Security Target
Page 5
All rights reserved. Page 4 of 93 7.3 Document Access Control Function 84 7.4 Use-of-Feature Restriction Function 86 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 87 7.7 Stored Data Protection Function 88 7.8 Security Management Function 88 7.9 Software Verification Function 93 7.10 Fax Line Separation Function 93 Copyright (c) 2011 RICOH COMPANY, LTD.
All rights reserved. Page 4 of 93 7.3 Document Access Control Function 84 7.4 Use-of-Feature Restriction Function 86 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 87 7.7 Stored Data Protection Function 88 7.8 Security Management Function 88 7.9 Software Verification Function 93 7.10 Fax Line Separation Function 93 Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 8
... name and version. Table 1 : Identification Information of software and hardware versions. MFP versions consist of TOE Names Ricoh Aficio MP C4501, Ricoh Aficio MP C5501, Ricoh Aficio MP C4501G, Ricoh Aficio MP C5501G, Gestetner MP C4501, Gestetner MP C5501, Lanier MP C4501, Lanier MP C5501, Lanier LD645C, Lanier LD655C, Lanier LD645CG, Lanier LD655CG, nashuatec MP C4501, nashuatec MP C5501, Rex-Rotary MP C4501, Rex-Rotary MP C5501, MFPs Versions Software System/Copy Network Support Scanner Printer Fax...
... name and version. Table 1 : Identification Information of software and hardware versions. MFP versions consist of TOE Names Ricoh Aficio MP C4501, Ricoh Aficio MP C5501, Ricoh Aficio MP C4501G, Ricoh Aficio MP C5501G, Gestetner MP C4501, Gestetner MP C5501, Lanier MP C4501, Lanier MP C5501, Lanier LD645C, Lanier LD655C, Lanier LD645CG, Lanier LD655CG, nashuatec MP C4501, nashuatec MP C5501, Rex-Rotary MP C4501, Rex-Rotary MP C5501, MFPs Versions Software System/Copy Network Support Scanner Printer Fax...
Security Target
Page 10
Users can store it as a document. Various settings for the MFP, which is the TOE itself, and hardware and software other than the TOE. Print, fax, network transmission, and deletion of paper documents, - LAN Network used by connecting to the office LAN, and users can ... 1. The MFP is defined as shown in the TOE environment. Copy, fax, storage, and network transmission of the stored documents. All rights reserved. Copyright (c) 2011 RICOH COMPANY, LTD. Below, explanations are provided for the MFP, -
Users can store it as a document. Various settings for the MFP, which is the TOE itself, and hardware and software other than the TOE. Print, fax, network transmission, and deletion of paper documents, - LAN Network used by connecting to the office LAN, and users can ... 1. The MFP is defined as shown in the TOE environment. Copy, fax, storage, and network transmission of the stored documents. All rights reserved. Copyright (c) 2011 RICOH COMPANY, LTD. Below, explanations are provided for the MFP, -
Security Target
Page 12
..., Engine Unit, Fax Unit, Controller Board, HDD, Ic Ctlr, Network Unit, USB Port, SD Card Slot, and SD Card. Stored Data Protection Function - Copyright (c) 2011 RICOH COMPANY, LTD. Software Verification Function - - Residual Data Overwrite Function -
..., Engine Unit, Fax Unit, Controller Board, HDD, Ic Ctlr, Network Unit, USB Port, SD Card Slot, and SD Card. Stored Data Protection Function - Copyright (c) 2011 RICOH COMPANY, LTD. Software Verification Function - - Residual Data Overwrite Function -
Security Target
Page 13
... Board sends and receives information to control the MFP is stored. - The following describes the components of random number generation, cryptographic key generation Copyright (c) 2011 RICOH COMPANY, LTD. Ic Key A security chip that constitute the MFP, and this information is used as a working area for configuring MFP operations is processed by...
... Board sends and receives information to control the MFP is stored. - The following describes the components of random number generation, cryptographic key generation Copyright (c) 2011 RICOH COMPANY, LTD. Ic Key A security chip that constitute the MFP, and this information is used as a working area for configuring MFP operations is processed by...
Security Target
Page 14
...the TOE, is the identifier of the components that constitute the TOE, is the identifier for the Operation Panel Control Software. Copyright (c) 2011 RICOH COMPANY, LTD. Controls the LEDs and displays information on the Operation Panel Control Board. It also sends and receives fax... that is installed on the LCD touch screen according to instructions from the Controller Board. OpePanel, which the following : 1. The Engine Control Software is one of the TOE and are installed: System/Copy, Network Support, Scanner, Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox...
...the TOE, is the identifier of the components that constitute the TOE, is the identifier for the Operation Panel Control Software. Copyright (c) 2011 RICOH COMPANY, LTD. Controls the LEDs and displays information on the Operation Panel Control Board. It also sends and receives fax... that is installed on the LCD touch screen according to instructions from the Controller Board. OpePanel, which the following : 1. The Engine Control Software is one of the TOE and are installed: System/Copy, Network Support, Scanner, Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox...
Security Target
Page 15
...LD630C/LD635C/LD645C/LD645CA/LD655C/LD655CA LD630CG/LD635CG/LD645CG/LD645CAG/LD655CG/LD655CAG Aficio MP C3001/C3501/C4501/C4501A/C5501/C5501A Aficio MP C3001G/C3501G/C4501G/C4501AG/C5501G/C5501AG Copyright (c) 2011 RICOH COMPANY, LTD. Network Unit The Network Unit is provided with individual.../LD645CAG/LD655CG/LD655CAG Aficio MP C3001/C3501/C4501/C4501A/C5501/C5501A Aficio MP C3001G/C3501G/C4501G/C4501AG/C5501G/C5501AG Operating Instructions About This Machine D088-7603A - Only the customer engineer is a memory medium in which Data Erase Std (MFP Control Software) are as follows...
...LD630C/LD635C/LD645C/LD645CA/LD655C/LD655CA LD630CG/LD635CG/LD645CG/LD645CAG/LD655CG/LD655CAG Aficio MP C3001/C3501/C4501/C4501A/C5501/C5501A Aficio MP C3001G/C3501G/C4501G/C4501AG/C5501G/C5501AG Copyright (c) 2011 RICOH COMPANY, LTD. Network Unit The Network Unit is provided with individual.../LD645CAG/LD655CG/LD655CAG Aficio MP C3001/C3501/C4501/C4501A/C5501/C5501A Aficio MP C3001G/C3501G/C4501G/C4501AG/C5501G/C5501AG Operating Instructions About This Machine D088-7603A - Only the customer engineer is a memory medium in which Data Erase Std (MFP Control Software) are as follows...
Security Target
Page 27
... Function is to verify the integrity of the executable codes of the MFP Control Software and FCU Control Software and to ensure that only fax data can be received and unauthorised intrusion from the telephone lines (same as a "job". User Data The user data ... be protected by the TOE are specified for TSF data in deleted documents, temporary documents and their fragments, which are managed by users. Copyright (c) 2011 RICOH COMPANY, LTD. Residual Data Overwrite Function The Residual Data Overwrite Function is to overwrite specific patterns on the HDD and disable the reusing of the...
... Function is to verify the integrity of the executable codes of the MFP Control Software and FCU Control Software and to ensure that only fax data can be received and unauthorised intrusion from the telephone lines (same as a "job". User Data The user data ... be protected by the TOE are specified for TSF data in deleted documents, temporary documents and their fragments, which are managed by users. Copyright (c) 2011 RICOH COMPANY, LTD. Residual Data Overwrite Function The Residual Data Overwrite Function is to overwrite specific patterns on the HDD and disable the reusing of the...
Security Target
Page 28
... confidential data. In this ST, "protected data", listed below , is referred to as "TSF confidential data". Copyright (c) 2011 RICOH COMPANY, LTD. This data must be protected from changes by users without viewing permissions. Functions The MFP applications (Copy Function, Document...This component is exposed to these data types. Type Protected data Confidential data Table 9 : Definition of specific terms. Terms MFP Control Software Table 10 : Specific Terms Related to restrictions. 1.5 Glossary 1.5.1 Glossary for Lockout Release Timer, lockout time, date settings (year/month...
... confidential data. In this ST, "protected data", listed below , is referred to as "TSF confidential data". Copyright (c) 2011 RICOH COMPANY, LTD. This data must be protected from changes by users without viewing permissions. Functions The MFP applications (Copy Function, Document...This component is exposed to these data types. Type Protected data Confidential data Table 9 : Definition of specific terms. Terms MFP Control Software Table 10 : Specific Terms Related to restrictions. 1.5 Glossary 1.5.1 Glossary for Lockout Release Timer, lockout time, date settings (year/month...
Security Target
Page 38
... As for communication with operation permission of the TOE shall be authorised to use and security-relevant events. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. The audit log shall be protected from physical access by unauthorised persons. A.ACCESS.MANAGED ...Access management According to the guidance document, the TOE is placed in the TSF. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to self-verify executable code in a restricted or monitored area that provides protection from unauthorised disclosure or...
... As for communication with operation permission of the TOE shall be authorised to use and security-relevant events. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. The audit log shall be protected from physical access by unauthorised persons. A.ACCESS.MANAGED ...Access management According to the guidance document, the TOE is placed in the TSF. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to self-verify executable code in a restricted or monitored area that provides protection from unauthorised disclosure or...
Security Target
Page 41
... with those communication data. 4.2 Security Objectives of Operational Environment This section describes the security objectives of external interfaces by authorised persons. Copyright (c) 2011 RICOH COMPANY, LTD. O.SOFTWARE.VERIFIED Software verification The TOE shall provide procedures to a trusted IT product, the responsible manager of MFP shall ensure that users are authorised in trusted IT...
... with those communication data. 4.2 Security Objectives of Operational Environment This section describes the security objectives of external interfaces by authorised persons. Copyright (c) 2011 RICOH COMPANY, LTD. O.SOFTWARE.VERIFIED Software verification The TOE shall provide procedures to a trusted IT product, the responsible manager of MFP shall ensure that users are authorised in trusted IT...
Security Target
Page 43
...O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DIS O.CONF.NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE....X X X T.FUNC.ALT X X X T.PROT.ALT X X X T.CONF.DIS X X X T.CONF.ALT X X X P.USER.AUTHORIZATION X X P.SOFTWARE.VERIFICATION X P.AUDIT.LOGGING X XXX P.INTERFACE.MANAGEMENT X X P.STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright ...
...O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DIS O.CONF.NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE....X X X T.FUNC.ALT X X X T.PROT.ALT X X X T.CONF.DIS X X X T.CONF.ALT X X X P.USER.AUTHORIZATION X X P.SOFTWARE.VERIFICATION X P.AUDIT.LOGGING X XXX P.INTERFACE.MANAGEMENT X X P.STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright ...
Security Target
Page 45
... authority to use the TOE to users who follow the security policies and procedures of their organisation. P.USER.AUTHORIZATION P.USER.AUTHORIZATION is enforced by O.SOFTWARE.VERIFIED. Copyright (c) 2011 RICOH COMPANY, LTD. T.CONF.ALT is enforced by O.USER.AUTHORIZED and OE.USER.AUTHORIZED. By O.USER.AUTHORIZED, the TOE requires identification and authentication of...
... authority to use the TOE to users who follow the security policies and procedures of their organisation. P.USER.AUTHORIZATION P.USER.AUTHORIZATION is enforced by O.SOFTWARE.VERIFIED. Copyright (c) 2011 RICOH COMPANY, LTD. T.CONF.ALT is enforced by O.USER.AUTHORIZED and OE.USER.AUTHORIZED. By O.USER.AUTHORIZED, the TOE requires identification and authentication of...
Security Target
Page 68
...to provide reliable time stamps. All rights reserved. Dependencies: FIA_UID.1 Timing of [selection: [assignment: the MFP Control Software, FCU Control Software]]. FPT_TST.1.3 The TSF shall provide authorised users with the capability to verify the integrity of [selection: [assignment: the... stored TSF executable code]]. Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: No dependencies. FPT_TST.1.2 The TSF shall provide ...
...to provide reliable time stamps. All rights reserved. Dependencies: FIA_UID.1 Timing of [selection: [assignment: the MFP Control Software, FCU Control Software]]. FPT_TST.1.3 The TSF shall provide authorised users with the capability to verify the integrity of [selection: [assignment: the... stored TSF executable code]]. Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: No dependencies. FPT_TST.1.2 The TSF shall provide ...
Security Target
Page 71
... Table 32 : Relationship between Security Objectives and Functional Requirements O.DOC.NO_DI S O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FCS_CKM.1 FCS_COP.1 FDP_ACC.1(a) X X X FDP_ACC.1(b) FDP_ACF.1(a) X X X FDP_ACF.1(b) FDP_RIP.1 X X FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU...
... Table 32 : Relationship between Security Objectives and Functional Requirements O.DOC.NO_DI S O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FCS_CKM.1 FCS_COP.1 FDP_ACC.1(a) X X X FDP_ACC.1(b) FDP_ACF.1(a) X X X FDP_ACF.1(b) FDP_RIP.1 X X FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU...
Security Target
Page 72
... document data. All rights reserved. Page 71 of 93 O.DOC.NO_DI S O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FMT_MSA.3(b) FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTA_SSL.3 FTP_ITC.1 X X X X X X X X X X X X X X X X X X X X X X X X 6.3.2 ... document disclosure O.DOC.NO_DIS is registered on the document user list, and a specified user Copyright (c) 2011 RICOH COMPANY, LTD. O.DOC.NO_DIS Protection of the document data.
... document data. All rights reserved. Page 71 of 93 O.DOC.NO_DI S O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FMT_MSA.3(b) FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTA_SSL.3 FTP_ITC.1 X X X X X X X X X X X X X X X X X X X X X X X X 6.3.2 ... document disclosure O.DOC.NO_DIS is registered on the document user list, and a specified user Copyright (c) 2011 RICOH COMPANY, LTD. O.DOC.NO_DIS Protection of the document data.
Security Target
Page 77
...data to be written into the HDD is the security objective to read audit logs in the audit log. O.SOFTWARE.VERIFIED Software verification O.SOFTWARE.VERIFIED is encrypted. To fulfil this security objective, it is required to implement the following countermeasures. (1) Record the...the MFP administrator to implement the following countermeasures. (1) Self-check FPT_TST.1 checks if the MFP Control Software and FCU Control Software are full. (3) Provide Audit Function. Copyright (c) 2011 RICOH COMPANY, LTD. Page 76 of 93 (3) Restricted forwarding of the occurrence factor. (2) Protect the...
...data to be written into the HDD is the security objective to read audit logs in the audit log. O.SOFTWARE.VERIFIED Software verification O.SOFTWARE.VERIFIED is encrypted. To fulfil this security objective, it is required to implement the following countermeasures. (1) Record the...the MFP administrator to implement the following countermeasures. (1) Self-check FPT_TST.1 checks if the MFP Control Software and FCU Control Software are full. (3) Provide Audit Function. Copyright (c) 2011 RICOH COMPANY, LTD. Page 76 of 93 (3) Restricted forwarding of the occurrence factor. (2) Protect the...
Security Target
Page 80
Therefore, cryptographic key destruction by the standard method is unnecessary. 6.3.4 Security Assurance Requirements Rationale This TOE is software for the MFP, which is not covered in a general office and this evaluation. In order to securely operate the TOE... continuously, it is important to appropriately remediate the flaw discovered after the start of commercially available products. Copyright (c) 2011 RICOH COMPANY, LTD. A high attack potential is required for the attacks that circumvent or tamper with the possibility of moderate or greater level ...
Therefore, cryptographic key destruction by the standard method is unnecessary. 6.3.4 Security Assurance Requirements Rationale This TOE is software for the MFP, which is not covered in a general office and this evaluation. In order to securely operate the TOE... continuously, it is important to appropriately remediate the flaw discovered after the start of commercially available products. Copyright (c) 2011 RICOH COMPANY, LTD. A high attack potential is required for the attacks that circumvent or tamper with the possibility of moderate or greater level ...
Security Target
Page 94
... TOE outputs the information used to prohibit forwarding of the MFP Control Software first by using the hash and then by checking the certificate. Copyright (c) 2011 RICOH COMPANY, LTD. For Fax Function, values to identify Fax Function. 7.9 Software Verification Function The Software Verification Function is as follows: For Copy Function, values to verify the...
... TOE outputs the information used to prohibit forwarding of the MFP Control Software first by using the hash and then by checking the certificate. Copyright (c) 2011 RICOH COMPANY, LTD. For Fax Function, values to identify Fax Function. 7.9 Software Verification Function The Software Verification Function is as follows: For Copy Function, values to verify the...