Security Target
Page 18
.... The person who is selected as an Administrator. These functions are one or more Administrators. Copyright (c) 2009,2010 RICOH COMPANY, LTD. A default Supervisor is registered for the TOE. One Administrator is registered and is assigned all four Administrator Roles at the factory... Customer Engineer A Customer Engineer (hereafter called CE) is an expert in Figure 3. One Supervisor is registered for the TOE at the factory default. This chapter describes the "Basic Functions", which counters the threats of the TOE. Table 2 describes the Administrator jobs for the users, and ...
.... The person who is selected as an Administrator. These functions are one or more Administrators. Copyright (c) 2009,2010 RICOH COMPANY, LTD. A default Supervisor is registered for the TOE. One Administrator is registered and is assigned all four Administrator Roles at the factory... Customer Engineer A Customer Engineer (hereafter called CE) is an expert in Figure 3. One Supervisor is registered for the TOE at the factory default. This chapter describes the "Basic Functions", which counters the threats of the TOE. Table 2 describes the Administrator jobs for the users, and ...
Security Target
Page 24
...to newly create, change Administrator IDs and passwords. The relation between user roles and authorised operations is set to the Document Data Default ACL. 2. Security Management Function The Security Management Function is used to allow the specific users to register and delete Administrators, to... for the Document Data ACL, deleting Document File Users who are allowed to change and delete General User Copyright (c) 2009,2010 RICOH COMPANY, LTD. In addition, if Administrators delete all such Administrator Roles are required to have full control permissions on Document Data....
...to newly create, change Administrator IDs and passwords. The relation between user roles and authorised operations is set to the Document Data Default ACL. 2. Security Management Function The Security Management Function is used to allow the specific users to register and delete Administrators, to... for the Document Data ACL, deleting Document File Users who are allowed to change and delete General User Copyright (c) 2009,2010 RICOH COMPANY, LTD. In addition, if Administrators delete all such Administrator Roles are required to have full control permissions on Document Data....
Security Target
Page 38
... binding of user security attributes to a subject (e.g. Newly creating authentication information of General Users (Outcome: Success/Failure) 3. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Adding and deleting Administrator Roles 2. Page 38 of 83 Functional Requirements FIA_SOS.1 FIA_UAU.2 FIA_UAU.7 FIA_UID.2 FIA_USB.1 FMT_MSA.1 FMT_MSA.3... attributes to a subject (e.g. Changing authentication information of General Users. 2. a) Basic: Modifications of the default setting of the authentication mechanism. b) Basic: All use of permissive or restrictive rules.
... binding of user security attributes to a subject (e.g. Newly creating authentication information of General Users (Outcome: Success/Failure) 3. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Adding and deleting Administrator Roles 2. Page 38 of 83 Functional Requirements FIA_SOS.1 FIA_UAU.2 FIA_UAU.7 FIA_UID.2 FIA_USB.1 FMT_MSA.1 FMT_MSA.3... attributes to a subject (e.g. Changing authentication information of General Users. 2. a) Basic: Modifications of the default setting of the authentication mechanism. b) Basic: All use of permissive or restrictive rules.
Security Target
Page 42
....3 Static attribute initialization. Dependencies: FDP_ACF.1 Security attribute based access control. Administrator IDs - Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 9: Subjects, Objects and Security Attributes㩷 Types Subjects or objects Security attributes Subject Administrator process - Document Data Default ACL Object Document Data - Document Data ACL 㩷 FDP_ACF.1.2 The TSF shall enforce the following...
....3 Static attribute initialization. Dependencies: FDP_ACF.1 Security attribute based access control. Administrator IDs - Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 9: Subjects, Objects and Security Attributes㩷 Types Subjects or objects Security attributes Subject Administrator process - Document Data Default ACL Object Document Data - Document Data ACL 㩷 FDP_ACF.1.2 The TSF shall enforce the following...
Security Target
Page 43
...access When the File Administrator is included in Table 11]. All Rights Reserved. FDP_IFC.1 Subset information flow control Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 11: Rules Governing Access Explicitly Subject Administrator process Operations on the following additional rules: [assignment: rules that ... is copied to the Document Data ACL associated with the storing Document Data when storing the Document Data. The Document Data Default ACL associated with General User process is allowed to delete all Document Data stored in the Document Data ACL, associated with ...
...access When the File Administrator is included in Table 11]. All Rights Reserved. FDP_IFC.1 Subset information flow control Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 11: Rules Governing Access Explicitly Subject Administrator process Operations on the following additional rules: [assignment: rules that ... is copied to the Document Data ACL associated with the storing Document Data when storing the Document Data. The Document Data Default ACL associated with General User process is allowed to delete all Document Data stored in the Document Data ACL, associated with ...
Security Target
Page 46
... authentication before any action Hierarchical to: FIA_UAU.1 Timing of secrets Hierarchical to individual users: [assignment: General User IDs, Document Data Default ACL, Administrator IDs, Administrator Roles and Supervisor ID]. Dependencies: No dependencies. FMT_MTD.1 defines the relation between the Locked out Users... to register the passwords composed of a combination of the Locked out Users can release Locked out Users. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Also, as a special lockout release, if Administrators (all Administrator Roles) and a Supervisor are locked out, ...
... authentication before any action Hierarchical to: FIA_UAU.1 Timing of secrets Hierarchical to individual users: [assignment: General User IDs, Document Data Default ACL, Administrator IDs, Administrator Roles and Supervisor ID]. Dependencies: No dependencies. FMT_MTD.1 defines the relation between the Locked out Users... to register the passwords composed of a combination of the Locked out Users can release Locked out Users. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Also, as a special lockout release, if Administrators (all Administrator Roles) and a Supervisor are locked out, ...
Security Target
Page 47
... Subjects General User process Administrator process Supervisor process Security attributes of that user: [assignment: General User IDs, Document Data Default ACL, Administrator IDs, Administrator Roles and Supervisor ID]. Page 47 of 83 Dependencies: FIA_UID.1 Timing of authentication. FIA_UID.2... behalf of user security attributes with subjects acting on authentication feedback] to the user security attributes Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: No dependencies. FIA_USB.1.1 The TSF shall associate the following rules on the initial association of ...
... Subjects General User process Administrator process Supervisor process Security attributes of that user: [assignment: General User IDs, Document Data Default ACL, Administrator IDs, Administrator Roles and Supervisor ID]. Page 47 of 83 Dependencies: FIA_UID.1 Timing of authentication. FIA_UID.2... behalf of user security attributes with subjects acting on authentication feedback] to the user security attributes Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: No dependencies. FIA_USB.1.1 The TSF shall associate the following rules on the initial association of ...
Security Target
Page 48
... full control operation permission for the applicable Document Data - Supervisor - Supervisor - Administrators who create the applicable Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 17: Management Roles of Security Attributes㩷 Security attributes General User IDs (a data item of modify User ...SFP] to restrict the ability to [selection: query, modify, delete, [assignment: newly create, change Query, modify Document Data Default Query, ACL (a data item of General User Information) Administrator IDs Administrator Roles Supervisor ID Document Data ACL Operations Query, newly ...
... full control operation permission for the applicable Document Data - Supervisor - Supervisor - Administrators who create the applicable Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 17: Management Roles of Security Attributes㩷 Security attributes General User IDs (a data item of modify User ...SFP] to restrict the ability to [selection: query, modify, delete, [assignment: newly create, change Query, modify Document Data Default Query, ACL (a data item of General User Information) Administrator IDs Administrator Roles Supervisor ID Document Data ACL Operations Query, newly ...
Security Target
Page 49
...: No other components. FMT_MSA.3.1 The TSF shall enforce the [assignment: MFP access control SFP] to provide default values [selection: specified as the Document Data Default ACL for security attributes that are used to [assignment: roles in Table 19]. Table 19: List of ... alternative initial values to [selection: query, modify, delete, [assignment: register, change , delete User roles User Administrator Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: FMT_MSA.1 Management of Management Functions. This value can be set in advance as shown in Table 19] to enforce the...
...: No other components. FMT_MSA.3.1 The TSF shall enforce the [assignment: MFP access control SFP] to provide default values [selection: specified as the Document Data Default ACL for security attributes that are used to [assignment: roles in Table 19]. Table 19: List of ... alternative initial values to [selection: query, modify, delete, [assignment: register, change , delete User roles User Administrator Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: FMT_MSA.1 Management of Management Functions. This value can be set in advance as shown in Table 19] to enforce the...
Security Target
Page 53
...of system clock, time (hour, minute Copyright (c) 2009,2010 RICOH COMPANY, LTD. b) Administrators can interact with the security attributes. Allows General Users to modify the Document Data Default ACL of roles that can specify the initial settings. Date of ... FIA_USB.1 FMT_MSA.1 FMT_MSA.3 FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 Management requirements Page 53 of Administrator Roles by Administrators. a) None: The default subject security attributes cannot be defined. b) None: No rules by which security attributes inherit specified values. a) None: No groups of...
...of system clock, time (hour, minute Copyright (c) 2009,2010 RICOH COMPANY, LTD. b) Administrators can interact with the security attributes. Allows General Users to modify the Document Data Default ACL of roles that can specify the initial settings. Date of ... FIA_USB.1 FMT_MSA.1 FMT_MSA.3 FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 Management requirements Page 53 of Administrator Roles by Administrators. a) None: The default subject security attributes cannot be defined. b) None: No rules by which security attributes inherit specified values. a) None: No groups of...
Security Target
Page 60
...to query and set the Number of Attempts before Lockout, Setting for Lockout Release Timer, Lockout time, and Lockout Flag for the default value of security attributes. Page 60 of 83 Document Data ACL of each General User ID in Table 23 being appropriate to query ...General User IDs, - O. Administrators to query, newly create, and change S/MIME User Information, Copyright (c) 2009,2010 RICOH COMPANY, LTD. FMT_MSA.3 sets a specified value for Supervisor, to query and modify its Document Data ACL, and - All Rights Reserved. The User ...
...to query and set the Number of Attempts before Lockout, Setting for Lockout Release Timer, Lockout time, and Lockout Flag for the default value of security attributes. Page 60 of 83 Document Data ACL of each General User ID in Table 23 being appropriate to query ...General User IDs, - O. Administrators to query, newly create, and change S/MIME User Information, Copyright (c) 2009,2010 RICOH COMPANY, LTD. FMT_MSA.3 sets a specified value for Supervisor, to query and modify its Document Data ACL, and - All Rights Reserved. The User ...
Security Target
Page 69
...and passwords entered into the TOE by the user role. When a user ID's consecutive numbers of times of failure Copyright (c) 2009,2010 RICOH COMPANY, LTD. The following are the explanations of each process with the user IDs and passwords that role, and maintains those bindings and...When the user is an Administrator, the TOE binds the Administrator with Administrator process, associates Administrator process with General User ID and Document Data Default ACL, and maintains those bindings and associations. When the user is a General User, the TOE binds the General User with General User...
...and passwords entered into the TOE by the user role. When a user ID's consecutive numbers of times of failure Copyright (c) 2009,2010 RICOH COMPANY, LTD. The following are the explanations of each process with the user IDs and passwords that role, and maintains those bindings and...When the user is an Administrator, the TOE binds the Administrator with Administrator process, associates Administrator process with General User ID and Document Data Default ACL, and maintains those bindings and associations. When the user is a General User, the TOE binds the General User with General User...
Security Target
Page 72
... Reserved. Document Data. Table 30 shows the relation between operations on the Document Data ACL and the authorised users for Document Data ACL Document Data Default ACL From the above , FDP_ACC.1 (Subset access control) and FDP_ACF.1 (Security attribute based access control) are accomplished. 7.1.4 SF.SEC_MNG Security Management Function The TOE provides... Document Data Document Data stored by File Administrator If the login user from the Operation Panel or Web Service Function. File Administrator Copyright (c) 2009,2010 RICOH COMPANY, LTD.
... Reserved. Document Data. Table 30 shows the relation between operations on the Document Data ACL and the authorised users for Document Data ACL Document Data Default ACL From the above , FDP_ACC.1 (Subset access control) and FDP_ACF.1 (Security attribute based access control) are accomplished. 7.1.4 SF.SEC_MNG Security Management Function The TOE provides... Document Data Document Data stored by File Administrator If the login user from the Operation Panel or Web Service Function. File Administrator Copyright (c) 2009,2010 RICOH COMPANY, LTD.
Security Target
Page 74
...Information Management of General User Information allows the specific users to perform the all or some of General Users, Document Data Default ACL and S/MIME User Information. All Rights Reserved. Table 32: Authorised Operations on General User Information Operations on Administrator Information...operators Page 74 of General Users, Document Authorised operators User Administrator User Administrator The General User themselves Copyright (c) 2009,2010 RICOH COMPANY, LTD. If the login user is the Administrator or Supervisor, the TOE allows the Administrator/Supervisor to change ...
...Information Management of General User Information allows the specific users to perform the all or some of General Users, Document Data Default ACL and S/MIME User Information. All Rights Reserved. Table 32: Authorised Operations on General User Information Operations on Administrator Information...operators Page 74 of General Users, Document Authorised operators User Administrator User Administrator The General User themselves Copyright (c) 2009,2010 RICOH COMPANY, LTD. If the login user is the Administrator or Supervisor, the TOE allows the Administrator/Supervisor to change ...
Security Target
Page 75
... Machine Administrator Machine Administrator User Administrator Operation interfaces Web Service Function Web Service Function Web Service Function Operation Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved. The TOE allows the specific users to set Machine Control Data from the specific operation interfaces... newly creating the General User information, the newly created General User ID is set to the value for the Document Data Default ACL as the Document File Owner, and the authorised operations on Document Data of that General User are accomplished. 7.1.4.5 Management...
... Machine Administrator Machine Administrator User Administrator Operation interfaces Web Service Function Web Service Function Web Service Function Operation Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved. The TOE allows the specific users to set Machine Control Data from the specific operation interfaces... newly creating the General User information, the newly created General User ID is set to the value for the Document Data Default ACL as the Document File Owner, and the authorised operations on Document Data of that General User are accomplished. 7.1.4.5 Management...
Security Target
Page 81
...authorised TOE users who manages the TOE. The data items include the General User ID, General User Authentication Information, Document Data Default ACL, and S/MIME User Information. Networks that are not managed by Administrators. Each Administrator Role is taken into client PC...according to identify and authenticate the Administrator. The Administrators or Supervisor who prints out that manages the MFP. Copyright (c) 2009,2010 RICOH COMPANY, LTD. A database containing the information about the General Users as duplex and layout). When this setting is inactive, ...
...authorised TOE users who manages the TOE. The data items include the General User ID, General User Authentication Information, Document Data Default ACL, and S/MIME User Information. Networks that are not managed by Administrators. Each Administrator Role is taken into client PC...according to identify and authenticate the Administrator. The Administrators or Supervisor who prints out that manages the MFP. Copyright (c) 2009,2010 RICOH COMPANY, LTD. A database containing the information about the General Users as duplex and layout). When this setting is inactive, ...
Security Target
Page 82
... One of the data items of the Document Data. 8.2 Reference The following operations. 1. The default value that faxes Document Data previously stored in D-BOX. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Electronic data that manages machines and plays the role of performing the audit. All... Print Function Stored Documents Fax Transmission Direct Print Function Immediate Transmission Internal Networks Document File Owner Document Data Document Data Default ACL Document Data ACL File Administration Document File User Page 82 of 83 Definitions One of the Administrator Roles that ...
... One of the data items of the Document Data. 8.2 Reference The following operations. 1. The default value that faxes Document Data previously stored in D-BOX. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Electronic data that manages machines and plays the role of performing the audit. All... Print Function Stored Documents Fax Transmission Direct Print Function Immediate Transmission Internal Networks Document File Owner Document Data Document Data Default ACL Document Data ACL File Administration Document File User Page 82 of 83 Definitions One of the Administrator Roles that ...