sec
Page 4
... Requirements 55 6.3 Security Requirements Rationale 56 6.3.1 Tracing...56 6.3.2 Justification of Traceability 57 6.3.3 Dependency Analysis 61 6.3.4 Security Assurance Requirements Rationale 63 7 TOE Summary Specification 64 7.1 TOE Security Function 64 7.1.1 SF.AUDIT Audit Function 65 7.1.1.1 Generation of Audit Logs 66 7.1.1.2 Reading Audit Logs 67 7.1.1.3 Protection of Audit Logs ... and Authentication Function 67 7.1.2.1 User Identification and Authentication 68 7.1.2.2 Actions in Event of Identification and Authentication Failure 68 Copyright (c) 2010 RICOH COMPANY, LTD.
... Requirements 55 6.3 Security Requirements Rationale 56 6.3.1 Tracing...56 6.3.2 Justification of Traceability 57 6.3.3 Dependency Analysis 61 6.3.4 Security Assurance Requirements Rationale 63 7 TOE Summary Specification 64 7.1 TOE Security Function 64 7.1.1 SF.AUDIT Audit Function 65 7.1.1.1 Generation of Audit Logs 66 7.1.1.2 Reading Audit Logs 67 7.1.1.3 Protection of Audit Logs ... and Authentication Function 67 7.1.2.1 User Identification and Authentication 68 7.1.2.2 Actions in Event of Identification and Authentication Failure 68 Copyright (c) 2010 RICOH COMPANY, LTD.
sec
Page 6
... roles of security attributes 47 Table 18: Characteristics of static attribute initialisation 48 Table 19: List of TSF data management...48 Table 20: List of specifications of Management Functions 50 Table 21: Services requiring trusted paths...54 Table 22: TOE Security assurance requirements (EAL3 55 Table 23: Relationship between security objectives... to administrator information 72 Table 32: Authorised operations on general user information 73 Table 33: Administrators authorised to specify machine control data 74 Copyright (c) 2010 RICOH COMPANY, LTD.
... roles of security attributes 47 Table 18: Characteristics of static attribute initialisation 48 Table 19: List of TSF data management...48 Table 20: List of specifications of Management Functions 50 Table 21: Services requiring trusted paths...54 Table 22: TOE Security assurance requirements (EAL3 55 Table 23: Relationship between security objectives... to administrator information 72 Table 32: Authorised operations on general user information 73 Table 33: Administrators authorised to specify machine control data 74 Copyright (c) 2010 RICOH COMPANY, LTD.
sec
Page 7
Page 6 of 82 Table 34: List of encryption operations on data stored on the HDD 76 Table 35: Specific terms used in this ST...78 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
Page 6 of 82 Table 34: List of encryption operations on data stored on the HDD 76 Table 35: Specific terms used in this ST...78 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
sec
Page 37
.... None Page 36 of 82 Auditable events of document data successful - 1. Lockout start 2. Lockout release - c) Detailed: The specific security attributes used in making an information flow enforcement decision. None a) Minimal: Decisions to the normal state (e.g. secret or private ...an operation on requests for the unsuccessful authentication attempts and the actions (e.g. re-enabling of document data successful 3. Copyright (c) 2010 RICOH COMPANY, LTD. Storage of the information that has flowed based upon policy goals (e.g. b) Basic: The object attribute(s), and ...
.... None Page 36 of 82 Auditable events of document data successful - 1. Lockout start 2. Lockout release - c) Detailed: The specific security attributes used in making an information flow enforcement decision. None a) Minimal: Decisions to the normal state (e.g. secret or private ...an operation on requests for the unsuccessful authentication attempts and the actions (e.g. re-enabling of document data successful 3. Copyright (c) 2010 RICOH COMPANY, LTD. Storage of the information that has flowed based upon policy goals (e.g. b) Basic: The object attribute(s), and ...
sec
Page 48
... control SFP] to provide default values [selection: [assignment: specified as shown in Table 17 to specify alternative Copyright (c) 2010 RICOH COMPANY, LTD. User administrator - Supervisor - File administrator - General users who are used to enforce the SFP. General user ...administrator - Page 47 of 82 Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MSA.1.1 The TSF shall enforce the [assignment: MFP access control SFP] to restrict the ability to [selection: query, ...
... control SFP] to provide default values [selection: [assignment: specified as shown in Table 17 to specify alternative Copyright (c) 2010 RICOH COMPANY, LTD. User administrator - Supervisor - File administrator - General users who are used to enforce the SFP. General user ...administrator - Page 47 of 82 Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MSA.1.1 The TSF shall enforce the [assignment: MFP access control SFP] to restrict the ability to [selection: query, ...
sec
Page 49
..., change , entirely delete, newly create]] the [assignment: list of administrator authentication information Machine administrator Machine administrator Machine administrator Machine administrator Copyright (c) 2010 RICOH COMPANY, LTD. Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MTD.1.1 The TSF shall restrict the ability to [selection: query, modify, delete, [assignment: register, change , delete Change Supervisor...
..., change , entirely delete, newly create]] the [assignment: list of administrator authentication information Machine administrator Machine administrator Machine administrator Machine administrator Copyright (c) 2010 RICOH COMPANY, LTD. Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MTD.1.1 The TSF shall restrict the ability to [selection: query, modify, delete, [assignment: register, change , delete Change Supervisor...
sec
Page 50
... Rights Reserved. Dependencies: No dependencies. FMT_SMF.1.1 The TSF shall be capable of performing the following Management Functions: [assignment: list of specifications of Management Function Hierarchical to: No other components. second) T S F data Operations Query Minimum Password Length Password Complexity Setting HDD cryptographic...administrator Supervisor Machine administrator User administrator, Applicable general users of S/MIME user information General users User administrator, General users FMT_SMF.1 Specification of Management Functions described in Table 20 Copyright (c) 2010...
... Rights Reserved. Dependencies: No dependencies. FMT_SMF.1.1 The TSF shall be capable of performing the following Management Functions: [assignment: list of specifications of Management Function Hierarchical to: No other components. second) T S F data Operations Query Minimum Password Length Password Complexity Setting HDD cryptographic...administrator Supervisor Machine administrator User administrator, Applicable general users of S/MIME user information General users User administrator, General users FMT_SMF.1 Specification of Management Functions described in Table 20 Copyright (c) 2010...
sec
Page 51
... following settings of the file administrator from administrator roles. Minimum Password Length - All Rights Reserved. Table 20: List of specifications of Management Functions Page 50 of 82 Functional requirements FAU_GEN.1 FAU_SAR.1 FAU_SAR.2 FAU_STG.1 FAU_STG.4 FCS_CKM.1 FCS_COP.1 FDP_ACC.1 FDP_ACF...of management. None a) Managing the attributes used to define additional security attributes for users. Password Complexity Setting Copyright (c) 2010 RICOH COMPANY, LTD. None None a) Maintenance (deletion, modification, addition) of actions to the audit records. None None None...
... following settings of the file administrator from administrator roles. Minimum Password Length - All Rights Reserved. Table 20: List of specifications of Management Functions Page 50 of 82 Functional requirements FAU_GEN.1 FAU_SAR.1 FAU_SAR.2 FAU_STG.1 FAU_STG.4 FCS_CKM.1 FCS_COP.1 FDP_ACC.1 FDP_ACF...of management. None a) Managing the attributes used to define additional security attributes for users. Password Complexity Setting Copyright (c) 2010 RICOH COMPANY, LTD. None None a) Maintenance (deletion, modification, addition) of actions to the audit records. None None None...
sec
Page 56
....2 ASE_REQ.2 ASE_SPD.1 ASE_TSS.1 ATE_COV.2 ATE_DPT.1 ATE_FUN.1 ATE_IND.2 AVA_VAN.2 Assurance components Security architecture description Functional specification with complete Architectural design Operational user guidance Preparative procedures Authorisation controls Implementation representation CM coverage Delivery procedures Identification of...Security objectives Derived security requirements Security problem definition TOE summary specification Analysis of this TOE is EAL3. sample Vulnerability analysis Copyright (c) 2010 RICOH COMPANY, LTD. Page 55 of 82 6.2 Security Assurance...
....2 ASE_REQ.2 ASE_SPD.1 ASE_TSS.1 ATE_COV.2 ATE_DPT.1 ATE_FUN.1 ATE_IND.2 AVA_VAN.2 Assurance components Security architecture description Functional specification with complete Architectural design Operational user guidance Preparative procedures Authorisation controls Implementation representation CM coverage Delivery procedures Identification of...Security objectives Derived security requirements Security problem definition TOE summary specification Analysis of this TOE is EAL3. sample Vulnerability analysis Copyright (c) 2010 RICOH COMPANY, LTD. Page 55 of 82 6.2 Security Assurance...
sec
Page 58
...and these requirements are fulfilled by writing the newer audit logs over audit logs that can be restricted to fulfil the O.AUDIT specification. For this , FAU_SAR.1 allows only the machine administrator toread audit logs, and FAU_SAR.2 prohibits persons other than the machine ...administrator reading audit logs. Copyright (c) 2010 RICOH COMPANY, LTD. If auditable events occur and the audit log files are encrypted, and whenever a major Management Function is performed,...
...and these requirements are fulfilled by writing the newer audit logs over audit logs that can be restricted to fulfil the O.AUDIT specification. For this , FAU_SAR.1 allows only the machine administrator toread audit logs, and FAU_SAR.2 prohibits persons other than the machine ...administrator reading audit logs. Copyright (c) 2010 RICOH COMPANY, LTD. If auditable events occur and the audit log files are encrypted, and whenever a major Management Function is performed,...
sec
Page 59
.... c) Complicate decoding of the subjects with security attributes is the file administrator. For general users, FDP_ACC.1 and FDP_ACF.1 allow the administrator to fulfil the O.DOC_ACC specification. All Rights Reserved. For this , FIA_ATD.1 and FIA_USB.1 bind successfully identified and authenticated users with relevant subjects. For this , FPT_STM.1 provides a trusted time stamp. To...being viewed by displaying masking characters (*: asterisks or : bullets) in place of each password character entered in the document data ACL of a document, Copyright (c) 2010 RICOH COMPANY, LTD.
.... c) Complicate decoding of the subjects with security attributes is the file administrator. For general users, FDP_ACC.1 and FDP_ACF.1 allow the administrator to fulfil the O.DOC_ACC specification. All Rights Reserved. For this , FIA_ATD.1 and FIA_USB.1 bind successfully identified and authenticated users with relevant subjects. For this , FPT_STM.1 provides a trusted time stamp. To...being viewed by displaying masking characters (*: asterisks or : bullets) in place of each password character entered in the document data ACL of a document, Copyright (c) 2010 RICOH COMPANY, LTD.
sec
Page 60
... for general users; - O.MANAGE Security management Following are included to query, newly create, and change general user IDs; - the user administrator to fulfil the O.MANAGE specification. 1. For this , FMT_MSA.1 allows: - and - To fulfil O.MANAGE, access to query and modify its document data ACL; authorised TOE users to perform operations on document... to query and specify the Minimum Password Length, Password Complexity Setting, and a Lockout Flag for the document data ACL, which is a security attribute. Copyright (c) 2010 RICOH COMPANY, LTD. and -
... for general users; - O.MANAGE Security management Following are included to query, newly create, and change general user IDs; - the user administrator to fulfil the O.MANAGE specification. 1. For this , FMT_MSA.1 allows: - and - To fulfil O.MANAGE, access to query and modify its document data ACL; authorised TOE users to perform operations on document... to query and specify the Minimum Password Length, Password Complexity Setting, and a Lockout Flag for the document data ACL, which is a security attribute. Copyright (c) 2010 RICOH COMPANY, LTD. and -
sec
Page 61
...general user, one of network communication data Following are the rationale behind the functional requirements corresponding to fulfil the O.MEM.PROTECT specification. O.NET.PROTECT Protection of the four administrator roles (user administrator, machine administrator, file administrator, or network administrator), or the...MEM.PROTECT in Table 23, and these requirements are is stored on the communication path shall be detected. Copyright (c) 2010 RICOH COMPANY, LTD. To fulfil O.MANAGE, the Security Management Functions for the encryption key generation algorithm (based on the HDD ...
...general user, one of network communication data Following are the rationale behind the functional requirements corresponding to fulfil the O.MEM.PROTECT specification. O.NET.PROTECT Protection of the four administrator roles (user administrator, machine administrator, file administrator, or network administrator), or the...MEM.PROTECT in Table 23, and these requirements are is stored on the communication path shall be detected. Copyright (c) 2010 RICOH COMPANY, LTD. To fulfil O.MANAGE, the Security Management Functions for the encryption key generation algorithm (based on the HDD ...
sec
Page 62
...the rationale behind the functional requirements corresponding to O.GENUINE in Table 23, and these requirements are included to fulfil the O.LINE.PROTECT specification. Page 61 of 82 O.GENUINE Protection of integrity of MFP Control Software integrity Following are the rationale behind the functional requirements corresponding ....1 tests the integrity of the executable code of dependencies in ST None None None None None FCS_CKM.4 FCS_CKM.4 None None Copyright (c) 2010 RICOH COMPANY, LTD. For this , FDP_IFC.1 and FDP_IFF.1 allow fax data to pass from the fax process on the Fax Unit to the...
...the rationale behind the functional requirements corresponding to O.GENUINE in Table 23, and these requirements are included to fulfil the O.LINE.PROTECT specification. Page 61 of 82 O.GENUINE Protection of integrity of MFP Control Software integrity Following are the rationale behind the functional requirements corresponding ....1 tests the integrity of the executable code of dependencies in ST None None None None None FCS_CKM.4 FCS_CKM.4 None None Copyright (c) 2010 RICOH COMPANY, LTD. For this , FDP_IFC.1 and FDP_IFF.1 allow fax data to pass from the fax process on the Fax Unit to the...
sec
Page 65
....SEC_MNG SF.CE_OPE_LOCK SF.CIPHER SF.NET_PROT SF.FAX_LINE SF.GENUINE FAU_GEN.1 v FAU_SAR.1 v FAU_SAR.2 v FAU_STG.1 v FAU_STG.4 v FCS_CKM.1 v FCS_COP.1 v FDP_ACC.1 v Copyright (c) 2010 RICOH COMPANY, LTD. 7 TOE Summary Specification This section provides a specification summary of the Security Functions of 82 7.1 TOE Security Function The TOE provides the following TOE Security Functions to satisfy the security...
....SEC_MNG SF.CE_OPE_LOCK SF.CIPHER SF.NET_PROT SF.FAX_LINE SF.GENUINE FAU_GEN.1 v FAU_SAR.1 v FAU_SAR.2 v FAU_STG.1 v FAU_STG.4 v FCS_CKM.1 v FCS_COP.1 v FDP_ACC.1 v Copyright (c) 2010 RICOH COMPANY, LTD. 7 TOE Summary Specification This section provides a specification summary of the Security Functions of 82 7.1 TOE Security Function The TOE provides the following TOE Security Functions to satisfy the security...
sec
Page 69
... each ID, as described in "7.1.2.1 User Identification and Authentication", the Copyright (c) 2010 RICOH COMPANY, LTD. By the above, FIA_ATD.1 (User attribute definition), FIA_UAU.2 (User authentication before any action), FIA_UID.2 (User identification before any action), FIA_USB.1 (User-subject binding), FMT_SMF.1 (Specification of Management Functions), and FMT_SMR.1 (Security Roles) are the explanations of each...
... each ID, as described in "7.1.2.1 User Identification and Authentication", the Copyright (c) 2010 RICOH COMPANY, LTD. By the above, FIA_ATD.1 (User attribute definition), FIA_UAU.2 (User authentication before any action), FIA_UID.2 (User identification before any action), FIA_USB.1 (User-subject binding), FMT_SMF.1 (Specification of Management Functions), and FMT_SMR.1 (Security Roles) are the explanations of each...
sec
Page 70
...it does, the password is not registered and an error message appears. (1) Usable characters and its types: Copyright (c) 2010 RICOH COMPANY, LTD. If the machine administrator sets the lockout time to be released upon the first successful identification and authentication by... to release Lockout using the Web Service Function. All Rights Reserved. From the above , FIA_AFL.1 (Authentication failure handling) and FMT_SMF.1 (Specification of Management Functions) are satisfied. 7.1.2.3 Password Feedback Area Protection The TOE display s a string of masking characters (*: asterisks or : bullets...
...it does, the password is not registered and an error message appears. (1) Usable characters and its types: Copyright (c) 2010 RICOH COMPANY, LTD. If the machine administrator sets the lockout time to be released upon the first successful identification and authentication by... to release Lockout using the Web Service Function. All Rights Reserved. From the above , FIA_AFL.1 (Authentication failure handling) and FMT_SMF.1 (Specification of Management Functions) are satisfied. 7.1.2.3 Password Feedback Area Protection The TOE display s a string of masking characters (*: asterisks or : bullets...
sec
Page 71
... or client computer where the user authenticated. Copyright (c) 2010 RICOH COMPANY, LTD. Table 29 shows the value of characters based on the document data ACL, which contains the IDs of the ID. By the above, FIA_SOS.1 (Verification of secrets) and FMT_SMF.1 (Specification of Management Functions) are the explanations of 82 Upper-case...
... or client computer where the user authenticated. Copyright (c) 2010 RICOH COMPANY, LTD. Table 29 shows the value of characters based on the document data ACL, which contains the IDs of the ID. By the above, FIA_SOS.1 (Verification of secrets) and FMT_SMF.1 (Specification of Management Functions) are the explanations of 82 Upper-case...
sec
Page 73
... ACLs of 82 - By the above, FMT_MSA.1 (Management of security attributes), FMT_MSA.3 (Static attribute initialisation), and FMT_SMF.1 (Specification of management functions) are changing the document file owner's operation permissions for the document data, and newly registering and deleting document...full control authorisation If the logged-in user is a general user, the TOE allows that administrator role Copyright (c) 2010 RICOH COMPANY, LTD. Document file owners - Operations on administrator information include creation of administrator information allows only specified users to ...
... ACLs of 82 - By the above, FMT_MSA.1 (Management of security attributes), FMT_MSA.3 (Static attribute initialisation), and FMT_SMF.1 (Specification of management functions) are changing the document file owner's operation permissions for the document data, and newly registering and deleting document...full control authorisation If the logged-in user is a general user, the TOE allows that administrator role Copyright (c) 2010 RICOH COMPANY, LTD. Document file owners - Operations on administrator information include creation of administrator information allows only specified users to ...
sec
Page 74
...Table 31, respectively. By the above , FIA_USB.1 (User-subject binding), FMT_MSA.1 (Management of security attributes), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (Specification of management functions) and FMT_SMR.1 (Security roles) are satisfied. 7.1.4.3 Management of Supervisor or Information Management of supervisor information allows only a supervisor to query and..., S/MIME user information) Authorised user User administrators User administrators General users themselves User administrators General users themselves Copyright (c) 2010 RICOH COMPANY, LTD. If the logged-in Table 32.
...Table 31, respectively. By the above , FIA_USB.1 (User-subject binding), FMT_MSA.1 (Management of security attributes), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (Specification of management functions) and FMT_SMR.1 (Security roles) are satisfied. 7.1.4.3 Management of Supervisor or Information Management of supervisor information allows only a supervisor to query and..., S/MIME user information) Authorised user User administrators User administrators General users themselves User administrators General users themselves Copyright (c) 2010 RICOH COMPANY, LTD. If the logged-in Table 32.