Security Target
Page 5
All Rights Reserved. Page 5 of 81 7.1.2.3 Password Feedback Area Protection 68 7.1.2.4 Password Registration 68 7.1.3 SF.DOC_ACC Document Data Access Control Function 69 7.1.3.1 General User Operations on Document Data 69 7.1.3.2 File Administrator Operations on Document Data 70 7.1.4 SF.... Function for Intrusion via Telephone Line 75 7.1.9 SF.GENUINE MFP Control Software Verification Function 76 8 Appendix 77 8.1 Definitions of Terminology 77 8.2 References 81 Copyright (c) 2010 RICOH COMPANY, LTD.
All Rights Reserved. Page 5 of 81 7.1.2.3 Password Feedback Area Protection 68 7.1.2.4 Password Registration 68 7.1.3 SF.DOC_ACC Document Data Access Control Function 69 7.1.3.1 General User Operations on Document Data 69 7.1.3.2 File Administrator Operations on Document Data 70 7.1.4 SF.... Function for Intrusion via Telephone Line 75 7.1.9 SF.GENUINE MFP Control Software Verification Function 76 8 Appendix 77 8.1 Definitions of Terminology 77 8.2 References 81 Copyright (c) 2010 RICOH COMPANY, LTD.
Security Target
Page 16
...responsible manager" of the MFP is a user who manages administrator passwords and changes them. One default administrator is registered for the TOE. Table 1 describes the duties involved in a CC-Certified Environment - Managing the TOE's network connections. Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Administrators may have concurrent ...registered on the TOE as a factory setting. One supervisor must be a supervisor by the responsible manager change the supervisor ID and password of their own administrator IDs, passwords, and administrator roles. -
...responsible manager" of the MFP is a user who manages administrator passwords and changes them. One default administrator is registered for the TOE. Table 1 describes the duties involved in a CC-Certified Environment - Managing the TOE's network connections. Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Administrators may have concurrent ...registered on the TOE as a factory setting. One supervisor must be a supervisor by the responsible manager change the supervisor ID and password of their own administrator IDs, passwords, and administrator roles. -
Security Target
Page 20
...M aintenance: This forces users to register passwords that are authorised by others. - Identification and Authentication Function This function is permitted as follows: Reading document data: Read document data stored in document data include read -only Copyright (c) 2010 RICOH COMPANY, LTD. General users are allowed...are allowed to read the audit logs using the Web Service Function, and delete the audit logs using both the Minimum Password Length and Password Complexity Setting, which is able to delete any document data. Audit Function This function is as the read -only, ...
...M aintenance: This forces users to register passwords that are authorised by others. - Identification and Authentication Function This function is permitted as follows: Reading document data: Read document data stored in document data include read -only Copyright (c) 2010 RICOH COMPANY, LTD. General users are allowed...are allowed to read the audit logs using the Web Service Function, and delete the audit logs using both the Minimum Password Length and Password Complexity Setting, which is able to delete any document data. Audit Function This function is as the read -only, ...
Security Target
Page 22
... operations is registered to add and delete administrator roles, and change , and delete general user information. - Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. File administrators, document file owners, and document file users with the exception of their own... administrator roles, their roles must be automatically deleted. 3. Such administrators can newly create, change administrator IDs and passwords. User administrators can delete an administrator or an administrator role, and change , and delete general user information. Management of...
... operations is registered to add and delete administrator roles, and change , and delete general user information. - Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. File administrators, document file owners, and document file users with the exception of their own... administrator roles, their roles must be automatically deleted. 3. Such administrators can newly create, change administrator IDs and passwords. User administrators can delete an administrator or an administrator role, and change , and delete general user information. Management of...
Security Target
Page 44
...FIA_UAU.7.1 The TSF shall provide only [assignment: displaying a dummy letter (*: asterisks, or : bullets) for Password Complexity Setting. FIA_USB.1.1 The TSF shall associate the following user security attributes with subjects acting on the behalf ... : FIA_UID.1 Timing of identification. For administrators and a supervisor No fewer than the Minimum Password Length specified by the user administrator can be successfully authenticated before any action Hierarchical to : No other ... general user IDs, document data default ACL, Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
...FIA_UAU.7.1 The TSF shall provide only [assignment: displaying a dummy letter (*: asterisks, or : bullets) for Password Complexity Setting. FIA_USB.1.1 The TSF shall associate the following user security attributes with subjects acting on the behalf ... : FIA_UID.1 Timing of identification. For administrators and a supervisor No fewer than the Minimum Password Length specified by the user administrator can be successfully authenticated before any action Hierarchical to : No other ... general user IDs, document data default ACL, Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
Security Target
Page 47
...administrator, network administrator, file administrator, supervisor User administrator User administrator Machine administrator Machine administrator Machine administrator Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MTD.1.1 The TSF shall ..., time setting (hour, minute, second) Query, modify Query, modify Query, modify Query, modify Query Minimum Password Length Password Complexity Setting HDD cryptographic key Audit logs Service mode lock setting Query, modify Query, modify Query, newly create...
...administrator, network administrator, file administrator, supervisor User administrator User administrator Machine administrator Machine administrator Machine administrator Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MTD.1.1 The TSF shall ..., time setting (hour, minute, second) Query, modify Query, modify Query, modify Query, modify Query Minimum Password Length Password Complexity Setting HDD cryptographic key Audit logs Service mode lock setting Query, modify Query, modify Query, newly create...
Security Target
Page 49
...and there are no interfaces to change. None a) Managing the attributes used to verify the secrets. Copyright (c) 2010 RICOH COMPANY, LTD. None: Attributes (data type) used to make explicit access or denial based decisions. All Rights Reserved... FDP_IFC.1 FDP_IFF.1 FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU.2 Management requirements Management items Page 49 of the machine control data: - Minimum Password Length - a) Management of the metric used to define additional security attributes for locked-out users. b) Management of administrator authentication ...
...and there are no interfaces to change. None a) Managing the attributes used to verify the secrets. Copyright (c) 2010 RICOH COMPANY, LTD. None: Attributes (data type) used to make explicit access or denial based decisions. All Rights Reserved... FDP_IFC.1 FDP_IFF.1 FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU.2 Management requirements Management items Page 49 of the machine control data: - Minimum Password Length - a) Management of the metric used to define additional security attributes for locked-out users. b) Management of administrator authentication ...
Security Target
Page 57
...of the times when events occurred should be performed prior to allowing user access to the TOE Security Functions. To fulfill O.I &A, passwords for . b) Allow successfully identified and authenticated users to use of the functions they have permission for user authentication shall be easily guessable.... For this , FDP_ACC.1 and FDP_ACF.1 allow storage of a document, Copyright (c) 2010 RICOH COMPANY, LTD. a) Specify access control to their number of the subjects with security attributes is the file administrator. To fulfill O....
...of the times when events occurred should be performed prior to allowing user access to the TOE Security Functions. To fulfill O.I &A, passwords for . b) Allow successfully identified and authenticated users to use of the functions they have permission for user authentication shall be easily guessable.... For this , FDP_ACC.1 and FDP_ACF.1 allow storage of a document, Copyright (c) 2010 RICOH COMPANY, LTD. a) Specify access control to their number of the subjects with security attributes is the file administrator. To fulfill O....
Security Target
Page 58
...general users; - MANAGE Security management Following are included to fulfill the O.MANAGE specification. general users to query and specify theMinimum Password Length, complexity setting, and a Lockout Flag for the document data ACL, which is a securityattribute. the user administrator and general... IDs; - the user administrator and general users with full control operation permission for the implemented TSF shall be Copyright (c) 2010 RICOH COMPANY, LTD. supervisors to query and change S/MIME user information; - To fulfill O.MANAGE, the Security Management Functions for the...
...general users; - MANAGE Security management Following are included to fulfill the O.MANAGE specification. general users to query and specify theMinimum Password Length, complexity setting, and a Lockout Flag for the document data ACL, which is a securityattribute. the user administrator and general... IDs; - the user administrator and general users with full control operation permission for the implemented TSF shall be Copyright (c) 2010 RICOH COMPANY, LTD. supervisors to query and change S/MIME user information; - To fulfill O.MANAGE, the Security Management Functions for the...
Security Target
Page 65
... generation Successful storage of document data Successful reading of document data (*3) Successful deletion of document data Receiving fax Changing user password (including new creation and deletion) Deletion of administrator role Addition of administrator role Changing document data ACL Changing date and ...of 81 recorded when any kind of object document data - Communication IP address - -: No applicable expanded audit information Copyright (c) 2010 RICOH COMPANY, LTD. Table 25 shows the audit information for audit. Date/time of entire audit log Audit logs Basic audit information - ...
... generation Successful storage of document data Successful reading of document data (*3) Successful deletion of document data Receiving fax Changing user password (including new creation and deletion) Deletion of administrator role Addition of administrator role Changing document data ACL Changing date and ...of 81 recorded when any kind of object document data - Communication IP address - -: No applicable expanded audit information Copyright (c) 2010 RICOH COMPANY, LTD. Table 25 shows the audit information for audit. Date/time of entire audit log Audit logs Basic audit information - ...
Security Target
Page 67
... attempts reaches the machine administrator-specified Number of the following two Lockout release actions, (1) or (2), is performed by the user match a supervisor ID and corresponding password registered to the TOE. The TOE binds successfully authenticated users to the processes available to them (general user processes, administrator processes, or supervisor processes) according... attempt to use the TOE Security Functions from the Operation Panel or the Web Service Function. Page 67 of that user to "Active". Copyright (c) 2010 RICOH COMPANY, LTD.
... attempts reaches the machine administrator-specified Number of the following two Lockout release actions, (1) or (2), is performed by the user match a supervisor ID and corresponding password registered to the TOE. The TOE binds successfully authenticated users to the processes available to them (general user processes, administrator processes, or supervisor processes) according... attempt to use the TOE Security Functions from the Operation Panel or the Web Service Function. Page 67 of that user to "Active". Copyright (c) 2010 RICOH COMPANY, LTD.
Security Target
Page 68
... released upon the first successful identification and authentication by the locked-out user. This function uses a string of a password entered from the Operation Panel or the Web Service Function. From the above , FIA_AFL.1 (Authentication failure handling) and...[a-z] (26 letters) Numbers: [0-9] (10 digits) Symbols: SP (space 33 symbols) (2) Registerable password length: General users Copyright (c) 2010 RICOH COMPANY, LTD. If it does not, the password is registered. All Rights Reserved. The machine administrator specifies the lockout time between 1 and 9999 minutes...
... released upon the first successful identification and authentication by the locked-out user. This function uses a string of a password entered from the Operation Panel or the Web Service Function. From the above , FIA_AFL.1 (Authentication failure handling) and...[a-z] (26 letters) Numbers: [0-9] (10 digits) Symbols: SP (space 33 symbols) (2) Registerable password length: General users Copyright (c) 2010 RICOH COMPANY, LTD. If it does not, the password is registered. All Rights Reserved. The machine administrator specifies the lockout time between 1 and 9999 minutes...
Security Target
Page 69
...FIA_SOS.1 (Verification of secrets) and FMT_SMF.1 (Specification of Management Functions) are composed of a combination of characters based on the Password Complexity Setting specified by the user administrator can be registered. Table 2 shows the relationship between the operation permissions for a document...been successfully authenticated by the Identification and Authentication Function, or the authorisation assigned to the individual user. Copyright (c) 2010 RICOH COMPANY, LTD. Following are satisfied. If a general user ID that is associated with the general user process is based...
...FIA_SOS.1 (Verification of secrets) and FMT_SMF.1 (Specification of Management Functions) are composed of a combination of characters based on the Password Complexity Setting specified by the user administrator can be registered. Table 2 shows the relationship between the operation permissions for a document...been successfully authenticated by the Identification and Authentication Function, or the authorisation assigned to the individual user. Copyright (c) 2010 RICOH COMPANY, LTD. Following are satisfied. If a general user ID that is associated with the general user process is based...
Security Target
Page 73
...Deliver to specify machine control data Machine control data items Number of Attempts before Lockout Setting for Lockout Release Timer Lockout time Minimum Password Length Password Complexity Setting Date and time of system clock Range of setting value An integer 1-5 (times) Active or Inactive 1-9999 (minutes...Flag for administrators Lockout Flag for each item of machine control data, the range of machine control data by the TOE. Copyright (c) 2010 RICOH COMPANY, LTD. Page 73 of 81 By the above , FIA_AFL.1 (Authentication failure handling), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (...
...Deliver to specify machine control data Machine control data items Number of Attempts before Lockout Setting for Lockout Release Timer Lockout time Minimum Password Length Password Complexity Setting Date and time of system clock Range of setting value An integer 1-5 (times) Active or Inactive 1-9999 (minutes...Flag for administrators Lockout Flag for each item of machine control data, the range of machine control data by the TOE. Copyright (c) 2010 RICOH COMPANY, LTD. Page 73 of 81 By the above , FIA_AFL.1 (Authentication failure handling), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (...
Security Target
Page 78
...data from the TOE to folders on the Controller Board. A function that stores scanned data of supervisor information. Copyright (c) 2010 RICOH COMPANY, LTD. MFP Control Software embedded on an SMB or FTP server via a network. An item of an original in ...Customer engineer (CE) Fax reception process on Controller Board Supervisor Supervisor ID Supervisor authentication information Network administration Network control data Minimum Password Length Password Complexity Setting Fax process on Fax Unit Deliver to Folder Sending by a manufacturer, support service company, or a sales company...
...data from the TOE to folders on the Controller Board. A function that stores scanned data of supervisor information. Copyright (c) 2010 RICOH COMPANY, LTD. MFP Control Software embedded on an SMB or FTP server via a network. An item of an original in ...Customer engineer (CE) Fax reception process on Controller Board Supervisor Supervisor ID Supervisor authentication information Network administration Network control data Minimum Password Length Password Complexity Setting Fax process on Fax Unit Deliver to Folder Sending by a manufacturer, support service company, or a sales company...
Security Target
Page 79
...items that include the general user ID, general user authentication information, document data default ACL, and S/MIME user information A password for Lockout Release Timer General user General user ID General user information General user authentication information Print data Print Settings External ...). Print data is given one or more administrator roles. Indicates the administrator's login name on this TOE. Copyright (c) 2010 RICOH COMPANY, LTD. Administrators and supervisors who manages the TOE. An item of data that manages the MFP. Generally indicates the Internet...
...items that include the general user ID, general user authentication information, document data default ACL, and S/MIME user information A password for Lockout Release Timer General user General user ID General user information General user authentication information Print data Print Settings External ...). Print data is given one or more administrator roles. Indicates the administrator's login name on this TOE. Copyright (c) 2010 RICOH COMPANY, LTD. Administrators and supervisors who manages the TOE. An item of data that manages the MFP. Generally indicates the Internet...