Xerox WorkCentre 5845 Скачать руководство пользователя страница 70 | Manualshive

Страница: 70 / 83

background image

Xerox Multi-Function Device Security Target

70

Copyright



2013 Xerox Corporation. All rights reserved.

after the job has completed, the files are overwritten, and this is called
Immediate Image Overwrite (IIO).

The TOE automatically starts an IIO procedure for all abnormally terminated
copy, print, scan or fax

jobs stored on the HDD prior to coming “on line” when

any of the following occurs: a reboot or once the MFD is turned back on after
a power failure/disorderly shutdown.

The  image  overwrite  security  function  can  also  be  invoked  manually  (on
demand)  by  the  system  administrator  (ODIO).    Once  invoked,  the  ODIO
cancels all print and scan jobs, halts the printer interface (network), performs
the  overwrites,  and  then  the  network  controller  reboots.    A  scheduling
function  allows  ODIO  to  be  executed  on  a  recurring  basis  as  set  up  by  the
System Administrator.

A standard ODIO overwrites all files written to temporary storage areas of the
HDD. A full ODIO overwrites those files as well as the Fax mailbox/dial
directory and Scan to mailbox data.

An ODIO cannot be aborted from either the WebUI or LUI.

TSF_IOW overwrites the contents of the reserved section on the hard disk
using a three pass overwrite procedure.

7.1.2.

Information Flow Security (TSF_FLOW)

FPT_FDI_EXP.1

The only physical shared-medium interface of the TOE is the network
interface.

The TOE controls and restricts the data/information flow from the LUI,
document scanner and document feeder to the network interface by brokering
all data through an intermidary subsystem. A connectivity subsystem further
processes the data before sending it to the network interface.

The TOE provides separation between the optional fax processing board and
the network interface and therefore prevents an interconnection between the
PSTN and the internal network.  This separation is realized in software, as by
design,  these  interfaces  may  only  communicate  via  an  intermediary.    All
internal  command  calls  (API)  and  response messages for  both  the    network
and  fax  interfaces  are  statically  defined  within  the  TOE.  No  user  or  system
administrator is able to change their formats or functionalities.

The fax software runs two independent processes, for sending and receiving
job data through the fax card respectively. There is no internal communication
between these two processes.

The same job data will never be active on both the fax interface and network
interface  at  the  same  time.    For  network  interface  to  fax  interface  (LanFax)
jobs,  the  entire  job  must  be  received  as  an  image  and  buffered  in  memory
before  it  is  sent  out  through  the  fax  interface.    Likewise,  for  fax  interface  to
network  interface  (fax  forwarding  to  email)  jobs,  the  entire  job  must  be

«
...
68
69
70
71
72
...
»

Содержание WorkCentre 5845

Страница 1: ...evice Security Target WorkCentre 5845 5855 5865 5875 5890 7220 7225 7830 7835 7845 7855 ColorQube 9301 9302 9303 Prepared by Xerox Corporation Computer Sciences Corporation 800 Phillips Road 7231 Park...

Страница 2: ...reserved Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and or other counties All copyrights referenced herein are the property of their respectiv...

Страница 3: ...9 3 1 3 Operations 21 3 1 4 Channels 21 3 2 ASSUMPTIONS 22 3 3 THREATS 23 3 3 1 Threats Addressed by the TOE 23 3 3 2 Threats Addressed by the IT Environment 23 3 4 ORGANIZATIONAL SECURITY POLICIES 24...

Страница 4: ...SECURITY FUNCTIONAL REQUIREMENTS 57 6 7 RATIONALE FOR SECURITY ASSURANCE REQUIREMENTS 64 6 8 RATIONALE FOR DEPENDENCIES 65 6 8 1 Security Functional Requirement Dependencies 65 6 8 2 Security Assuran...

Страница 5: ...THE TOE 22 TABLE 13 THREATS TO USER DATA 23 TABLE 14 THREATS TO TSF DATA 23 TABLE 15 ORGANIZATIONAL SECURITY POLICIES 24 TABLE 16 SECURITY OBJECTIVES FOR THE TOE 25 TABLE 17 SECURITY OBJECTIVES FOR T...

Страница 6: ...Xerox Multi Function Device Security Target WorkCentre 5845 5855 5865 5875 5890 7220 7225 7830 7835 7845 7855 ColorQube 9301 9302 9303 ST Version 2 0 Revision Number 2 0 Publication Date 25 November...

Страница 7: ...Switched Telephone Network PSTN connections and also enables LanFax1 Xerox s Workflow Scanning Accessory is part of the TOE configuration This accessory allows documents to be scanned at the device wi...

Страница 8: ...i Function Device Security Target 8 Copyright 2013 Xerox Corporation All rights reserved Figure 2 Xerox WorkCentre 7220 7225 Figure 3 Xerox WorkCentre 7830 7835 7845 7855 Figure 4 Xerox ColorQube 9301...

Страница 9: ...ry image data consists of the original data submitted and additional files created during a job All partitions of the HDD used for spooling temporary files are encrypted The encryption key is created...

Страница 10: ...card Kerberos and Lightweight Directory Access Protocol LDAP for network authentication 1 2 2 TOE Type The TOE is an MFD that provides copy and print document scanning and optional fax services 1 2 3...

Страница 11: ...etwork Controller WorkCentre 5845 5855 5865 5875 5890 071 190 103 06400 071 193 06410 LL WorkCentre 7220 7225 071 030 103 06400 071 033 06410 LL WorkCentre 7830 7835 071 010 103 06400 071 043 06410 LL...

Страница 12: ...put 1 3 2 Logical Scope of the TOE The logical scope of the TOE includes all software and firmware that are installed on the product see Table 3 The TOE logical boundary is composed of the security fu...

Страница 13: ...TOE may alternatively be configured to use an external authentication store as described by section 1 3 2 3 The TOE enforces administrator defined session timeout periods for the LUI and Web UI 1 3 2...

Страница 14: ..._NET_SEC The TOE supports the following secure communication protocols TLS for Web UI SFTP and TLS for document transfers to the remote file depository IPsec for communication over IPv4 and IPv6 and K...

Страница 15: ...capabilities Network Authorization When configured the printer references an anauthorization server for authorization information such as role for the authenticated user Reprint Saved Jobs The Reprin...

Страница 16: ...ecurity Evaluation Part 3 Security Assurance Components Version 3 1 Revision 3 CCMB 2009 07 003 This ST claims the following CC conformance Part 2 extended Part 3 conformant Evaluation Assurance Level...

Страница 17: ...rity objective for the IT environment OE USER AUTHENTICATED has been added in accordance to application notes 37 42 and 43 from IEEE Std 2600 2 2009 The statement of Security Requirements contains the...

Страница 18: ...ntation Identification and Authentication FIA_UAU 7 The packages shown in Table 6 from IEEE Std 2600 2 2009 have been augmented with additional including iterated SFRs from CC Part 2 Table 6 IEEE Std...

Страница 19: ...TOE security policy TSP Administrators may possess special privileges that provide capabilities to override portions of the TSP This ST specifies U ADMINISTRATOR System Administrator U ADMINISTRATOR A...

Страница 20: ...on TSF Protected Data or protection from both unauthorized disclosure and unauthorized alteration TSF Confidential Data The data assets have been identified and categorized in Table 9 and Table 10 bel...

Страница 21: ...ch physical document input is duplicated to physical document output F FAX Faxing a function in which physical document input is converted to a telephone based document facsimile fax transmission and...

Страница 22: ...ast one input channel and one output channel would be present in any HCD configuration and at least one of those channels would be either an Original Document Handler or a Hardcopy Output Handler 3 2...

Страница 23: ...ts The threats and policies defined in this ST address the threats posed by these threat agents This section describes threats to assets described in section 3 1 2 Table 13 Threats to user data Threat...

Страница 24: ...R AUTHORIZATION To preserve operational accountability and security Users will be authorized to use the TOE only as permitted by the TOE Owner P SOFTWARE VERIFICATION To detect corruption of the execu...

Страница 25: ...Document Data from unauthorized alteration O FUNC NO_ALT The TOE shall protect User Function Data from unauthorized alteration O PROT NO_ALT The TOE shall protect TSF Protected Data from unauthorized...

Страница 26: ...exported from the TOE to another trusted IT product the TOE Owner shall ensure that those records are protected from unauthorized access deletion and modifications OE AUDIT_ACCESS AUTHORIZED If audit...

Страница 27: ...d have the training and competence to follow those policies and procedures OE ADMIN TRAINED The TOE Owner shall ensure that TOE Administrators are aware of the security policies and procedures of thei...

Страница 28: ...olicies and assumptions T DOC DIS X X X X T DOC ALT X X X X T FUNC ALT X X X X T PROT ALT X X X X T CONF DIS X X X X T CONF ALT X X X X P USER AUTHORIZATION X X X P SOFTWARE VERIFICATION X P AUDIT LOG...

Страница 29: ...OE USER AUTHENTICATED establishes alternative remote means for user identification and authentication as the basis for authorization T FUNC ALT User Function Data may be altered by unauthorized perso...

Страница 30: ...stablishes responsibility of the TOE Owner to appropriately grant authorization OE USER AUTHENTICATED establishes alternative remote means for user identification and authentication as the basis for a...

Страница 31: ...ewed O AUDIT LOGGED creates and maintains a log of TOE use and security relevant events and prevents unauthorized disclosure or alteration O AUDIT_STORAGE PROTECTE D protects internal audit records fr...

Страница 32: ...INING Administrators are aware of and trained to follow security policies and procedures OE ADMIN TRAINED establishes responsibility of the TOE Owner to provide appropriate Administrator training A AD...

Страница 33: ...capability for attackers to misuse external interfaces to violate the security of the TOE or devices that are connected to the TOE s external interfaces Therefore direct forwarding of unprocessed dat...

Страница 34: ...nality as a single component that allows specifying the property to disallow direct forwarding and require that only an authorized role can allow this Since this is a function that is quite common for...

Страница 35: ...Xerox Corporation All rights reserved FPT_FDI_EXP 1 1 The TSF shall provide the capability to restrict data received on assignment list of external interfaces from being forwarded without further pro...

Страница 36: ...eet its security objectives e g configuration management testing and vulnerability assessment These requirements are discussed separately within the following subsections 6 1 Conventions All operation...

Страница 37: ...affic to and from that destination Operations Pass network traffic Note The TOE cannot enforce the IP Filtering SFP when it is configured for IPv6 6 2 2 User Access Control SFP The Security Function P...

Страница 38: ...documents U ADMINISTRATOR System Administrator Allowed D FUNC Any Attribute except CPY Modify U NORMAL U ADMINISTRATOR Denied PRT Delete U NORMAL Denied except for his her own documents U ADMINISTRAT...

Страница 39: ...Hence the ST is conformant to IEEE Std 2600 2 2009 Application Note A document D DOC is owned by a User U User if that document was created or submitted to the TOE by that User The only exception are...

Страница 40: ...identified in Table 23 The rest of this section contains a description of each component and any related dependencies Table 23 TOE security functional requirements Functional Component ID Functional...

Страница 41: ...omponents Dependencies FPT_STM 1 Reliable time stamps FAU_GEN 1 1 The TSF shall be able to generate an audit record of the following auditable events Start up and shutdown of the audit functions All a...

Страница 42: ...ole FMT_SMR 1 Minimum None required Changes to the time FPT_STM 1 Minimum None required Failure of the trusted channel functions 2 FTP_ITC 1 Minimum Non required 6 3 1 2 FAU_GEN 2 User identity associ...

Страница 43: ...pendencies FDP_ITC 1 Import of user data without security attributes or FDP_ITC 2 Import of user data with security attributes or FCS_CKM 1 Cryptographic key generation FCS_CKM 4 Cryptographic key des...

Страница 44: ...rate cryptographic keys in accordance with a specified cryptographic key generation algorithm the cryptographic algorithms listed in the Cryptographic Algorithm column of Table 26 and specified crypto...

Страница 45: ...other components Dependencies FDP_ITC 1 Import of user data without security attributes or FDP_ITC 2 Import of user data with security attributes or FCS_CKM 1 Cryptographic key generation FCS_CKM 4 1...

Страница 46: ...bjects and objects controlled under the User Access Control SFP in Table 21 and for each the indicated security attributes in Table 21 FDP_ACF 1 2 USER The TSF shall enforce the following rules to det...

Страница 47: ...ed on the following additional rules none FDP_ACF 1 4 FUNC The TSF shall explicitly deny access of subjects to objects based on the none Application Note This SFR is FDP_ACF 1 b from The IEEE Std 2600...

Страница 48: ...information flow based on the following rules if there are no rules with matching security attributes or if a rule explicitly denies an information flow Application Note When custom rules have not bee...

Страница 49: ...ification Hierarchical to No other components Dependencies No dependencies FIA_UID 1 1 The TSF shall allow job requests to be received via printing protocols on behalf of the user to be performed befo...

Страница 50: ...change_default modify delete read the security attributes all to U ADMINISTRATOR System Administrator Application Note This SFR is FMT_MSA 1 a from The IEEE Std 2600 2 PP 6 3 6 2 FMT_MSA 1 FUNC Manage...

Страница 51: ...l enforce the TOE Function Access Control Policy to provide permissive default values for security attributes that are used to enforce the SFP FMT_MSA 3 2 FUNC The TSF shall allow the U ADMINISTRATOR...

Страница 52: ...archical to No other components Dependencies FMT_SMF 1 Specification of Management Functions FMT_SMR 1 Security Roles FMT_MTD 1 1 KEY The TSF shall restrict the ability to modify delete create the IPs...

Страница 53: ...e 802 1x Enable disable and configure IPsec Configure specify the IP address and or IP address range port and port range for remote trusted IT products presumed allowed to connect to the TOE via the n...

Страница 54: ...in other SFRs 6 3 7 Class FPR Privacy There are no Class FPR security functional requirements for this Security Target 6 3 8 Class FPT Protection of the TSF 6 3 8 1 FPT_STM 1 Reliable time stamps Hie...

Страница 55: ...configurable amount of time in the LUI or on the WebUI 6 3 10 Class FTP Trusted paths channels 6 3 10 1 FTP_ITC 1 Inter TSF trusted channel Hierarchical to No other components Dependencies No dependen...

Страница 56: ...les This extended component as defined in IEEE 2600 2 does not provide a mechanism for specifying authorized identified roles For this reason the authorized identified role that is not included in thi...

Страница 57: ...2 Security objectives ASE_REQ 2 Derived security requirements ASE_SPD 1 Security problem definition ASE_TSS 1 TOE summary specification ATE Tests ATE_COV 1 Evidence of coverage ATE_FUN 1 Functional te...

Страница 58: ...AUTHORIZED O INTERFACE MANAGED O SOFTWARE VERIFIED O AUDIT LOGGED O AUDIT_STORAGE PROTECTED SFRs FAU_GEN 1 P P FAU_GEN 2 P P FAU_STG 1 P FAU_STG 4 P FCS_COP 1 S S S S S S FCS_CKM 1 S S S S S S FCS_CKM...

Страница 59: ...1 MGMT1 P P P FMT_MTD 1 MGMT2 P P P FMT_MTD 1 FILTER P P P FMT_MTD 1 KEY P P P FMT_SMF 1 S S S S S S S FMT_SMR 1 S S S S S S S FPT_STM 1 S S FPT_TST 1 P FPT_FDI_EXP 1 P FTA_SSL 3 P P FTP_ITC 1 P P P...

Страница 60: ...roles O DOC NO_DIS Protection of User Document Data from unauthorized disclosure FDP_RIP 1 Enforces protection by making residual data unavailable O CONF NO_DIS O PROT NO_ALT O CONF NO_ALT Protection...

Страница 61: ...ication FIA_UAU 7 Supports authorization by protecting passwords FIA_UID 1 Enforces authorization by requiring user identification FIA_USB 1 Enforces authorization by distinguishing subject security a...

Страница 62: ...s management of external interfaces by requiring user authentication FIA_UID 1 Enforces management of external interfaces by requiring user identification FTA_SSL 3 Enforces management of external int...

Страница 63: ...f relevant events FPT_STM 1 Supports audit policies by requiring time stamps associated with events O AUDIT_STORA GE PROTECTED Logging and authorized access to audit events FAU_GEN 1 Enforces audit po...

Страница 64: ...escribe Hardcopy Devices used in commercial information processing environments that require a moderate level of document security network security and security assurance The TOE environment will be e...

Страница 65: ...ncies and whether the dependency was satisfied Table 31 SFR dependencies satisfied Functional Component Dependency ies Satisfied FAU_GEN 1 FPT_STM 1 Yes FAU_GEN 2 FAU_GEN 1 Yes FIA_UID 1 Yes FAU_STG 1...

Страница 66: ...T_MSA 3 FUNC FMT_MSA 1 Yes FMT_MSA 1 FUNC FMT_SMR 1 Yes FMT_MTD 1 MGMT1 FMT_SMF 1 Yes FMT_SMR 1 Yes FMT_MTD 1 MGMT2 FMT_SMF 1 Yes FMT_SMR 1 Yes 3 The dependency of FDP_IFF 1 FILTER on FMT_MSA 3 is not...

Страница 67: ..._FLR 3 SAR dependencies satisfied Assurance Component ID Dependencies Satisfied ADV_ARC 1 ADV_FSP 1 ADV_TDS 1 Yes hierarchically Yes ADV_FSP 2 ADV_TDS 1 Yes ADV_TDS 1 ADV_FSP 2 Yes AGD_OPE 1 ADV_FSP 1...

Страница 68: ...ASE_ECD 1 None ASE_INT 1 None ASE_OBJ 2 ASE_SPD 1 Yes ASE_REQ 2 ASE_ECD 1 ASE_OBJ 2 Yes Yes ASE_SPD 1 None ASE_TSS 1 ADV_FSP 1 ASE_INT 1 ASE_REQ 1 Yes hierarchically Yes Yes hierarchically ATE_COV 1...

Страница 69: ...Protection Disk Encryption TSF_FDP_UDE 7 1 1 Image Overwrite TSF_IOW FDP_RIP 1 The TOE implements an image overwrite security function using a three pass overwrite procedure consistent with U S Depar...

Страница 70: ...W FPT_FDI_EXP 1 The only physical shared medium interface of the TOE is the network interface The TOE controls and restricts the data information flow from the LUI document scanner and document feeder...

Страница 71: ...must authenticate by entering a username and password prior to being granted access to the LUI or the Web UI While the user is typing the password the TOE obscures each character entered Upon successf...

Страница 72: ...able events The time reference is hardware based CPU clock The system administrator must set the time The audit log tracks user identification and authentication system administrator actions and failu...

Страница 73: ...ol policy based on a configurable rule set The information flow control policy IPFilter SFP is defined by the system administrator through specifying a series of rules to accept deny or drop packets T...

Страница 74: ...can only be canceled deleted during its execution Once completed the job is removed 7 1 10 4 Print Print jobs can be submitted remotely via printing protocols e g lpr port 9100 or from the WebUI Print...

Страница 75: ...ead or deleted D DOC faxOUT Read Delete Once a job is submitted only a system administrator can delete the job before it is fully completed in the case of delayed send for example D FUNC faxOUT Delete...

Страница 76: ...orporation All rights reserved loaded is compared to the expected software version number any corruption of this data will be reported The system administrator can verify the integrity of the TOE soft...

Страница 77: ...cation Security measure that verifies a claimed identity Authentication data Information used to verify a claimed identity Authorization Permission granted by an entity authorized to do so to perform...

Страница 78: ...ion operations that protect and defend information and information systems by ensuring their availability integrity authentication confidentiality and non repudiation This includes providing for resto...

Страница 79: ...ecurity Target Private medium interface Mechanism for exchanging data that 1 use wired or wireless electronic methods over a communications medium which in conventional practice is not accessed by mul...

Страница 80: ...y of the TOE TSF Protected Data Assets for which alteration by a User who is not an Administrator or the owner of the data would have an effect on the operational security of the TOE but for which dis...

Страница 81: ...Host Configuration Protocol DIS Disclosure DSR Document Storage And Retrieval EAL Evaluation Assurance Level EIP Extensible Interface Platform FIPS Federal Information Processing Standard HCD Hardcopy...

Страница 82: ...cation PPM Page Per Minute PP Protection Profile PRT Print PSTN Public Switched Telephone Network SCN Scan SFP Security Function Policy SFR Security Functional Requirement SMI Shared Medium Interface...

Страница 83: ...neral Model B2 Common Methodology for Information Technology Security Evaluation Version 3 1 Release 3 Evaluation Methodology B3 IEEE Std 100 The Authoritative Dictionary of IEEE Standards Terms Seven...

Отзывы:

Нет отзывов

Похожие инструкции для WorkCentre 5845

Бренд: quadient Страницы: 130

WorkCentre Pro 421

Бренд: Xerox Страницы: 4

WorkCentre Pro 412

Бренд: Xerox Страницы: 212

WORKCENTRE PE 220

Бренд: Xerox Страницы: 8

WORKCENTRE PE 220

Бренд: Xerox Страницы: 2

WORKCENTRE PE 220

Бренд: Xerox Страницы: 200

WorkCentre m940

Бренд: Xerox Страницы: 86

Бренд: Xerox Страницы: 24

WorkCentre PE16

Бренд: Xerox Страницы: 201

WorkCentre M24 Color

Бренд: Xerox Страницы: 441

WORKCENTRE C2424

Бренд: Xerox Страницы: 2

WorkCentre M118

Бренд: Xerox Страницы: 5

WORKCENTRE C2424

Бренд: Xerox Страницы: 16

WORKCENTRE C2424

Бренд: Xerox Страницы: 20

WORKCENTRE C2424

Бренд: Xerox Страницы: 25

2006NPC - DocuColor Color Laser

Бренд: Xerox Страницы: 4

WorkCentre XK50cx

Бренд: Xerox Страницы: 90

Бренд: Duplo Страницы: 123

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды