Security Target
Page 14
..., animation, PCL, OptionPCLFont, LANG0, and LANG1. Fax Unit The Fax Unit is a non-volatile memory medium. It stores documents, login user names and login passwords of 93 and digital signature. Copyright (c) 2011 RICOH COMPANY, LTD. The Operation Panel Control Software performs the following software components are included in the Engine Control Board. HDD...
..., animation, PCL, OptionPCLFont, LANG0, and LANG1. Fax Unit The Fax Unit is a non-volatile memory medium. It stores documents, login user names and login passwords of 93 and digital signature. Copyright (c) 2011 RICOH COMPANY, LTD. The Operation Panel Control Software performs the following software components are included in the Engine Control Board. HDD...
Security Target
Page 20
...be used. According to manage stored documents. Authorised to its roles, the administrator can use the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. Therefore, the different roles of network settings. This privilege allows configuration of normal users, administrators, and ... Supervisor User management privilege Machine management privilege Network management privilege File management privilege Explanation Authorised to delete and register the login password of the TOE via RC Gate communication interface. This privilege allows configuration of device settings and view of stored...
...be used. According to manage stored documents. Authorised to its roles, the administrator can use the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. Therefore, the different roles of network settings. This privilege allows configuration of normal users, administrators, and ... Supervisor User management privilege Machine management privilege Network management privilege File management privilege Explanation Authorised to delete and register the login password of the TOE via RC Gate communication interface. This privilege allows configuration of device settings and view of stored...
Security Target
Page 26
... user will be required to enter his or her login user name and login password so that the lockout function can be enabled and login password quality can be enabled using the Operation Panel.... Panel or a Web browser, a user will be required to enter his or her login user name and login password received from a Web browser, printer/fax driver, and RC Gate. Page 25 ...This function includes protection functions for the authentication feedback area, where dummy characters are displayed if a login password is to specify the URL for each user. It allows user's operation on the user...
... user will be required to enter his or her login user name and login password so that the lockout function can be enabled and login password quality can be enabled using the Operation Panel.... Panel or a Web browser, a user will be required to enter his or her login user name and login password received from a Web browser, printer/fax driver, and RC Gate. Page 25 ...This function includes protection functions for the authentication feedback area, where dummy characters are displayed if a login password is to specify the URL for each user. It allows user's operation on the user...
Security Target
Page 28
...is stored in the TOE. In this ST, "confidential data", listed below , is referred to as "TSF protected data". Login user name, Number of Attempts before Lockout, settings for This ST For clear understanding of specific terms. Terms MFP Control Software ...Table 10 : Specific Terms Related to the public. Copyright (c) 2011 RICOH COMPANY, LTD. Login password, audit log, and HDD cryptographic key. 1.4.5.3. Table 9 defines TSF data according to restrictions. 1.5 Glossary 1.5.1 Glossary for Lockout...
...is stored in the TOE. In this ST, "confidential data", listed below , is referred to as "TSF protected data". Login user name, Number of Attempts before Lockout, settings for This ST For clear understanding of specific terms. Terms MFP Control Software ...Table 10 : Specific Terms Related to the public. Copyright (c) 2011 RICOH COMPANY, LTD. Login password, audit log, and HDD cryptographic key. 1.4.5.3. Table 9 defines TSF data according to restrictions. 1.5 Glossary 1.5.1 Glossary for Lockout...
Security Target
Page 29
..., +SCN, +CPY, +FAXOUT, +FAXIN, and +DSR. One of behaviour to end. The minimum number of 93 Terms Login user name Login password Lockout Auto logout Minimum Character No. The TOE authenticates TOE users by using the client computer. External Authentication implemented in the ... names and the login passwords registered on the TOE. If a user job is attempted from the client computer, or documents stored in the TOE includes Windows Authentication, LDAP Authentication, and Integration Server Authentication. Copyright (c) 2011 RICOH COMPANY, LTD. Auto logout time for identification and...
..., +SCN, +CPY, +FAXOUT, +FAXIN, and +DSR. One of behaviour to end. The minimum number of 93 Terms Login user name Login password Lockout Auto logout Minimum Character No. The TOE authenticates TOE users by using the client computer. External Authentication implemented in the ... names and the login passwords registered on the TOE. If a user job is attempted from the client computer, or documents stored in the TOE includes Windows Authentication, LDAP Authentication, and Integration Server Authentication. Copyright (c) 2011 RICOH COMPANY, LTD. Auto logout time for identification and...
Security Target
Page 30
...the document data attributes. One of the document data attributes. Document stored in the TOE by using Printer Function. A list of the login user names of use. Classification of stored documents according to their purpose of the normal users whose access to documents is authorised, and it...Fax Function, and those stored using Scanner Function. The Operation Panel is assigned as an attribute of the stored document types. Copyright (c) 2011 RICOH COMPANY, LTD. One of the stored document types. Documents stored in the TOE so that normal users are authorised to operate the TOE....
...the document data attributes. One of the document data attributes. Document stored in the TOE by using Printer Function. A list of the login user names of use. Classification of stored documents according to their purpose of the normal users whose access to documents is authorised, and it...Fax Function, and those stored using Scanner Function. The Operation Panel is assigned as an attribute of the stored document types. Copyright (c) 2011 RICOH COMPANY, LTD. One of the stored document types. Documents stored in the TOE so that normal users are authorised to operate the TOE....
Security Target
Page 37
... alteration Documents under the TOE management may be disclosed to persons without a login user name, or to persons with a login user name but without an access permission to the document. Copyright (c) 2011 RICOH COMPANY, LTD. T.CONF.ALT Alteration of TSF confidential data TSF Confidential Data... under the TOE management may be altered by persons without a login user name, or by persons with a login user name but without an access permission ...
... alteration Documents under the TOE management may be disclosed to persons without a login user name, or to persons with a login user name but without an access permission to the document. Copyright (c) 2011 RICOH COMPANY, LTD. T.CONF.ALT Alteration of TSF confidential data TSF Confidential Data... under the TOE management may be altered by persons without a login user name, or by persons with a login user name but without an access permission ...
Security Target
Page 40
...O.PROT.NO_ALT Protection of document disclosure The TOE shall protect documents from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the document. O.DOC.NO_DIS Protection of TSF protected data ...The TOE shall protect user jobs from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to the job. Copyright (c) 2011 RICOH COMPANY, LTD. O.FUNC.NO_ALT Protection of Operational Environment and Security Objectives ...
...O.PROT.NO_ALT Protection of document disclosure The TOE shall protect documents from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the document. O.DOC.NO_DIS Protection of TSF protected data ...The TOE shall protect user jobs from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to the job. Copyright (c) 2011 RICOH COMPANY, LTD. O.FUNC.NO_ALT Protection of Operational Environment and Security Objectives ...
Security Target
Page 44
...the security policies and procedures of their organisation. By O.DOC.NO_ALT, the TOE protects the documents from unauthorised alteration by persons without a login user name, or by these objectives. By O.USER.AUTHORIZED, the TOE requires identification and authentication of users, and users are authorised ...users who follow the security policies and procedures of their organisation. By O.PROT.NO_ALT, the TOE protects the TSF protected Copyright (c) 2011 RICOH COMPANY, LTD. By OE.USER.AUTHORIZED, the responsible manager of MFP gives the authority to use the TOE to use the TOE....
...the security policies and procedures of their organisation. By O.DOC.NO_ALT, the TOE protects the documents from unauthorised alteration by persons without a login user name, or by these objectives. By O.USER.AUTHORIZED, the TOE requires identification and authentication of users, and users are authorised ...users who follow the security policies and procedures of their organisation. By O.PROT.NO_ALT, the TOE protects the TSF protected Copyright (c) 2011 RICOH COMPANY, LTD. By OE.USER.AUTHORIZED, the responsible manager of MFP gives the authority to use the TOE to use the TOE....
Security Target
Page 45
...the TSF confidential data. By O.CONF.NO_ALT, the TOE protects the TSF confidential data from unauthorised alteration by persons without a login user name, or by these objectives. P.USER.AUTHORIZATION P.USER.AUTHORIZATION is countered by these objectives. P.USER.AUTHORIZATION is countered ..., the TOE requires identification and authentication of 93 data from unauthorised disclosure by persons without a login user name, or by these objectives. Copyright (c) 2011 RICOH COMPANY, LTD. Page 44 of users, and users are authorised in accordance with the security ...
...the TSF confidential data. By O.CONF.NO_ALT, the TOE protects the TSF confidential data from unauthorised alteration by persons without a login user name, or by these objectives. P.USER.AUTHORIZATION P.USER.AUTHORIZATION is countered by these objectives. P.USER.AUTHORIZATION is countered ..., the TOE requires identification and authentication of 93 data from unauthorised disclosure by persons without a login user name, or by these objectives. Copyright (c) 2011 RICOH COMPANY, LTD. Page 44 of users, and users are authorised in accordance with the security ...
Security Target
Page 50
...security functional requirements for fulfilling the security objectives defined in the PP/ST, [assignment: types of job for FDP_ACF.1(a), all login user names that are not defined in CC Part2 are quoted from the extended security functional requirements defined in the PP ...Protection Profile in the CC Part2. Dependencies: FPT_STM.1 Reliable time stamps FAU_GEN.1.1 The TSF shall be able to Original: Copyright (c) 2011 RICOH COMPANY, LTD. Table 12 : List of communication with assignment and selection defined in Table 12]. The security functional requirements that attempted the...
...security functional requirements for fulfilling the security objectives defined in the PP/ST, [assignment: types of job for FDP_ACF.1(a), all login user names that are not defined in CC Part2 are quoted from the extended security functional requirements defined in the PP ...Protection Profile in the CC Part2. Dependencies: FPT_STM.1 Reliable time stamps FAU_GEN.1.1 The TSF shall be able to Original: Copyright (c) 2011 RICOH COMPANY, LTD. Table 12 : List of communication with assignment and selection defined in Table 12]. The security functional requirements that attempted the...
Security Target
Page 51
...sending document data by the SFP. b) Basic: All requests to folder. - b) Basic: Success and failure of login operation b) Basic: Success and failure of login operation b) Basic: Success and failure of storing document data. - b) Basic: All use of the authentication mechanism; ...Start and end operation of Copyright (c) 2011 RICOH COMPANY, LTD. Page 50 of 93 FDP_ACF.1(b) FIA_UAU.1(a) FIA_UAU.1(b) FIA_UAU.2 perform ...
...sending document data by the SFP. b) Basic: All requests to folder. - b) Basic: Success and failure of login operation b) Basic: Success and failure of login operation b) Basic: Success and failure of storing document data. - b) Basic: All use of the authentication mechanism; ...Start and end operation of Copyright (c) 2011 RICOH COMPANY, LTD. Page 50 of 93 FDP_ACF.1(b) FIA_UAU.1(a) FIA_UAU.1(b) FIA_UAU.2 perform ...
Security Target
Page 52
...target of all trusted channel functions. d) Basic: Identification of the initiator and target of failed trusted channel functions. login operation b) Basic: Success and failure of the trusted channel functions. Also includes the user identification that is required ...: Success and failure of the management functions. All rights reserved. b) Basic: Success and failure of login operation a) Minimal: Record of 93 authentication mechanism; Copyright (c) 2011 RICOH COMPANY, LTD. FIA_UID.1(a) FIA_UID.1(b) FIA_UID.2 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FTA_SSL.3 FTP_ITC.1 Page 51 of ...
...target of all trusted channel functions. d) Basic: Identification of the initiator and target of failed trusted channel functions. login operation b) Basic: Success and failure of the trusted channel functions. Also includes the user identification that is required ...: Success and failure of the management functions. All rights reserved. b) Basic: Success and failure of login operation a) Minimal: Record of 93 authentication mechanism; Copyright (c) 2011 RICOH COMPANY, LTD. FIA_UID.1(a) FIA_UID.1(b) FIA_UID.2 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FTA_SSL.3 FTP_ITC.1 Page 51 of ...
Security Target
Page 55
...data - Normal user process - All rights reserved. RC Gate process - MFP administrator process - User role Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation FDP_ACF.1.1(a) The TSF shall enforce the [assignment: ... list of subjects, objects, and operations among Subjects and Objects (a) Subjects Objects Operations - RC Gate process - MFP application - Login user name of Subjects, Objects, and Operations among Subjects and Objects (b) Subjects Object Operation - User role - User jobs - ...
...data - Normal user process - All rights reserved. RC Gate process - MFP administrator process - User role Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation FDP_ACF.1.1(a) The TSF shall enforce the [assignment: ... list of subjects, objects, and operations among Subjects and Objects (a) Subjects Objects Operations - RC Gate process - MFP application - Login user name of Subjects, Objects, and Operations among Subjects and Objects (b) Subjects Object Operation - User role - User jobs - ...
Security Target
Page 56
... - However, it is allowed for normal user process that created the document data. However, it is allowed for normal user process with login user name of 93 - Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Not allowed. Document user list - However, it is allowed for normal user process that created the document...
... - However, it is allowed for normal user process that created the document data. However, it is allowed for normal user process with login user name of 93 - Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Not allowed. Document user list - However, it is allowed for normal user process that created the document...
Security Target
Page 57
...additional rules: [assignment: rules to control Operations Allows. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Not allowed. FDP_ACF.1.3(a) The TSF shall explicitly authorise access of normal user registered on document ... of normal user registered on document user list for document data. However, it is allowed for normal user process with login user name of subjects to objects based on the following additional rules: [assignment: deny the operations on Document Data and...
...additional rules: [assignment: rules to control Operations Allows. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Not allowed. FDP_ACF.1.3(a) The TSF shall explicitly authorise access of normal user registered on document ... of normal user registered on document user list for document data. However, it is allowed for normal user process with login user name of subjects to objects based on the following additional rules: [assignment: deny the operations on Document Data and...
Security Target
Page 58
... role - FDP_RIP.1.1 The TSF shall ensure that the Fax Reception Function operated using administrator permission is surely permitted]. Copyright (c) 2011 RICOH COMPANY, LTD. FDP_ACF.1.3(b) The TSF shall explicitly authorise access of normal user - User role - Login user name of subjects to objects based on the following objects: [assignment: user documents]. User role -
... role - FDP_RIP.1.1 The TSF shall ensure that the Fax Reception Function operated using administrator permission is surely permitted]. Copyright (c) 2011 RICOH COMPANY, LTD. FDP_ACF.1.3(b) The TSF shall explicitly authorise access of normal user - User role - Login user name of subjects to objects based on the following objects: [assignment: user documents]. User role -
Security Target
Page 60
... Table 24 : List of Security Attributes for password complexity setting. User role FIA_SOS.1 Verification of Security Attributes - Copyright (c) 2011 RICOH COMPANY, LTD. Available function list - The MFP administrator specifies either Level 1 or Level 2 for Each User That Shall Be ... number specified by MFP administrator (8-32 characters) and no more than 128 characters. User role - User role - Dependencies: No dependencies. Login user name of normal user - FIA_SOS.1.1 The TSF shall provide a mechanism to verify that are composed of a combination of the user ...
... Table 24 : List of Security Attributes for password complexity setting. User role FIA_SOS.1 Verification of Security Attributes - Copyright (c) 2011 RICOH COMPANY, LTD. Available function list - The MFP administrator specifies either Level 1 or Level 2 for Each User That Shall Be ... number specified by MFP administrator (8-32 characters) and no more than 128 characters. User role - User role - Dependencies: No dependencies. Login user name of normal user - FIA_SOS.1.1 The TSF shall provide a mechanism to verify that are composed of a combination of the user ...
Security Target
Page 62
...process - FIA_UID.2.1 The TSF shall require each user to : FIA_UID.1Timing of identification Dependencies: No dependencies. Login user name of MFP administrator - Login user name of normal user - FIA_UID.2 User identification before action Hierarchical to be performed before allowing other components... behalf of a person who intends to be successfully identified before allowing other components. Copyright (c) 2011 RICOH COMPANY, LTD. FIA_UID.1.2(b) The TSF shall require each user to be successfully identified (refinement: identification of that user. All...
...process - FIA_UID.2.1 The TSF shall require each user to : FIA_UID.1Timing of identification Dependencies: No dependencies. Login user name of MFP administrator - Login user name of normal user - FIA_UID.2 User identification before action Hierarchical to be performed before allowing other components... behalf of a person who intends to be successfully identified before allowing other components. Copyright (c) 2011 RICOH COMPANY, LTD. FIA_UID.1.2(b) The TSF shall require each user to be successfully identified (refinement: identification of that user. All...
Security Target
Page 63
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Page 62 of 93 Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification...]] the security attributes [assignment: security attributes in Table 26] to [assignment: the user roles with Operation Permission MFP administrator Normal user who owns the applicable login user name MFP administrator Supervisor MFP administrator MFP administrator who stored the document data MFP administrator -: No user roles are permitted for External Authentication...
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Page 62 of 93 Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification...]] the security attributes [assignment: security attributes in Table 26] to [assignment: the user roles with Operation Permission MFP administrator Normal user who owns the applicable login user name MFP administrator Supervisor MFP administrator MFP administrator who stored the document data MFP administrator -: No user roles are permitted for External Authentication...