE 2600 2 does not provide a mechanism for specifying authorized identified roles For this reason the authorized identified role that is not included in thi...

Страница 57: ...2 Security objectives ASE_REQ 2 Derived security requirements ASE_SPD 1 Security problem definition ASE_TSS 1 TOE summary specification ATE Tests ATE_COV 1 Evidence of coverage ATE_FUN 1 Functional te...

Страница 58: ...AUTHORIZED O INTERFACE MANAGED O SOFTWARE VERIFIED O AUDIT LOGGED O AUDIT_STORAGE PROTECTED SFRs FAU_GEN 1 P P FAU_GEN 2 P P FAU_STG 1 P FAU_STG 4 P FCS_COP 1 S S S S S S FCS_CKM 1 S S S S S S FCS_CKM...

Страница 59: ...1 MGMT1 P P P FMT_MTD 1 MGMT2 P P P FMT_MTD 1 FILTER P P P FMT_MTD 1 KEY P P P FMT_SMF 1 S S S S S S S FMT_SMR 1 S S S S S S S FPT_STM 1 S S FPT_TST 1 P FPT_FDI_EXP 1 P FTA_SSL 3 P P FTP_ITC 1 P P P...

Страница 60: ...roles O DOC NO_DIS Protection of User Document Data from unauthorized disclosure FDP_RIP 1 Enforces protection by making residual data unavailable O CONF NO_DIS O PROT NO_ALT O CONF NO_ALT Protection...

Страница 61: ...ication FIA_UAU 7 Supports authorization by protecting passwords FIA_UID 1 Enforces authorization by requiring user identification FIA_USB 1 Enforces authorization by distinguishing subject security a...

Страница 62: ...s management of external interfaces by requiring user authentication FIA_UID 1 Enforces management of external interfaces by requiring user identification FTA_SSL 3 Enforces management of external int...

Страница 63: ...f relevant events FPT_STM 1 Supports audit policies by requiring time stamps associated with events O AUDIT_STORA GE PROTECTED Logging and authorized access to audit events FAU_GEN 1 Enforces audit po...

Страница 64: ...escribe Hardcopy Devices used in commercial information processing environments that require a moderate level of document security network security and security assurance The TOE environment will be e...

Страница 65: ...ncies and whether the dependency was satisfied Table 31 SFR dependencies satisfied Functional Component Dependency ies Satisfied FAU_GEN 1 FPT_STM 1 Yes FAU_GEN 2 FAU_GEN 1 Yes FIA_UID 1 Yes FAU_STG 1...

Страница 66: ...T_MSA 3 FUNC FMT_MSA 1 Yes FMT_MSA 1 FUNC FMT_SMR 1 Yes FMT_MTD 1 MGMT1 FMT_SMF 1 Yes FMT_SMR 1 Yes FMT_MTD 1 MGMT2 FMT_SMF 1 Yes FMT_SMR 1 Yes 3 The dependency of FDP_IFF 1 FILTER on FMT_MSA 3 is not...

Страница 67: ..._FLR 3 SAR dependencies satisfied Assurance Component ID Dependencies Satisfied ADV_ARC 1 ADV_FSP 1 ADV_TDS 1 Yes hierarchically Yes ADV_FSP 2 ADV_TDS 1 Yes ADV_TDS 1 ADV_FSP 2 Yes AGD_OPE 1 ADV_FSP 1...

Страница 68: ...ASE_ECD 1 None ASE_INT 1 None ASE_OBJ 2 ASE_SPD 1 Yes ASE_REQ 2 ASE_ECD 1 ASE_OBJ 2 Yes Yes ASE_SPD 1 None ASE_TSS 1 ADV_FSP 1 ASE_INT 1 ASE_REQ 1 Yes hierarchically Yes Yes hierarchically ATE_COV 1...

Страница 69: ...Protection Disk Encryption TSF_FDP_UDE 7 1 1 Image Overwrite TSF_IOW FDP_RIP 1 The TOE implements an image overwrite security function using a three pass overwrite procedure consistent with U S Depar...

Страница 70: ...W FPT_FDI_EXP 1 The only physical shared medium interface of the TOE is the network interface The TOE controls and restricts the data information flow from the LUI document scanner and document feeder...

Страница 71: ...must authenticate by entering a username and password prior to being granted access to the LUI or the Web UI While the user is typing the password the TOE obscures each character entered Upon successf...

Страница 72: ...able events The time reference is hardware based CPU clock The system administrator must set the time The audit log tracks user identification and authentication system administrator actions and failu...

Страница 73: ...ol policy based on a configurable rule set The information flow control policy IPFilter SFP is defined by the system administrator through specifying a series of rules to accept deny or drop packets T...

Страница 74: ...can only be canceled deleted during its execution Once completed the job is removed 7 1 10 4 Print Print jobs can be submitted remotely via printing protocols e g lpr port 9100 or from the WebUI Print...

Страница 75: ...ead or deleted D DOC faxOUT Read Delete Once a job is submitted only a system administrator can delete the job before it is fully completed in the case of delayed send for example D FUNC faxOUT Delete...

Страница 76: ...orporation All rights reserved loaded is compared to the expected software version number any corruption of this data will be reported The system administrator can verify the integrity of the TOE soft...

Страница 77: ...cation Security measure that verifies a claimed identity Authentication data Information used to verify a claimed identity Authorization Permission granted by an entity authorized to do so to perform...

Страница 78: ...ion operations that protect and defend information and information systems by ensuring their availability integrity authentication confidentiality and non repudiation This includes providing for resto...

Страница 79: ...ecurity Target Private medium interface Mechanism for exchanging data that 1 use wired or wireless electronic methods over a communications medium which in conventional practice is not accessed by mul...

Страница 80: ...y of the TOE TSF Protected Data Assets for which alteration by a User who is not an Administrator or the owner of the data would have an effect on the operational security of the TOE but for which dis...

Страница 81: ...Host Configuration Protocol DIS Disclosure DSR Document Storage And Retrieval EAL Evaluation Assurance Level EIP Extensible Interface Platform FIPS Federal Information Processing Standard HCD Hardcopy...

Страница 82: ...cation PPM Page Per Minute PP Protection Profile PRT Print PSTN Public Switched Telephone Network SCN Scan SFP Security Function Policy SFR Security Functional Requirement SMI Shared Medium Interface...

Страница 83: ...neral Model B2 Common Methodology for Information Technology Security Evaluation Version 3 1 Release 3 Evaluation Methodology B3 IEEE Std 100 The Authoritative Dictionary of IEEE Standards Terms Seven...

Отзывы:

Нет отзывов

Похожие инструкции для WorkCentre 5845

Бренд: DataCard Страницы: 2

Бренд: Nantian Electronics Страницы: 4

Бренд: Xante Страницы: 6

Бренд: Xerox Страницы: 532

Бренд: Xerox Страницы: 174

Phaser 6115 MFP

Бренд: Xerox Страницы: 2

Phaser 6115 MFP

Бренд: Xerox Страницы: 219

Бренд: Xerox Страницы: 5

Бренд: Xerox Страницы: 3

Phaser 6128 MFP

Бренд: Xerox Страницы: 2

Phaser 6128 MFP

Бренд: Xerox Страницы: 16

Бренд: Xerox Страницы: 2

Бренд: Xerox Страницы: 9

Бренд: Xerox Страницы: 12

Бренд: Xerox Страницы: 2

Бренд: Xerox Страницы: 2

Бренд: Xerox Страницы: 4

Бренд: Xerox Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды