Security Target
Page 3
......8 1.3.1 TOE Type ...8 1.3.2 TOE Usage ...8 1.3.3 Major Security Features of TOE 10 1.4 TOE Description...10 1.4.1 Physical Boundary of TOE 10 1.4.2 Guidance Documents 13 1.4.3 Definition of TOE 19 1.4.4.1. Security Functions 22 1.4.5 Protected Assets...23 1.4.5.1. TSF Data...24 1.4.5.3. Functions ...24 1.5 Glossary...24 1.5.1 Glossary for This ST 24 2 Conformance Claim...27... and Security Objectives in PP .........28 2.4.3 Consistency Claim with Security Requirements in PP 28 3 Security Problem Definitions 31 Copyright (c) 2011 RICOH COMPANY, LTD. Direct User...18 1.4.3.2.
......8 1.3.1 TOE Type ...8 1.3.2 TOE Usage ...8 1.3.3 Major Security Features of TOE 10 1.4 TOE Description...10 1.4.1 Physical Boundary of TOE 10 1.4.2 Guidance Documents 13 1.4.3 Definition of TOE 19 1.4.4.1. Security Functions 22 1.4.5 Protected Assets...23 1.4.5.1. TSF Data...24 1.4.5.3. Functions ...24 1.5 Glossary...24 1.5.1 Glossary for This ST 24 2 Conformance Claim...27... and Security Objectives in PP .........28 2.4.3 Consistency Claim with Security Requirements in PP 28 3 Security Problem Definitions 31 Copyright (c) 2011 RICOH COMPANY, LTD. Direct User...18 1.4.3.2.
Security Target
Page 4
... Environment ...35 4.2.2 Non-IT Environment 36 4.3 Security Objectives Rationale 37 4.3.1 Correspondence Table of Security Objectives 37 4.3.2 Security Objectives Descriptions 38 5 Extended Components Definition 42 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP 42 6 Security Requirements...44 6.1 Security Functional Requirements 44 6.1.1 Class FAU: Security audit 44 ... ...63 6.3.2 Justification of Traceability 64 6.3.3 Dependency Analysis 70 6.3.4 Security Assurance Requirements Rationale 72 7 TOE Summary Specification 73 Copyright (c) 2011 RICOH COMPANY, LTD.
... Environment ...35 4.2.2 Non-IT Environment 36 4.3 Security Objectives Rationale 37 4.3.1 Correspondence Table of Security Objectives 37 4.3.2 Security Objectives Descriptions 38 5 Extended Components Definition 42 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP 42 6 Security Requirements...44 6.1 Security Functional Requirements 44 6.1.1 Class FAU: Security audit 44 ... ...63 6.3.2 Justification of Traceability 64 6.3.3 Dependency Analysis 70 6.3.4 Security Assurance Requirements Rationale 72 7 TOE Summary Specification 73 Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 5
... for English Version-2 ...14 Table 4 : Guidance for English Version-3 ...15 Table 5 : Guidance for English Version-4 ...16 Table 6 : Definition of Users ...18 Table 7 : List of Administrative Roles ...18 Table 8: Definition of User Data ...23 Table 9: Definition of TSF Data...24 Table 10: Specific Terms Related to This ST 24 Table 11: Rationale for Security... Functional Requirements 63 Table 35: Result of Dependency Analysis of TOE Security Functional Requirements 70 Table 36: Auditable Events and Audit Data 73 Copyright (c) 2011 RICOH COMPANY, LTD.
... for English Version-2 ...14 Table 4 : Guidance for English Version-3 ...15 Table 5 : Guidance for English Version-4 ...16 Table 6 : Definition of Users ...18 Table 7 : List of Administrative Roles ...18 Table 8: Definition of User Data ...23 Table 9: Definition of TSF Data...24 Table 10: Specific Terms Related to This ST 24 Table 11: Rationale for Security... Functional Requirements 63 Table 35: Result of Dependency Analysis of TOE Security Functional Requirements 70 Table 36: Auditable Events and Audit Data 73 Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 11
... rights reserved. Audit Function - Fax Line Separation Function 1.4 TOE Description This section describes Physical Boundary of TOE, Guidance Documents, Definition of Users, Logical Boundary of TOE, and Protected Assets. 1.4.1 Physical Boundary of TOE The physical boundary of the TOE is the ...MFP, which consists of the following security features: - Use-of 87 - Copyright (c) 2011 RICOH COMPANY, LTD. Stored Data Protection Function - Page 10 of -Feature Restriction Function - Identification and Authentication Function - To ensure provision of...
... rights reserved. Audit Function - Fax Line Separation Function 1.4 TOE Description This section describes Physical Boundary of TOE, Guidance Documents, Definition of Users, Logical Boundary of TOE, and Protected Assets. 1.4.1 Physical Boundary of TOE The physical boundary of the TOE is the ...MFP, which consists of the following security features: - Use-of 87 - Copyright (c) 2011 RICOH COMPANY, LTD. Stored Data Protection Function - Page 10 of -Feature Restriction Function - Identification and Authentication Function - To ensure provision of...
Security Target
Page 18
... MP 6001/MP 7001/MP 8001/MP 9001 Aficio MP 6001/MP 7001/MP 8001/MP 9001 - These users include those who routinely use the TOE (direct users) and those who do not (indirect users). The direct users and indirect users are described as follows: Copyright (c) 2011 RICOH COMPANY...Security Functions - Manuals DataOverwriteSecurity Unit Type H/I - 1.4.3 Definition of Users This section defines the users related to the TOE. Manuals for Users D060-7782 - Notes for Administrators MP 6001/MP 7001/MP 8001/MP 9001 Aficio MP 6001/MP 7001/MP 8001/MP 9001 - Quick Reference Fax Guide - Quick Reference ...
... MP 6001/MP 7001/MP 8001/MP 9001 Aficio MP 6001/MP 7001/MP 8001/MP 9001 - These users include those who routinely use the TOE (direct users) and those who do not (indirect users). The direct users and indirect users are described as follows: Copyright (c) 2011 RICOH COMPANY...Security Functions - Manuals DataOverwriteSecurity Unit Type H/I - 1.4.3 Definition of Users This section defines the users related to the TOE. Manuals for Users D060-7782 - Notes for Administrators MP 6001/MP 7001/MP 8001/MP 9001 Aficio MP 6001/MP 7001/MP 8001/MP 9001 - Quick Reference Fax Guide - Quick Reference ...
Security Target
Page 19
...Authorised to multiple MFP administrators individually. This privilege allows access management of 87 1.4.3.1. This user consists of MFP Copyright (c) 2011 RICOH COMPANY, LTD. Therefore, the different roles of the audit log. Authorised to manage the TOE. All rights reserved. A normal... user is allowed to manage networks and configure LAN settings. The following table (Table 6) shows the definitions. Indirect User Responsible manager of normal users and administrators. The administrator means the user registered for TOE management. This privilege...
...Authorised to multiple MFP administrators individually. This privilege allows access management of 87 1.4.3.1. This user consists of MFP Copyright (c) 2011 RICOH COMPANY, LTD. Therefore, the different roles of the audit log. Authorised to manage the TOE. All rights reserved. A normal... user is allowed to manage networks and configure LAN settings. The following table (Table 6) shows the definitions. Indirect User Responsible manager of normal users and administrators. The administrator means the user registered for TOE management. This privilege...
Security Target
Page 24
... defines user data according to encrypt the data on the HDD by overwriting the specific pattern. - Jobs specified by users. Copyright (c) 2011 RICOH COMPANY, LTD. Also, this ST, a "user job" is to receive only faxes as input information from the telephone lines so that data... Assets The TOE shall protect the following protected assets: user data, TSF data and functions. 1.4.5.1. Type Document data Function data Table 8: Definition of 87 - In this function can be prevented. - Fax Line Separation Function The Fax Line Separation Function is referred to check the ...
... defines user data according to encrypt the data on the HDD by overwriting the specific pattern. - Jobs specified by users. Copyright (c) 2011 RICOH COMPANY, LTD. Also, this ST, a "user job" is to receive only faxes as input information from the telephone lines so that data... Assets The TOE shall protect the following protected assets: user data, TSF data and functions. 1.4.5.1. Type Document data Function data Table 8: Definition of 87 - In this function can be prevented. - Fax Line Separation Function The Fax Line Separation Function is referred to check the ...
Security Target
Page 25
..."TSF protected data". An identifier assigned to these data types. Copyright (c) 2011 RICOH COMPANY, LTD. Table 9 defines TSF data according to each login user name. Type Protected data Confidential data Table 9: Definition of this identifier. No security threat will occur even this ST, "confidential data... 10: Specific Terms Related to deny login of behaviour to This ST Terms MFP Control Software Login user name Login password Lockout Definitions A software component installed in FlashROM and SD Card. Login password, audit log, and HDD cryptographic key. 1.4.5.3. TSF Data The...
..."TSF protected data". An identifier assigned to these data types. Copyright (c) 2011 RICOH COMPANY, LTD. Table 9 defines TSF data according to each login user name. Type Protected data Confidential data Table 9: Definition of this identifier. No security threat will occur even this ST, "confidential data... 10: Specific Terms Related to deny login of behaviour to This ST Terms MFP Control Software Login user name Login password Lockout Definitions A software component installed in FlashROM and SD Card. Login password, audit log, and HDD cryptographic key. 1.4.5.3. TSF Data The...
Security Target
Page 26
... for the documents stored in the Document Server using Scanner Function. - Copyright (c) 2011 RICOH COMPANY, LTD. Page 25 of 87 Terms Auto logout Minimum Length Password Setting Password Complexity HDD User job Documents Document user list Document type Definitions A function for automatic user logout if no access is attempted from beginning to...
... for the documents stored in the Document Server using Scanner Function. - Copyright (c) 2011 RICOH COMPANY, LTD. Page 25 of 87 Terms Auto logout Minimum Length Password Setting Password Complexity HDD User job Documents Document user list Document type Definitions A function for automatic user logout if no access is attempted from beginning to...
Security Target
Page 27
... "PC FAX". This list is operating no MFP applications. A list of a touch screen LCD and key switches. Copyright (c) 2011 RICOH COMPANY, LTD. Consists of the normal users who are authorised to the SMTP Server. A function to read and delete received fax documents... function list Operation Panel Users for stored and received documents Folder transmission Destination folder E-mail transmission S/MIME user information LAN Fax Definitions A general term for each normal user. IPSec protects the communication for realising this information consists of e-mail address, user certificate...
... "PC FAX". This list is operating no MFP applications. A list of a touch screen LCD and key switches. Copyright (c) 2011 RICOH COMPANY, LTD. Consists of the normal users who are authorised to the SMTP Server. A function to read and delete received fax documents... function list Operation Panel Users for stored and received documents Folder transmission Destination folder E-mail transmission S/MIME user information LAN Fax Definitions A general term for each normal user. IPSec protects the communication for realising this information consists of e-mail address, user certificate...
Security Target
Page 29
...4 are added according to maintain and manage the audit logs. Copyright (c) 2011 RICOH COMPANY, LTD. Defining all security problems in the PP, P.STORAGE_ENCRYPTION was added to the security problem definitions in the Common Security Functional Requirements and SFR Packages 2600.1-PRT, 2600.1-SCN, ... conform to understand the PP, the translation was made easily comprehensible, however, its description is written in English, the security problem definitions in chapter 3 and security objectives in the PP. For the authentication function of the scanner device and print device, and have ...
...4 are added according to maintain and manage the audit logs. Copyright (c) 2011 RICOH COMPANY, LTD. Defining all security problems in the PP, P.STORAGE_ENCRYPTION was added to the security problem definitions in the Common Security Functional Requirements and SFR Packages 2600.1-PRT, 2600.1-SCN, ... conform to understand the PP, the translation was made easily comprehensible, however, its description is written in English, the security problem definitions in chapter 3 and security objectives in the PP. For the authentication function of the scanner device and print device, and have ...
Security Target
Page 32
... without a login user name, or by persons with a login user name but without an access permission to the document. Page 31 of 87 3 Security Problem Definitions This section describes Threats, Organisational Security Policies and Assumptions. 3.1 Threats Defined and described below are unauthorised persons with a login user name but without an access... by persons without a login user name, or by persons with a login user name but without an access permission to the TSF Confidential Data. Copyright (c) 2011 RICOH COMPANY, LTD.
... without a login user name, or by persons with a login user name but without an access permission to the document. Page 31 of 87 3 Security Problem Definitions This section describes Threats, Organisational Security Policies and Assumptions. 3.1 Threats Defined and described below are unauthorised persons with a login user name but without an access... by persons without a login user name, or by persons with a login user name but without an access permission to the TSF Confidential Data. Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 43
...this information before these data are intended to transform and process this kind of functionality. Rationale: Copyright (c) 2011 RICOH COMPANY, LTD. Component levelling: FPT_FDI_EXP: Restricted forwarding of data to external interfaces 1 FPT_FDI_EXP.1 Restricted forwarding of... different external interfaces is transmitted on another external interface. Page 42 of 87 5 Extended Components Definition This section describes Extended Components Definition. 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP) Family behaviour This family defines requirements ...
...this information before these data are intended to transform and process this kind of functionality. Rationale: Copyright (c) 2011 RICOH COMPANY, LTD. Component levelling: FPT_FDI_EXP: Restricted forwarding of data to external interfaces 1 FPT_FDI_EXP.1 Restricted forwarding of... different external interfaces is transmitted on another external interface. Page 42 of 87 5 Extended Components Definition This section describes Extended Components Definition. 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP) Family behaviour This family defines requirements ...
Security Target
Page 45
... face and brackets]. 6.1.1 Class FAU: Security audit FAU_GEN.1 Audit data generation Hierarchical to Original: perform an operation on the auditable event definitions of the functional components included in the PP/ST, [assignment: types of the TOE. b) All auditable events for the [selection: not... specified] level of Copyright (c) 2011 RICOH COMPANY, LTD. FAU_GEN.1.2 The TSF shall record within each functional requirement and the corresponding auditable events of job for FDP_ACF.1(a), all login...
... face and brackets]. 6.1.1 Class FAU: Security audit FAU_GEN.1 Audit data generation Hierarchical to Original: perform an operation on the auditable event definitions of the functional components included in the PP/ST, [assignment: types of the TOE. b) All auditable events for the [selection: not... specified] level of Copyright (c) 2011 RICOH COMPANY, LTD. FAU_GEN.1.2 The TSF shall record within each functional requirement and the corresponding auditable events of job for FDP_ACF.1(a), all login...
Security Target
Page 54
...TSF shall [assignment: perform actions shown in Table 24]. Available function list - All rights reserved. FIA_ATD.1 User attribute definition Hierarchical to : No other components. Table 25: List of Security Attributes for Each User That Shall Be Maintained User Normal...: Upper-case letters: [A-Z] (26 letters) Lower-case letters: [a-z] (26 letters) Numbers: [0-9] (10 digits) Symbols: SP (spaces 33 symbols) Copyright (c) 2011 RICOH COMPANY, LTD. Login user name of MFP administrator FIA_SOS.1 Verification of secrets Hierarchical to : No other components. Dependencies: No ...
...TSF shall [assignment: perform actions shown in Table 24]. Available function list - All rights reserved. FIA_ATD.1 User attribute definition Hierarchical to : No other components. Table 25: List of Security Attributes for Each User That Shall Be Maintained User Normal...: Upper-case letters: [A-Z] (26 letters) Lower-case letters: [a-z] (26 letters) Numbers: [0-9] (10 digits) Symbols: SP (spaces 33 symbols) Copyright (c) 2011 RICOH COMPANY, LTD. Login user name of MFP administrator FIA_SOS.1 Verification of secrets Hierarchical to : No other components. Dependencies: No ...
Security Target
Page 55
... inquiries, and execution of fax reception] on behalf of that user. FIA_USB.1 User-subject binding Hierarchical to : No other components. Dependencies: FIA_ATD.1 User attribute definition Copyright (c) 2011 RICOH COMPANY, LTD. FIA_UAU.1 Timing of the user to be successfully identified before the user is authenticated. Dependencies: FIA_UID.1 Timing of identification FIA_UAU.1.1 The TSF...
... inquiries, and execution of fax reception] on behalf of that user. FIA_USB.1 User-subject binding Hierarchical to : No other components. Dependencies: FIA_ATD.1 User attribute definition Copyright (c) 2011 RICOH COMPANY, LTD. FIA_UAU.1 Timing of the user to be successfully identified before the user is authenticated. Dependencies: FIA_UID.1 Timing of identification FIA_UAU.1.1 The TSF...
Security Target
Page 63
...: Trusted path/channels Page 62 of security measures Developer defined life-cycle model Flaw reporting procedures Conformance claims Extended components definition ST introduction Security objectives Derived security requirements Security problem definition Copyright (c) 2011 RICOH COMPANY, LTD. FTP_ITC.1.1 The TSF shall provide a communication channel between itself and another trusted IT product] to : No other...
...: Trusted path/channels Page 62 of security measures Developer defined life-cycle model Flaw reporting procedures Conformance claims Extended components definition ST introduction Security objectives Derived security requirements Security problem definition Copyright (c) 2011 RICOH COMPANY, LTD. FTP_ITC.1.1 The TSF shall provide a communication channel between itself and another trusted IT product] to : No other...
Security Target
Page 78
The TOE releases the lockout for that user. This function uses the characters described below in (1). Copyright (c) 2011 RICOH COMPANY, LTD. When a user authenticates successfully, the TOE resets the number of available authentication attempts for the user who satisfies... the TOE releases the lockout for registering and changing the login passwords of normal users, MFP administrators, and supervisor. FIA_ATD.1 (User attribute definition) The TOE associates the normal user with a login user name of normal user and available function list, supervisor with a login user name...
The TOE releases the lockout for that user. This function uses the characters described below in (1). Copyright (c) 2011 RICOH COMPANY, LTD. When a user authenticates successfully, the TOE resets the number of available authentication attempts for the user who satisfies... the TOE releases the lockout for registering and changing the login passwords of normal users, MFP administrators, and supervisor. FIA_ATD.1 (User attribute definition) The TOE associates the normal user with a login user name of normal user and available function list, supervisor with a login user name...