Security Target
Page 6
...: Auditable events and auditable information 64 Table 26: User roles and authentication methods 66 Table 27: Unlocking administrators for each user role 67 Table 28: Default value for document data ACL 68 Table 29: Operations of document data ACL and authorised user.s 69 Table 30: Access to administrator information 70 Table... Table 33: List of encryption operations on data stored on the HDD 73 Table 34: Specific terms used in this ST...76 Copyright (c) 2009,2010 RICOH COMPANY, LTD.
...: Auditable events and auditable information 64 Table 26: User roles and authentication methods 66 Table 27: Unlocking administrators for each user role 67 Table 28: Default value for document data ACL 68 Table 29: Operations of document data ACL and authorised user.s 69 Table 30: Access to administrator information 70 Table... Table 33: List of encryption operations on data stored on the HDD 73 Table 34: Specific terms used in this ST...76 Copyright (c) 2009,2010 RICOH COMPANY, LTD.
Security Target
Page 15
... Administrator role User administration Machine administration Network administration File administration Explanation about duties involved Managing general users. One default administrator is registered and assigned all four administrator roles as an administrator. Table 1 describes the duties involved... in the TOE and perform operations on the TOE as a factory setting. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 1: List of their own administrator IDs, passwords, and administrator roles. 1.4.3 User Roles This section describes...
... Administrator role User administration Machine administration Network administration File administration Explanation about duties involved Managing general users. One default administrator is registered and assigned all four administrator roles as an administrator. Table 1 describes the duties involved... in the TOE and perform operations on the TOE as a factory setting. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 1: List of their own administrator IDs, passwords, and administrator roles. 1.4.3 User Roles This section describes...
Security Target
Page 21
... Mode Lock Function prevents the Maintenance Function being used by CEs who receive a request from the machine administrator to the document data default ACL. 2. Only administrators are required to have at least one of his/her a dministrator roles, provided that correspond to their ...Page 21 of 80 document data ACL, deleting document file users previously registered for devices equipped with a Fax Unit. Copyright (c) 2009,2010 RICOH COMPANY, LTD. File administrators, document file owners, and document file users with full control permissions can change their user IDs. 4. General...
... Mode Lock Function prevents the Maintenance Function being used by CEs who receive a request from the machine administrator to the document data default ACL. 2. Only administrators are required to have at least one of his/her a dministrator roles, provided that correspond to their ...Page 21 of 80 document data ACL, deleting document file users previously registered for devices equipped with a Fax Unit. Copyright (c) 2009,2010 RICOH COMPANY, LTD. File administrators, document file owners, and document file users with full control permissions can change their user IDs. 4. General...
Security Target
Page 35
...information of a subject). c) Detailed: Identification of any tested secret; creation of general users. 2. a) Basic: Modifications of the default setting of general users. Login (Outcome: Success/Failure) 1. None a) Minimal: Unsuccessful use of the authentication mechanism. All Rights... information (Outcome: Success/Failure) Basic 1. Changing authentication information of permissive or restrictive rules. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Changing authenticatio n information of general users (Outcome: Success/Failure) 2. Auditable events of TOE information...
...information of a subject). c) Detailed: Identification of any tested secret; creation of general users. 2. a) Basic: Modifications of the default setting of general users. Login (Outcome: Success/Failure) 1. None a) Minimal: Unsuccessful use of the authentication mechanism. All Rights... information (Outcome: Success/Failure) Basic 1. Changing authentication information of permissive or restrictive rules. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Changing authenticatio n information of general users (Outcome: Success/Failure) 2. Auditable events of TOE information...
Security Target
Page 39
... data Reading document data Deleting document data FDP_ACF.1 Security attribute based access control Hierarchical to: No other components. Document data default ACL - Table 8: Subjects, objects and security attributes Types Subject Subject Object Subjects or objects Administrator process General user process ... inTable 7 Table 7: List of 80 FDP_ACC.1 Subset access control Hierarchical to the operations shown in Table 9 Copyright (c) 2009,2010 RICOH COMPANY, LTD. FDP_ACF.1.1 The TSF shall enforce the [assignment: MFP access control SFP] to objects based on objects and access to...
... data Reading document data Deleting document data FDP_ACF.1 Security attribute based access control Hierarchical to: No other components. Document data default ACL - Table 8: Subjects, objects and security attributes Types Subject Subject Object Subjects or objects Administrator process General user process ... inTable 7 Table 7: List of 80 FDP_ACC.1 Subset access control Hierarchical to the operations shown in Table 9 Copyright (c) 2009,2010 RICOH COMPANY, LTD. FDP_ACF.1.1 The TSF shall enforce the [assignment: MFP access control SFP] to objects based on objects and access to...
Security Target
Page 40
When the document data is stored, the document data default ACL associated with the general user process is included in administrator roles that are associated with administrator process, the administrator process has permission to delete ... access of subjects to objects based on the [assignment: no rules, based on [assignment: subjects, information, and an operation listed inTable 11 Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: FDP_IFF.1 Simple security attributes. A general user process has permission to delete document data if the general user ID associated with the general...
When the document data is stored, the document data default ACL associated with the general user process is included in administrator roles that are associated with administrator process, the administrator process has permission to delete ... access of subjects to objects based on the [assignment: no rules, based on [assignment: subjects, information, and an operation listed inTable 11 Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: FDP_IFF.1 Simple security attributes. A general user process has permission to delete document data if the general user ID associated with the general...
Security Target
Page 43
...verify that are composed of a combination of authentication. FIA_UAU.7 Protected authentication feedback Hierarchical to individual users: [assignment: general user IDs, document data default ACL, administrator IDs, administrator roles and supervisor ID]. All Rights Reserved. FIA_ATD.1.1 The TSF shall maintain the following quality metrics]. (1) Usable ... : bullets) for Password Complexity Setting. FIA_UAU.2.1 The TSF shall require each user to the user while the Copyright (c) 2009,2010 RICOH COMPANY, LTD. Page 43 of security attributes belonging to : No other components.
...verify that are composed of a combination of authentication. FIA_UAU.7 Protected authentication feedback Hierarchical to individual users: [assignment: general user IDs, document data default ACL, administrator IDs, administrator roles and supervisor ID]. All Rights Reserved. FIA_ATD.1.1 The TSF shall maintain the following quality metrics]. (1) Usable ... : bullets) for Password Complexity Setting. FIA_UAU.2.1 The TSF shall require each user to the user while the Copyright (c) 2009,2010 RICOH COMPANY, LTD. Page 43 of security attributes belonging to : No other components.
Security Target
Page 44
All Rights Reserved. Dependencies: [FDP_ACC.1 Subset access control, or Copyright (c) 2009,2010 RICOH COMPANY, LTD. Page 44 of 80 FIA_UID.2 User identification before allowing any action Hierarchical to: FIA_UID.1 Timing of identification. ...Users General user Administrator Supervisor Subjects General user process Administrator process Supervisor process Security attributes of users General user ID, Document data default ACL Administrator ID, Administrator ro les Supervisor ID FIA_USB.1.3 The TSF shall enforce the following user security attributes with subjects acting on...
All Rights Reserved. Dependencies: [FDP_ACC.1 Subset access control, or Copyright (c) 2009,2010 RICOH COMPANY, LTD. Page 44 of 80 FIA_UID.2 User identification before allowing any action Hierarchical to: FIA_UID.1 Timing of identification. ...Users General user Administrator Supervisor Subjects General user process Administrator process Supervisor process Security attributes of users General user ID, Document data default ACL Administrator ID, Administrator ro les Supervisor ID FIA_USB.1.3 The TSF shall enforce the following user security attributes with subjects acting on...
Security Target
Page 45
....3.2 The TSF shall allow the [assignment: no authorised identified roles] to specify alternative initial values to override the default values when an object or information is created. General users who creates the applicable document data FMT_MSA.3 Static attribute ...these administrator roles - All Rights Reserved. User administrator - Administrators - Supervisor - File administrator - Supervisor - Copyright (c) 2009,2010 RICOH COMPANY, LTD. General users - Administrators who are used to enforce the SFP. Table 16: Management roles of security attributes Security ...
....3.2 The TSF shall allow the [assignment: no authorised identified roles] to specify alternative initial values to override the default values when an object or information is created. General users who creates the applicable document data FMT_MSA.3 Static attribute ...these administrator roles - All Rights Reserved. User administrator - Administrators - Supervisor - File administrator - Supervisor - Copyright (c) 2009,2010 RICOH COMPANY, LTD. General users - Administrators who are used to enforce the SFP. Table 16: Management roles of security attributes Security ...
Security Target
Page 46
... of static attribute initialisation Page 46 of 80 Object Document data stored by general users Security attribute associated with object Document data ACL Default value and its characteristic at time of object creation A value set arbitrarily by the user administrator or the general user, and it has... authentication Change Change Number of administrator authentication information Machine administrator Machine administrator Machine administrator Machine administrator Copyright (c) 2009,2010 RICOH COMPANY, LTD. This value can be set in Table 18 to : No other components.
... of static attribute initialisation Page 46 of 80 Object Document data stored by general users Security attribute associated with object Document data ACL Default value and its characteristic at time of object creation A value set arbitrarily by the user administrator or the general user, and it has... authentication Change Change Number of administrator authentication information Machine administrator Machine administrator Machine administrator Machine administrator Copyright (c) 2009,2010 RICOH COMPANY, LTD. This value can be set in Table 18 to : No other components.
Security Target
Page 49
...Function (management of administrator information): management of own administrator IDs by administrators. - Copyright (c) 2009,2010 RICOH COMPANY, LTD. a) None: Default subject security attributes cannot be defined. a) Managing the group of supervisor authentication information by administrators. Security...can add own assigned administrator roles to other administrators and delete administrator roles. b) Administrators can define default subject security attributes. Security Management Function (management of administrator information): management of general Users. - ...
...Function (management of administrator information): management of own administrator IDs by administrators. - Copyright (c) 2009,2010 RICOH COMPANY, LTD. a) None: Default subject security attributes cannot be defined. a) Managing the group of supervisor authentication information by administrators. Security...can add own assigned administrator roles to other administrators and delete administrator roles. b) Administrators can define default subject security attributes. Security Management Function (management of administrator information): management of general Users. - ...
Security Target
Page 50
... is fixed. Management of roles can interact with TSF data. FMT_SMR.1 Securityroles Hierarchical to modify the document data default ACL of default values for machine control data. - Functional requirements FMT_MSA.3 Management requirements Page 50 of identification. b) Managing the...of rules by administrators. FMT_SMR.1.1 The TSF shall maintain the roles [assignment: general users, administrators (machine Copyright (c) 2009,2010 RICOH COMPANY, LTD. c) Management of machine control data): The machine administrator manages the following setting items for a given access control SFP...
... is fixed. Management of roles can interact with TSF data. FMT_SMR.1 Securityroles Hierarchical to modify the document data default ACL of default values for machine control data. - Functional requirements FMT_MSA.3 Management requirements Page 50 of identification. b) Managing the...of rules by administrators. FMT_SMR.1.1 The TSF shall maintain the roles [assignment: general users, administrators (machine Copyright (c) 2009,2010 RICOH COMPANY, LTD. c) Management of machine control data): The machine administrator manages the following setting items for a given access control SFP...
Security Target
Page 57
... data to query and change general user IDs; - and - supervisor to query and modify its document data ACL; FMT_MSA.3 specifies the default value of the document data ACL forstorage of TSF data. For this , FMT_MTD.1 allows: - the user administrator to specified users. the... O.MANAGE specification. To fulfil O.MANAGE, the Security Management Functions for the document data to TSF data shall be Copyright (c) 2009,2010 RICOH COMPANY, LTD. administrators to query, add, and delete administrator roles assigned to perform operations on document data. Page 57 of 80 FDP_ACC...
... data to query and change general user IDs; - and - supervisor to query and modify its document data ACL; FMT_MSA.3 specifies the default value of the document data ACL forstorage of TSF data. For this , FMT_MTD.1 allows: - the user administrator to specified users. the... O.MANAGE specification. To fulfil O.MANAGE, the Security Management Functions for the document data to TSF data shall be Copyright (c) 2009,2010 RICOH COMPANY, LTD. administrators to query, add, and delete administrator roles assigned to perform operations on document data. Page 57 of 80 FDP_ACC...
Security Target
Page 66
...is an administrator, the TOE binds the administrator to administrator processes, associates administrator processes with a general user ID and the document data default ACL, and maintains those bindings and associations. All Rights Reserved. Check if the administrator ID and password entered by a user whose ... for that role, and maintains those bindings and associations. The machine administrator can specify 1 to "Active". Copyright (c) 2009,2010 RICOH COMPANY, LTD. This window requires the user to their ID and password, and then identifies and authenticates the user based on the...
...is an administrator, the TOE binds the administrator to administrator processes, associates administrator processes with a general user ID and the document data default ACL, and maintains those bindings and associations. All Rights Reserved. Check if the administrator ID and password entered by a user whose ... for that role, and maintains those bindings and associations. The machine administrator can specify 1 to "Active". Copyright (c) 2009,2010 RICOH COMPANY, LTD. This window requires the user to their ID and password, and then identifies and authenticates the user based on the...
Security Target
Page 68
... in the document data ACL. The user administrator specifies either Level 1 or Level 2 for document data ACL Document data default ACL Copyright (c) 2009,2010 RICOH COMPANY, LTD. Following are satisfied. 7.1.3 SF.DOC_ACC Document Data Access Control Function The TOE restricts user access to the ...based on the document data ACL, which contains the IDs of general users who has been successfully authenticated by a general user Default value for Password Complexity Setting. This section describes the access control function that allows users to access document data based on ...
... in the document data ACL. The user administrator specifies either Level 1 or Level 2 for document data ACL Document data default ACL Copyright (c) 2009,2010 RICOH COMPANY, LTD. Following are satisfied. 7.1.3 SF.DOC_ACC Document Data Access Control Function The TOE restricts user access to the ...based on the document data ACL, which contains the IDs of general users who has been successfully authenticated by a general user Default value for Password Complexity Setting. This section describes the access control function that allows users to access document data based on ...
Security Target
Page 71
... authorised operations on the document data will be reading document data and modifying the document data ACL. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved. Page 71 of 80 7.1.4.3 Management of Supervisor Information Management of management functions), and FMT_SMR...user to query and change supervisor authentication information. General user information includes general user IDs, general user authentication information, document data default ACL, and S/MIME user information. By the above , FMT_MSA.1 (Management of security attributes), FMT_MTD.1 (Management of TSF ...
... authorised operations on the document data will be reading document data and modifying the document data ACL. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved. Page 71 of 80 7.1.4.3 Management of Supervisor Information Management of management functions), and FMT_SMR...user to query and change supervisor authentication information. General user information includes general user IDs, general user authentication information, document data default ACL, and S/MIME user information. By the above , FMT_MSA.1 (Management of security attributes), FMT_MTD.1 (Management of TSF ...
Security Target
Page 78
...Indicates the administrator's login name on a time specified in advance by the user who manages the TOE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Administrators and supervisor who uses the Basic Functions of the TOE. Indicates the general user's login name on this ...size, printing magnification, and custom information (such as data items that include the general user ID, general user authentication information, document data default ACL, and S/MIME user information A password for identification and authentication of a general user. Networks that manages the MFP. All Rights ...
...Indicates the administrator's login name on a time specified in advance by the user who manages the TOE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Administrators and supervisor who uses the Basic Functions of the TOE. Indicates the general user's login name on this ...size, printing magnification, and custom information (such as data items that include the general user ID, general user authentication information, document data default ACL, and S/MIME user information A password for identification and authentication of a general user. Networks that manages the MFP. All Rights ...
Security Target
Page 79
...data. The document data stored in the D-BOX. A function that can be processed by the TOE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. The machine administrator is a person who are four types of administrator role: user administration, machine administration, network ...Function Stored Documents Fax Transmission Direct Print Function Immediate Transmission Internal networks Document file owner Document data Document data default ACL Document data ACL File administration Document file user Definitions Management Functions given to Security Functions and security behaviour...
...data. The document data stored in the D-BOX. A function that can be processed by the TOE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. The machine administrator is a person who are four types of administrator role: user administration, machine administration, network ...Function Stored Documents Fax Transmission Direct Print Function Immediate Transmission Internal networks Document file owner Document data Document data default ACL Document data ACL File administration Document file user Definitions Management Functions given to Security Functions and security behaviour...