General Settings Guide
Page 209
... be used when sending e-mail, sending to check their e-mail addresses in the Address Book allows you to register destinations and users in order to restrict particular functions to certain users, and to folders, or accessing an LDAP server. 201 It can register user codes in the Address Book.
... be used when sending e-mail, sending to check their e-mail addresses in the Address Book allows you to register destinations and users in order to restrict particular functions to certain users, and to folders, or accessing an LDAP server. 201 It can register user codes in the Address Book.
Security Target
Page 4
...Objectives Rationale 42 4.3.1 Correspondence Table of Security Objectives 42 4.3.2 Security Objectives Descriptions 43 5 Extended Components Definition 47 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP 47 6 Security Requirements...49 6.1 Security Functional Requirements 49 6.1.1 Class FAU: ... authentication 58 6.1.5 Class FMT: Security management 61 6.1.6 Class FPT: Protection of the TSF 67 6.1.7 Class FTA: TOE access 68 6.1.8 Class FTP: Trusted path/channels 68 6.2 Security Assurance Requirements 68 6.3 Security Requirements Rationale 69 6.3.1 Tracing ...69...
...Objectives Rationale 42 4.3.1 Correspondence Table of Security Objectives 42 4.3.2 Security Objectives Descriptions 43 5 Extended Components Definition 47 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP 47 6 Security Requirements...49 6.1 Security Functional Requirements 49 6.1.1 Class FAU: ... authentication 58 6.1.5 Class FMT: Security management 61 6.1.6 Class FPT: Protection of the TSF 67 6.1.7 Class FTA: TOE access 68 6.1.8 Class FTP: Trusted path/channels 68 6.2 Security Assurance Requirements 68 6.3 Security Requirements Rationale 69 6.3.1 Tracing ...69...
Security Target
Page 5
Page 4 of 93 7.3 Document Access Control Function 84 7.4 Use-of-Feature Restriction Function 86 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 87 7.7 Stored Data Protection Function 88 7.8 Security Management Function 88 7.9 Software Verification Function 93 7.10 Fax Line Separation Function 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Page 4 of 93 7.3 Document Access Control Function 84 7.4 Use-of-Feature Restriction Function 86 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 87 7.7 Stored Data Protection Function 88 7.8 Security Management Function 88 7.9 Software Verification Function 93 7.10 Fax Line Separation Function 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Security Target
Page 12
... and Authentication Function - Network Protection Function - Residual Data Overwrite Function - Stored Data Protection Function - Copyright (c) 2011 RICOH COMPANY, LTD. Security Management Function - Fax Line Separation Function Page 11 of 93 1.4 TOE Description This section describes ... of TOE, and Protected Assets. 1.4.1 Physical Boundary of TOE The physical boundary of the TOE is the MFP, which consists of -Feature Restriction Function - Software Verification Function - Use-of the following hardware components (shown in Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, ...
... and Authentication Function - Network Protection Function - Residual Data Overwrite Function - Stored Data Protection Function - Copyright (c) 2011 RICOH COMPANY, LTD. Security Management Function - Fax Line Separation Function Page 11 of 93 1.4 TOE Description This section describes ... of TOE, and Protected Assets. 1.4.1 Physical Boundary of TOE The physical boundary of the TOE is the MFP, which consists of -Feature Restriction Function - Software Verification Function - Use-of the following hardware components (shown in Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, ...
Security Target
Page 26
... Function The Document Access Control Function is to verify persons before they use the TOE from the Operation Panel or a Web browser, a user will be verified as a normal user. If the e-mail Copyright (c) 2011 RICOH COMPANY, LTD. The persons are allowed to use of ... verified only by Identification and Authentication Function. If the Printer Function is to specify encrypted communication. Use-of-Feature Restriction Function The Use-of-Feature Restriction Function is used , the protection function can be enabled using the Operation Panel. To use the @Remote Service ...
... Function The Document Access Control Function is to verify persons before they use the TOE from the Operation Panel or a Web browser, a user will be verified as a normal user. If the e-mail Copyright (c) 2011 RICOH COMPANY, LTD. The persons are allowed to use of ... verified only by Identification and Authentication Function. If the Printer Function is to specify encrypted communication. Use-of-Feature Restriction Function The Use-of-Feature Restriction Function is used , the protection function can be enabled using the Operation Panel. To use the @Remote Service ...
Security Target
Page 35
..., unless they are neither allowed to be attached nor removed by the administrator. Copyright (c) 2011 RICOH COMPANY, LTD. Augmentation of document data and user jobs. Although FDP_ACF.1.4(a) in the PP. Therefore...This is part of the TOE functions. Although FDP_ACF.1.3(a) in the PP. Additional Rules on access control of document data and user jobs, this TOE. it is assigned to the intended user... extends the functional requirement Part 2 due to the addition of the restricted forwarding of data to external interfaces (FPT_FDI_EXP). This does not deviate from the PP but...
..., unless they are neither allowed to be attached nor removed by the administrator. Copyright (c) 2011 RICOH COMPANY, LTD. Augmentation of document data and user jobs. Although FDP_ACF.1.4(a) in the PP. Therefore...This is part of the TOE functions. Although FDP_ACF.1.3(a) in the PP. Additional Rules on access control of document data and user jobs, this TOE. it is assigned to the intended user... extends the functional requirement Part 2 due to the addition of the restricted forwarding of data to external interfaces (FPT_FDI_EXP). This does not deviate from the PP but...
Security Target
Page 36
... receiving from a telephone line, is regarded as a result, the TSF restrictively allows the MFP administrator to delete document data and user jobs (document access control SFP, FDP_ACC.1(a) and FDP_ACF.1(a)), and as a user with administrator privileges. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Therefore, FDP_ACF.1.3(b) in this ST satisfies FDP_ACF.1.3(b) in the PP...
... receiving from a telephone line, is regarded as a result, the TSF restrictively allows the MFP administrator to delete document data and user jobs (document access control SFP, FDP_ACC.1(a) and FDP_ACF.1(a)), and as a user with administrator privileges. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Therefore, FDP_ACF.1.3(b) in this ST satisfies FDP_ACF.1.3(b) in the PP...
Security Target
Page 38
... competent to the guidance document, the TOE is placed in the TSF. A.ACCESS.MANAGED Access management According to follow those interfaces shall be reviewed by unauthorised persons. All...HDD inside the TOE shall be authorised to self-verify executable code in a restricted or monitored area that provides protection from unauthorised disclosure or alteration, and shall ... events. P.RCGATE.COMM.PROTECT Protection of those policies and procedures. Copyright (c) 2011 RICOH COMPANY, LTD. P.INTERFACE.MANAGEMENT Management of external interfaces To prevent unauthorised use of the...
... competent to the guidance document, the TOE is placed in the TSF. A.ACCESS.MANAGED Access management According to follow those interfaces shall be reviewed by unauthorised persons. All...HDD inside the TOE shall be authorised to self-verify executable code in a restricted or monitored area that provides protection from unauthorised disclosure or alteration, and shall ... events. P.RCGATE.COMM.PROTECT Protection of those policies and procedures. Copyright (c) 2011 RICOH COMPANY, LTD. P.INTERFACE.MANAGEMENT Management of external interfaces To prevent unauthorised use of the...
Security Target
Page 46
...objective. By O.STORAGE.ENCRYPTED, the TOE shall encrypt the data to be accessed in a restricted or monitored environment according to the guidance documents and is enforced by these objectives. A.ACCESS.MANAGED A.ACCESS.MANAGED is enforced by this objective. By OE.AUDIT_STORAGE.PROTECTED, if audit...path between itself and RC Gate, and detect any tampering with the security policies. Copyright (c) 2011 RICOH COMPANY, LTD. P.STORAGE.ENCRYPTION is protected from unauthorised access, deletion and alteration. By OE.PHYSICAL.MANAGED, the TOE is located in order to detect potential ...
...objective. By O.STORAGE.ENCRYPTED, the TOE shall encrypt the data to be accessed in a restricted or monitored environment according to the guidance documents and is enforced by these objectives. A.ACCESS.MANAGED A.ACCESS.MANAGED is enforced by this objective. By OE.AUDIT_STORAGE.PROTECTED, if audit...path between itself and RC Gate, and detect any tampering with the security policies. Copyright (c) 2011 RICOH COMPANY, LTD. P.STORAGE.ENCRYPTION is protected from unauthorised access, deletion and alteration. By OE.PHYSICAL.MANAGED, the TOE is located in order to detect potential ...
Security Target
Page 53
...keys in accordance with the identity of the user that have been granted explicit read-access. 6.1.2 Class FCS: Cryptographic support FCS_CKM.1 Cryptographic key generation Hierarchical to : No other... algorithm [assignment: cryptographic key generation algorithm in Table 13] and Copyright (c) 2011 RICOH COMPANY, LTD. FAU_STG.1 Protected audit trail storage Hierarchical to: No other components. ...selection: overwrite the oldest stored audit records] and [assignment: no other components. FAU_SAR.2 Restricted audit review Hierarchical to: No other actions to : FAU_STG.3 Action in the audit ...
...keys in accordance with the identity of the user that have been granted explicit read-access. 6.1.2 Class FCS: Cryptographic support FCS_CKM.1 Cryptographic key generation Hierarchical to : No other... algorithm [assignment: cryptographic key generation algorithm in Table 13] and Copyright (c) 2011 RICOH COMPANY, LTD. FAU_STG.1 Protected audit trail storage Hierarchical to: No other components. ...selection: overwrite the oldest stored audit records] and [assignment: no other components. FAU_SAR.2 Restricted audit review Hierarchical to: No other actions to : FAU_STG.3 Action in the audit ...
Security Target
Page 63
... login user name Supervisor - Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Page 62 of 93 Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Function FMT_MSA.1.1(a) The TSF shall enforce the [assignment: document access control SFP] to restrict the ability to [assignment: the user...
... login user name Supervisor - Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Page 62 of 93 Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Function FMT_MSA.1.1(a) The TSF shall enforce the [assignment: document access control SFP] to restrict the ability to [assignment: the user...
Security Target
Page 64
..., or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Function FMT_MSA.1.1(b)The TSF shall enforce the [assignment: TOE function access control SFP] to restrict the ability to [selection: query, modify, delete, [assignment: newly create]] the security attributes [assignment: security attributes in Table 27] to [assignment: the user roles... Query (however, query is not allowed in Table 27]. Page 63 of 93 FMT_MSA.1(b)Management of security attributes Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD.
..., or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Function FMT_MSA.1.1(b)The TSF shall enforce the [assignment: TOE function access control SFP] to restrict the ability to [selection: query, modify, delete, [assignment: newly create]] the security attributes [assignment: security attributes in Table 27] to [assignment: the user roles... Query (however, query is not allowed in Table 27]. Page 63 of 93 FMT_MSA.1(b)Management of security attributes Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 65
....1 Management of security attributes FMT_SMR.1 Security roles FMT_MSA.3.1(b)The TSF shall enforce the [assignment: TOE function access control SFP] to provide [selection: [assignment: the permissive to the available function list, restrictive to the function type, restrictive to the user role]] default values for the user role] to specify alternative initial values to override... the [assignment: authorised identified roles shown in Table 28] to specify alternative initial values to : No other components. FMT_MTD.1 Management of Management Functions Copyright (c) 2011 RICOH COMPANY, LTD.
....1 Management of security attributes FMT_SMR.1 Security roles FMT_MSA.3.1(b)The TSF shall enforce the [assignment: TOE function access control SFP] to provide [selection: [assignment: the permissive to the available function list, restrictive to the function type, restrictive to the user role]] default values for the user role] to specify alternative initial values to override... the [assignment: authorised identified roles shown in Table 28] to specify alternative initial values to : No other components. FMT_MTD.1 Management of Management Functions Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 69
Copyright (c) 2011 RICOH COMPANY, LTD. Page 68 of 93 FPT_FDI_EXP.1 Restricted forwarding of data to external interfaces Hierarchical to: No other components. Table 31 lists the assurance components of components defined in evaluation assurance ... LAN, telephone line] from being forwarded without further processing by the TSF to [assignment: the LAN and telephone line]. 6.1.7 Class FTA: TOE access FTA_SSL.3 TSF-initiated termination Hierarchical to : No other communication channels and provides assured identification of its end points and protection of this TOE is logically...
Copyright (c) 2011 RICOH COMPANY, LTD. Page 68 of 93 FPT_FDI_EXP.1 Restricted forwarding of data to external interfaces Hierarchical to: No other components. Table 31 lists the assurance components of components defined in evaluation assurance ... LAN, telephone line] from being forwarded without further processing by the TSF to [assignment: the LAN and telephone line]. 6.1.7 Class FTA: TOE access FTA_SSL.3 TSF-initiated termination Hierarchical to : No other communication channels and provides assured identification of its end points and protection of this TOE is logically...
Security Target
Page 73
...objective to prevent the user jobs from being used by persons with the permission to delete the applicable user job. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. The supervisor and RC Gate are the security functional requirements for sending or receiving document data. Deletion...not allowed to delete user jobs. Page 72 of 93 is thus restricted to perform each operation. To fulfil this security objective, it is required to implement the following countermeasures. (1) Specify and implement the access control to the security attributes of the document data, and the MFP...
...objective to prevent the user jobs from being used by persons with the permission to delete the applicable user job. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. The supervisor and RC Gate are the security functional requirements for sending or receiving document data. Deletion...not allowed to delete user jobs. Page 72 of 93 is thus restricted to perform each operation. To fulfil this security objective, it is required to implement the following countermeasures. (1) Specify and implement the access control to the security attributes of the document data, and the MFP...
Security Target
Page 75
... is the MFP administrator or supervisor, and if the person is the normal user, the External Authentication is only allowed to restrict users in advance, and associate the users who have the privileges. (4) Use trusted channels for Security Function. (3) Specification of... computer. FMT_SMF.1 performs the required Management Functions for sending or receiving TSF confidential data. Copyright (c) 2011 RICOH COMPANY, LTD. FIA_ATD.1 and FIA_USB.1 manage the access procedures to use . FIA_UID.1(b) and FIA_UAU.1(b) identify and authenticate the persons by LAN fax from the interface...
... is the MFP administrator or supervisor, and if the person is the normal user, the External Authentication is only allowed to restrict users in advance, and associate the users who have the privileges. (4) Use trusted channels for Security Function. (3) Specification of... computer. FMT_SMF.1 performs the required Management Functions for sending or receiving TSF confidential data. Copyright (c) 2011 RICOH COMPANY, LTD. FIA_ATD.1 and FIA_USB.1 manage the access procedures to use . FIA_UID.1(b) and FIA_UAU.1(b) identify and authenticate the persons by LAN fax from the interface...
Security Target
Page 76
...or a Web browser for certain period. FMT_MSA.3(b) sets the permissive default value to the available function list, and sets the restrictive default value to the Operation Panel and LAN interface. The function for F.SMI is enforced by FDP_ACC.1(b) and FDP_ACF.1(b) and fulfilled. Therefore...that the TOE manages the operation of the Operation Panel or a Web browser after completing the communication with the access control by FDP_ACC.1(b) and FDP_ACF.1(b). Copyright (c) 2011 RICOH COMPANY, LTD. FIA_AFL.1 does not allow the user who attempt to use the TOE from the interface for ...
...or a Web browser for certain period. FMT_MSA.3(b) sets the permissive default value to the available function list, and sets the restrictive default value to the Operation Panel and LAN interface. The function for F.SMI is enforced by FDP_ACC.1(b) and FDP_ACF.1(b) and fulfilled. Therefore...that the TOE manages the operation of the Operation Panel or a Web browser after completing the communication with the access control by FDP_ACC.1(b) and FDP_ACF.1(b). Copyright (c) 2011 RICOH COMPANY, LTD. FIA_AFL.1 does not allow the user who attempt to use the TOE from the interface for ...
Security Target
Page 87
...user job is cancelled, any documents operated by the owner or MFP administrator. Copyright (c) 2011 RICOH COMPANY, LTD. However, if the document data operated by the cancelled user job is a...user privileges set for each user. All rights reserved. Other users are privileged to use Document Server Function) (2) Access control rule on user jobs The TOE displays on the Operation Panel a menu to cancel a user job only... be deleted and remain stored in the TOE. 7.4 Use-of-Feature Restriction Function The Use-of-Feature Restriction Function is to authorise TOE users to operate user jobs.
...user job is cancelled, any documents operated by the owner or MFP administrator. Copyright (c) 2011 RICOH COMPANY, LTD. However, if the document data operated by the cancelled user job is a...user privileges set for each user. All rights reserved. Other users are privileged to use Document Server Function) (2) Access control rule on user jobs The TOE displays on the Operation Panel a menu to cancel a user job only... be deleted and remain stored in the TOE. 7.4 Use-of-Feature Restriction Function The Use-of-Feature Restriction Function is to authorise TOE users to operate user jobs.