Security Target
Page 5
...Management of Document Data ACL 69 7.1.4.2 Management of Administrator Information 70 7.1.4.3 Management of Supervisor Information 71 7.1.4.4 Management of General User Information 71 7.1.4.5 Management of Machine Control Data 72 7.1.5 SF.CE_OPE_LOCK Service Mode Lock Function 72 7.1.6 SF.CIPHER Encryption Function 73 7.1.6.1 Encryption of Document Data 73 7.1.7 SF.NET_PROT Network Communication... Line 74 7.1.9 SF.GENUINE MFP Control Software Verification Function 74 8 Appendix ...76 8.1 Definitions of Terminology 76 8.2 References ...80 Copyright (c) 2009,2010 RICOH COMPANY, LTD.
...Management of Document Data ACL 69 7.1.4.2 Management of Administrator Information 70 7.1.4.3 Management of Supervisor Information 71 7.1.4.4 Management of General User Information 71 7.1.4.5 Management of Machine Control Data 72 7.1.5 SF.CE_OPE_LOCK Service Mode Lock Function 72 7.1.6 SF.CIPHER Encryption Function 73 7.1.6.1 Encryption of Document Data 73 7.1.7 SF.NET_PROT Network Communication... Line 74 7.1.9 SF.GENUINE MFP Control Software Verification Function 74 8 Appendix ...76 8.1 Definitions of Terminology 76 8.2 References ...80 Copyright (c) 2009,2010 RICOH COMPANY, LTD.
Security Target
Page 6
... authorised user.s 69 Table 30: Access to administrator information 70 Table 31: Authorised operations on general user information 71 Table 32: Administrators authorised to specify machine control data 72 Table 33: List of encryption operations on data stored on the HDD 73 Table 34: Specific terms used in this ST...76...
... authorised user.s 69 Table 30: Access to administrator information 70 Table 31: Authorised operations on general user information 71 Table 32: Administrators authorised to specify machine control data 72 Table 33: List of encryption operations on data stored on the HDD 73 Table 34: Specific terms used in this ST...76...
Security Target
Page 13
.../C4040/C5050/C2828G/C3333G/C4040G/C5050G MP C2800/C3300/C4000/C5000 LD528C/LD533C/LD540C/LD550C/LD528CG/LD533CG/LD540CG/LD550CG Aficio MP C2800/C3300/C4000/C5000/C2800G/C3300G/C4000G/C5000G Operating Instructions About This Machine - Notes for Administrators C2828/C3333/C4040/C5050 MP C2800/MP C3300/MP C4000/MP C5000 LD528C/LD533C/LD540C/LD550C Aficio MP C2800/MP C3300/MP C4000/MP C5000 - Quick Reference Printer Guide - Manuals...
.../C4040/C5050/C2828G/C3333G/C4040G/C5050G MP C2800/C3300/C4000/C5000 LD528C/LD533C/LD540C/LD550C/LD528CG/LD533CG/LD540CG/LD550CG Aficio MP C2800/C3300/C4000/C5000/C2800G/C3300G/C4000G/C5000G Operating Instructions About This Machine - Notes for Administrators C2828/C3333/C4040/C5050 MP C2800/MP C3300/MP C4000/MP C5000 LD528C/LD533C/LD540C/LD550C Aficio MP C2800/MP C3300/MP C4000/MP C5000 - Quick Reference Printer Guide - Manuals...
Security Target
Page 14
... Users MP C2800/MP C3300/MP C4000/MP C5000 Aficio MP C2800/MP C3300/MP C4000/MP C5000 A - Manuals for Users - Notes for This Machine - MP C2800/C3300/C4000/C5000 MP C2800/C3300/C4000/C5000 Aficio MP C2800/C3300/C4000/C5000 Operating Instructions About This Machine - Caution on Use of the Optional USB 2.0/SD Slot Type A (Media Slot) - Notes for Administrators: Using this Machine in a CC-Certified Environment Copyright (c) 2009,2010 RICOH...
... Users MP C2800/MP C3300/MP C4000/MP C5000 Aficio MP C2800/MP C3300/MP C4000/MP C5000 A - Manuals for Users - Notes for This Machine - MP C2800/C3300/C4000/C5000 MP C2800/C3300/C4000/C5000 Aficio MP C2800/C3300/C4000/C5000 Operating Instructions About This Machine - Caution on Use of the Optional USB 2.0/SD Slot Type A (Media Slot) - Notes for Administrators: Using this Machine in a CC-Certified Environment Copyright (c) 2009,2010 RICOH...
Security Target
Page 15
...file administration. 1.4.3.2 Administrator An "administrator" is a user who are selected by a user administrator. Copyright (c) 2009,2010 RICOH COMPANY, LTD. The responsible manager of the MFP selects up to be assigned to the organisation that uses the TOE, ... their own administrator IDs, passwords, and administrator roles. Table 1: List of the MFP is registered for administrators include user administration, machine administration, network administration, and file administration. Managing the TOE's network connections. General users can be registered for the TOE. 1.4.3 ...
...file administration. 1.4.3.2 Administrator An "administrator" is a user who are selected by a user administrator. Copyright (c) 2009,2010 RICOH COMPANY, LTD. The responsible manager of the MFP selects up to be assigned to the organisation that uses the TOE, ... their own administrator IDs, passwords, and administrator roles. Table 1: List of the MFP is registered for administrators include user administration, machine administration, network administration, and file administration. Managing the TOE's network connections. General users can be registered for the TOE. 1.4.3 ...
Security Target
Page 18
...by accessing the web server of the TOE from a client computer. Printing document data stored in the D-BOX. 4. Subset of the machine, information for the stored document data will be updated according to networks, user information, and information on the user's role (general ...user, administrator, or supervisor). Copyright (c) 2009,2010 RICOH COMPANY, LTD. Some information can use of use this function by accessing the Web Service Function from their computer's Web browser. Although...
...by accessing the web server of the TOE from a client computer. Printing document data stored in the D-BOX. 4. Subset of the machine, information for the stored document data will be updated according to networks, user information, and information on the user's role (general ...user, administrator, or supervisor). Copyright (c) 2009,2010 RICOH COMPANY, LTD. Some information can use of use this function by accessing the Web Service Function from their computer's Web browser. Although...
Security Target
Page 19
...administrator sets in the D-BOX to identify and authenticate the user with the received user ID and authentication information. Only the machine administrator is able to enter their user IDs and authentication details for user identification and authentication. It prompts the users to read... documentdata: Delete document data stored in document data include read and delete the recorded audit logs. Copyright (c) 2009,2010 RICOH COMPANY, LTD. The machine administrator can read -only permission, and changing the Print Settings is permitted as follows: Reading document data: Read document ...
...administrator sets in the D-BOX to identify and authenticate the user with the received user ID and authentication information. Only the machine administrator is able to enter their user IDs and authentication details for user identification and authentication. It prompts the users to read... documentdata: Delete document data stored in document data include read and delete the recorded audit logs. Copyright (c) 2009,2010 RICOH COMPANY, LTD. The machine administrator can read -only permission, and changing the Print Settings is permitted as follows: Reading document data: Read document ...
Security Target
Page 21
...required to delete one or more of their administrator information will be given to perform maintenance on the TOE from the machine administrator to a new administrator when they register another administrator, provided that the first administrator is already assigned thata dministrator ...Allows only users with full control permissions can change , and delete general user information. - Copyright (c) 2009,2010 RICOH COMPANY, LTD. Management of machine control data Each administrator is used . It restricts communication over a telephone line to newly create, change the document ...
...required to delete one or more of their administrator information will be given to perform maintenance on the TOE from the machine administrator to a new administrator when they register another administrator, provided that the first administrator is already assigned thata dministrator ...Allows only users with full control permissions can change , and delete general user information. - Copyright (c) 2009,2010 RICOH COMPANY, LTD. Management of machine control data Each administrator is used . It restricts communication over a telephone line to newly create, change the document ...
Security Target
Page 27
...(Protection of integrity of MFP Control Software) The TOE shall provide TOE users with a function for reading the audit logs, allowing the machine administrator to detect whether or not a security intrusion has occurred. All Rights Reserved. O.I&A (Identification and Authentication) The TOE shall perform identification... the security objectives of the TOE. O.MEM.PROTECT (Prevention of disclosure of data stored in the D-BOX. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Page 27 of 80 4 Security Objectives This section describes the security objectives of the TOE and its Security Functions, ...
...(Protection of integrity of MFP Control Software) The TOE shall provide TOE users with a function for reading the audit logs, allowing the machine administrator to detect whether or not a security intrusion has occurred. All Rights Reserved. O.I&A (Identification and Authentication) The TOE shall perform identification... the security objectives of the TOE. O.MEM.PROTECT (Prevention of disclosure of data stored in the D-BOX. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Page 27 of 80 4 Security Objectives This section describes the security objectives of the TOE and its Security Functions, ...
Security Target
Page 30
...(Malicious usage of the TOE) To counter this threat, the TOE converts the format of document data by O.AUDIT, and provides only the Machine administrator with O.I &A and O.MANAGE occurred. T.UNAUTH_ACCESS (Access violation of protected assets stored in the TOE) To counter this threat, the TOE..., the organisation managing operation of the internal network shall close any unnecessary ports between the external and internal networks. Copyright (c) 2009,2010 RICOH COMPANY, LTD. As specified by O.AUDIT, and the function for reading audit logs is upheld. In addition, the TOE records the...
...(Malicious usage of the TOE) To counter this threat, the TOE converts the format of document data by O.AUDIT, and provides only the Machine administrator with O.I &A and O.MANAGE occurred. T.UNAUTH_ACCESS (Access violation of protected assets stored in the TOE) To counter this threat, the TOE..., the organisation managing operation of the internal network shall close any unnecessary ports between the external and internal networks. Copyright (c) 2009,2010 RICOH COMPANY, LTD. As specified by O.AUDIT, and the function for reading audit logs is upheld. In addition, the TOE records the...
Security Target
Page 31
... and the function to read audit logs is only provided to the machine administrator so that the machine administratorverifies afterwards whether or not O.NET.PROTECT was successfully performed. Copyright (c) 2009,2010 RICOH COMPANY, LTD. In addition, the performance of O.LINE_PROTECT is recorded ...as audit logs by O.AUDIT, and the function to read audit logs is only provided to the machine administrator so that the machine administrator detects afterwards whether or...
... and the function to read audit logs is only provided to the machine administrator so that the machine administratorverifies afterwards whether or not O.NET.PROTECT was successfully performed. Copyright (c) 2009,2010 RICOH COMPANY, LTD. In addition, the performance of O.LINE_PROTECT is recorded ...as audit logs by O.AUDIT, and the function to read audit logs is only provided to the machine administrator so that the machine administrator detects afterwards whether or...
Security Target
Page 37
Dependencies: FAU_GEN.1 Audit data generation. FAU_SAR.1.1 The TSF shall provide [assignment: the machine administrator] with the capability to read [assignment: all users read access to the audit records, except those users that have been ...audit trail from the audit records. FAU_STG.4.1 The TSF shall [selection: overwrite the oldest stored audit records] and [assignment: no Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: FAU_SAR.1 Audit review. FAU_STG.1.2 The TSF shall be auditable invocations, if available. Page 37 of 80 Auditable events of TOE FAU_GEN...
Dependencies: FAU_GEN.1 Audit data generation. FAU_SAR.1.1 The TSF shall provide [assignment: the machine administrator] with the capability to read [assignment: all users read access to the audit records, except those users that have been ...audit trail from the audit records. FAU_STG.4.1 The TSF shall [selection: overwrite the oldest stored audit records] and [assignment: no Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: FAU_SAR.1 Audit review. FAU_STG.1.2 The TSF shall be auditable invocations, if available. Page 37 of 80 Auditable events of TOE FAU_GEN...
Security Target
Page 42
...If an administrator (any user role of a locked-out user can release a locked-out user. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 13 : List of authentication events Authentication events User authentication using the control panel User authentication using TOE... authentication by an operation other than a time-based operation. FIA_AFL.1.1 TSF shall detect when [selection: an administrator (refinement: the machine administrator) configurable positive integer within [assignment: 1 to 5]] unsuccessful authentication attempts occur related to indefinite, and in this case, Lockout...
...If an administrator (any user role of a locked-out user can release a locked-out user. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 13 : List of authentication events Authentication events User authentication using the control panel User authentication using TOE... authentication by an operation other than a time-based operation. FIA_AFL.1.1 TSF shall detect when [selection: an administrator (refinement: the machine administrator) configurable positive integer within [assignment: 1 to 5]] unsuccessful authentication attempts occur related to indefinite, and in this case, Lockout...
Security Target
Page 46
... Query, modify Query, modify Query, modify User roles User administrator Applicable general users of general user information Supervisor Supervisor Applicable administrator of administrator authentication information Machine administrator Machine administrator Machine administrator Machine administrator Copyright (c) 2009,2010 RICOH COMPANY, LTD.
... Query, modify Query, modify Query, modify User roles User administrator Applicable general users of general user information Supervisor Supervisor Applicable administrator of administrator authentication information Machine administrator Machine administrator Machine administrator Machine administrator Copyright (c) 2009,2010 RICOH COMPANY, LTD.
Security Target
Page 47
... General users, User administrator, Network administrator, File administrator, Supervisor User administrator Supervisor Machine administrator User administrator Applicable general users of S/MIME user information General users User administrator, General users FMT_SMF.1 Specification of Management Functions described in Table19 Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: No dependencies. second) TSF data Operations Que ry...
... General users, User administrator, Network administrator, File administrator, Supervisor User administrator Supervisor Machine administrator User administrator Applicable general users of S/MIME user information General users User administrator, General users FMT_SMF.1 Specification of Management Functions described in Table19 Copyright (c) 2009,2010 RICOH COMPANY, LTD. Dependencies: No dependencies. second) TSF data Operations Que ry...
Security Target
Page 48
...make explicit access or denial based decisions. Security Management Function (management of machine control data): The user administrator manages the following settings of general Copyright (c) 2009,2010 RICOH COMPANY, LTD. Security Management Function (management of general user information): ...management of authentication information of the machine control data: - None None None a) Managing the attributes used to...
...make explicit access or denial based decisions. Security Management Function (management of machine control data): The user administrator manages the following settings of general Copyright (c) 2009,2010 RICOH COMPANY, LTD. Security Management Function (management of general user information): ...management of authentication information of the machine control data: - None None None a) Managing the attributes used to...
Security Target
Page 50
...with TSF data. FMT_SMR.1 Securityroles Hierarchical to the Address Book. - a) None: No groups of machine control data): The machine administrator manages the following setting items for machine control data. - None a) Managing the group of users that are fixed. None: Actions that ...ACL of roles that can specify initial values; FMT_SMR.1.1 The TSF shall maintain the roles [assignment: general users, administrators (machine Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved. a) Management of the time. c) None: No rules by administrators. None: Actions...
...with TSF data. FMT_SMR.1 Securityroles Hierarchical to the Address Book. - a) None: No groups of machine control data): The machine administrator manages the following setting items for machine control data. - None a) Managing the group of users that are fixed. None: Actions that ...ACL of roles that can specify initial values; FMT_SMR.1.1 The TSF shall maintain the roles [assignment: general users, administrators (machine Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved. a) Management of the time. c) None: No rules by administrators. None: Actions...
Security Target
Page 55
...v v v 6.3.2 Justification of Traceability This section describes how the TOE security objectives are included to fulfil the O.AUDIT specification. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved. For this , FAU_GEN.1 generates audit information whenever an Audit Function starts and ends, whenever an identification or authentication ...also records the date, time, type, subject identity, and outcome of Security Functions should be restricted to the machine administrator only, and in Table 22, and these requirements are fulfilled by writing the newer audit logs over ...
...v v v 6.3.2 Justification of Traceability This section describes how the TOE security objectives are included to fulfil the O.AUDIT specification. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved. For this , FAU_GEN.1 generates audit information whenever an Audit Function starts and ends, whenever an identification or authentication ...also records the date, time, type, subject identity, and outcome of Security Functions should be restricted to the machine administrator only, and in Table 22, and these requirements are fulfilled by writing the newer audit logs over ...
Security Target
Page 56
... or a client computer when printing or faxing. Association and maintenance of authentication attempts reaches the number specified by the machine administrator. FIA_AFL.1 also reduces the possibility of users guessing passwords by displaying masking characters (*: asterisks or : bullets) ... and FIA_USB.1 bind successfully identified and authenticated users with general user processes are registered in place of a document, Copyright (c) 2009,2010 RICOH COMPANY, LTD. For this , FPT_STM.1 provides a trusted time stamp. c ) Complicate decoding of the functions they use the TOE....
... or a client computer when printing or faxing. Association and maintenance of authentication attempts reaches the number specified by the machine administrator. FIA_AFL.1 also reduces the possibility of users guessing passwords by displaying masking characters (*: asterisks or : bullets) ... and FIA_USB.1 bind successfully identified and authenticated users with general user processes are registered in place of a document, Copyright (c) 2009,2010 RICOH COMPANY, LTD. For this , FPT_STM.1 provides a trusted time stamp. c ) Complicate decoding of the functions they use the TOE....
Security Target
Page 57
...and change general user IDs; - c ) Specify Management Functions. O. To fulfil O.MANAGE, management of security attributes shall be Copyright (c) 2009,2010 RICOH COMPANY, LTD. For this , FMT_MSA.1 allows: - FMT_MTD.1 also allows: - the user administrator and applicable general users to query general user IDs... 57 of 80 FDP_ACC.1 and FDP_ADF.1 allow the general user to query and modify the default ACLs of document data. the machine administrator to query and change their own administrator IDs; - To fulfil O.MANAGE, the Security Management Functions for supervisor, specify the...
...and change general user IDs; - c ) Specify Management Functions. O. To fulfil O.MANAGE, management of security attributes shall be Copyright (c) 2009,2010 RICOH COMPANY, LTD. For this , FMT_MSA.1 allows: - FMT_MTD.1 also allows: - the user administrator and applicable general users to query general user IDs... 57 of 80 FDP_ACC.1 and FDP_ADF.1 allow the general user to query and modify the default ACLs of document data. the machine administrator to query and change their own administrator IDs; - To fulfil O.MANAGE, the Security Management Functions for supervisor, specify the...