Security Target
Page 5
Page 4 of 93 7.3 Document Access Control Function 84 7.4 Use-of-Feature Restriction Function 86 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 87 7.7 Stored Data Protection Function 88 7.8 Security Management Function 88 7.9 Software Verification Function 93 7.10 Fax Line Separation Function 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Page 4 of 93 7.3 Document Access Control Function 84 7.4 Use-of-Feature Restriction Function 86 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 87 7.7 Stored Data Protection Function 88 7.8 Security Management Function 88 7.9 Software Verification Function 93 7.10 Fax Line Separation Function 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Security Target
Page 8
MFP versions consist of TOE Names Ricoh Aficio MP C3001, Ricoh Aficio MP C3501, Ricoh Aficio MP C3001G, Ricoh Aficio MP C3501G, Gestetner MP C3001, Gestetner MP C3501, Lanier MP C3001, Lanier MP C3501, Lanier LD630C, Lanier LD635C, Lanier LD630CG, Lanier LD635CG, nashuatec MP C3001, nashuatec MP C3501, Rex-Rotary MP C3001, Rex-Rotary MP C3501, MFPs Versions Software System/Copy Network Support Scanner Printer Fax RemoteFax Web Support Web Uapl NetworkDocBox animation PCL OptionPCLFont Engine 1.03...
MFP versions consist of TOE Names Ricoh Aficio MP C3001, Ricoh Aficio MP C3501, Ricoh Aficio MP C3001G, Ricoh Aficio MP C3501G, Gestetner MP C3001, Gestetner MP C3501, Lanier MP C3001, Lanier MP C3501, Lanier LD630C, Lanier LD635C, Lanier LD630CG, Lanier LD635CG, nashuatec MP C3001, nashuatec MP C3501, Rex-Rotary MP C3001, Rex-Rotary MP C3501, MFPs Versions Software System/Copy Network Support Scanner Printer Fax RemoteFax Web Support Web Uapl NetworkDocBox animation PCL OptionPCLFont Engine 1.03...
Security Target
Page 10
... it as a document. Also, the TOE receives information via telephone lines and can operate the TOE from the Operation Panel of the MFP: - Copyright (c) 2011 RICOH COMPANY, LTD. The MFP is the TOE itself, and hardware and software other than the TOE.
... it as a document. Also, the TOE receives information via telephone lines and can operate the TOE from the Operation Panel of the MFP: - Copyright (c) 2011 RICOH COMPANY, LTD. The MFP is the TOE itself, and hardware and software other than the TOE.
Security Target
Page 12
... Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, Controller Board, HDD, Ic Ctlr, Network Unit, USB Port, SD Card Slot, and SD Card. Software Verification Function - Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Stored Data Protection Function - Fax Line Separation Function Page 11 of 93 1.4 TOE Description This section describes Physical...
... Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, Controller Board, HDD, Ic Ctlr, Network Unit, USB Port, SD Card Slot, and SD Card. Software Verification Function - Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Stored Data Protection Function - Fax Line Separation Function Page 11 of 93 1.4 TOE Description This section describes Physical...
Security Target
Page 13
The following describes the components of random number generation, cryptographic key generation Copyright (c) 2011 RICOH COMPANY, LTD. It can also be used as a working area for image processing such as compressing/decompressing the image data. All rights reserved. Processor...information is used to and from the units and devices that performs basic arithmetic processing for configuring MFP operations is processed by the MFP Control Software on the Controller Board. The Controller Board sends and receives information to control the MFP. NVRAM A non-volatile memory medium in which is...
The following describes the components of random number generation, cryptographic key generation Copyright (c) 2011 RICOH COMPANY, LTD. It can also be used as a working area for image processing such as compressing/decompressing the image data. All rights reserved. Processor...information is used to and from the units and devices that performs basic arithmetic processing for configuring MFP operations is processed by the MFP Control Software on the Controller Board. The Controller Board sends and receives information to control the MFP. NVRAM A non-volatile memory medium in which is...
Security Target
Page 14
...Printer Engine according to a telephone line. All rights reserved. Transfers operation instructions from the MFP Control Software. It also sends and receives fax data to and from other fax devices using the G3 standard ... Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, OptionPCLFont, LANG0, and LANG1. FCU, which the following software components are included in the Engine Control Board. Operation Panel Unit (hereafter "Operation Panel") The Operation Panel is shipped. - ...the TOE and consists of the Fax Unit. Copyright (c) 2011 RICOH COMPANY, LTD.
...Printer Engine according to a telephone line. All rights reserved. Transfers operation instructions from the MFP Control Software. It also sends and receives fax data to and from other fax devices using the G3 standard ... Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, OptionPCLFont, LANG0, and LANG1. FCU, which the following software components are included in the Engine Control Board. Operation Panel Unit (hereafter "Operation Panel") The Operation Panel is shipped. - ...the TOE and consists of the Fax Unit. Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 15
...C9145G/C9145AG/C9155G/C9155AG LD630C/LD635C/LD645C/LD645CA/LD655C/LD655CA LD630CG/LD635CG/LD645CG/LD645CAG/LD655CG/LD655CAG Aficio MP C3001/C3501/C4501/C4501A/C5501/C5501A Aficio MP C3001G/C3501G/C4501G/C4501AG/C5501G/C5501AG Copyright (c) 2011 RICOH COMPANY, LTD. Page 14 of the guidance document sets depends on the sales area and...for this interface is inside the MFP. USB Port The USB Port is a memory medium in which Data Erase Std (MFP Control Software) are available for printing directly from the client computer. SD Card/SD Card Slot The SD Card is an external interface to ...
...C9145G/C9145AG/C9155G/C9155AG LD630C/LD635C/LD645C/LD645CA/LD655C/LD655CA LD630CG/LD635CG/LD645CG/LD645CAG/LD655CG/LD655CAG Aficio MP C3001/C3501/C4501/C4501A/C5501/C5501A Aficio MP C3001G/C3501G/C4501G/C4501AG/C5501G/C5501AG Copyright (c) 2011 RICOH COMPANY, LTD. Page 14 of the guidance document sets depends on the sales area and...for this interface is inside the MFP. USB Port The USB Port is a memory medium in which Data Erase Std (MFP Control Software) are available for printing directly from the client computer. SD Card/SD Card Slot The SD Card is an external interface to ...
Security Target
Page 27
...in accordance with RC Gate, encrypted communication is to verify the integrity of the executable codes of the MFP Control Software and FCU Control Software and to ensure that they can be enabled through encrypted communication with communication requirements that only fax data can be... received and unauthorised intrusion from the telephone lines to the LAN can be prevented. Copyright (c) 2011 RICOH COMPANY, LTD. Stored Data ...
...in accordance with RC Gate, encrypted communication is to verify the integrity of the executable codes of the MFP Control Software and FCU Control Software and to ensure that they can be enabled through encrypted communication with communication requirements that only fax data can be... received and unauthorised intrusion from the telephone lines to the LAN can be prevented. Copyright (c) 2011 RICOH COMPANY, LTD. Stored Data ...
Security Target
Page 28
...OptionPCLFont, LANG0, LANG1 and Data Erase Std. This component is subject to This ST Definitions A software component installed in FlashROM and SD Card. Page 27 of specific terms. Terms MFP Control Software Table 10 : Specific Terms Related to restrictions. 1.5 Glossary 1.5.1 Glossary for Lockout Release Timer,... referred to as "TSF protected data". TSF Data The TSF data is referred to as "TSF confidential data". Copyright (c) 2011 RICOH COMPANY, LTD. No security threat will occur even this ST, Table 10 provides the definitions of 93 data 1.4.5.2. Login password, audit...
...OptionPCLFont, LANG0, LANG1 and Data Erase Std. This component is subject to This ST Definitions A software component installed in FlashROM and SD Card. Page 27 of specific terms. Terms MFP Control Software Table 10 : Specific Terms Related to restrictions. 1.5 Glossary 1.5.1 Glossary for Lockout Release Timer,... referred to as "TSF protected data". TSF Data The TSF data is referred to as "TSF confidential data". Copyright (c) 2011 RICOH COMPANY, LTD. No security threat will occur even this ST, Table 10 provides the definitions of 93 data 1.4.5.2. Login password, audit...
Security Target
Page 38
...executable code in a restricted or monitored area that provides protection from unauthorised disclosure or alteration, and shall be encrypted. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to the guidance document, the TOE is placed in the TSF. P.RCGATE.COMM.PROTECT Protection of...shall be controlled by authorised persons. The audit log shall be protected from physical access by unauthorised persons. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. A.USER.TRAINING User training The responsible manager of MFP trains users according to the ...
...executable code in a restricted or monitored area that provides protection from unauthorised disclosure or alteration, and shall be encrypted. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to the guidance document, the TOE is placed in the TSF. P.RCGATE.COMM.PROTECT Protection of...shall be controlled by authorised persons. The audit log shall be protected from physical access by unauthorised persons. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. A.USER.TRAINING User training The responsible manager of MFP trains users according to the ...
Security Target
Page 41
... in the TSF. OE.AUDIT_ACCESS.AUTHORIZED Audit log access control in the MFP and prevent its unauthorised disclosure or alteration. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. O.SOFTWARE.VERIFIED Software verification The TOE shall provide procedures to a trusted IT product, the responsible manager of MFP shall ensure that the data is encrypted...
... in the TSF. OE.AUDIT_ACCESS.AUTHORIZED Audit log access control in the MFP and prevent its unauthorised disclosure or alteration. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. O.SOFTWARE.VERIFIED Software verification The TOE shall provide procedures to a trusted IT product, the responsible manager of MFP shall ensure that the data is encrypted...
Security Target
Page 43
...O.DOC.NO_DIS O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DIS O.CONF.NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED ...STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Table 11 : Rationale for security objectives. Page 42 of Security Objectives Table 11 describes the correspondence ...
...O.DOC.NO_DIS O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DIS O.CONF.NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED ...STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Table 11 : Rationale for security objectives. Page 42 of Security Objectives Table 11 describes the correspondence ...
Security Target
Page 45
... of MFP gives the authority to use the TOE to users who follow the security policies and procedures of their organisation. SOFTWARE.VERIFICATION P.SOFTWARE.VERIFICATION is countered by O.CONF.NO_ALT, O.USER.AUTHORIZED and OE.USER.AUTHORIZED. All rights reserved. By OE.USER.AUTHORIZED,... users who follow the security policies and procedures of their organisation. T.CONF.DIS is countered by these objectives. P. Copyright (c) 2011 RICOH COMPANY, LTD. By O.USER.AUTHORIZED, the TOE requires identification and authentication of users, and users are authorised in accordance with a ...
... of MFP gives the authority to use the TOE to users who follow the security policies and procedures of their organisation. SOFTWARE.VERIFICATION P.SOFTWARE.VERIFICATION is countered by O.CONF.NO_ALT, O.USER.AUTHORIZED and OE.USER.AUTHORIZED. All rights reserved. By OE.USER.AUTHORIZED,... users who follow the security policies and procedures of their organisation. T.CONF.DIS is countered by these objectives. P. Copyright (c) 2011 RICOH COMPANY, LTD. By O.USER.AUTHORIZED, the TOE requires identification and authentication of users, and users are authorised in accordance with a ...
Security Target
Page 68
...start-up] to demonstrate the correct operation of user authentication method by MFP administrator Query of [selection: [assignment: the MFP Control Software, FCU Control Software]]. FPT_TST.1.2 The TSF shall provide authorised users with the capability to verify the integrity of identification FMT_SMR.1.1 The TSF shall maintain the... for stored and received documents by MFP administrator FMT_SMR.1 Security roles Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: FIA_UID.1 Timing of [selection: [assignment: the stored TSF executable code]].
...start-up] to demonstrate the correct operation of user authentication method by MFP administrator Query of [selection: [assignment: the MFP Control Software, FCU Control Software]]. FPT_TST.1.2 The TSF shall provide authorised users with the capability to verify the integrity of identification FMT_SMR.1.1 The TSF shall maintain the... for stored and received documents by MFP administrator FMT_SMR.1 Security roles Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: FIA_UID.1 Timing of [selection: [assignment: the stored TSF executable code]].
Security Target
Page 71
... Table 32 : Relationship between Security Objectives and Functional Requirements O.DOC.NO_DI S O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FCS_CKM.1 FCS_COP.1 FDP_ACC.1(a) X X X FDP_ACC.1(b) FDP_ACF.1(a) X X X FDP_ACF.1(b) FDP_RIP.1 X X FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU...
... Table 32 : Relationship between Security Objectives and Functional Requirements O.DOC.NO_DI S O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FCS_CKM.1 FCS_COP.1 FDP_ACC.1(a) X X X FDP_ACC.1(b) FDP_ACF.1(a) X X X FDP_ACF.1(b) FDP_RIP.1 X X FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU...
Security Target
Page 72
...or the normal user who is registered on the document user list, and a specified user Copyright (c) 2011 RICOH COMPANY, LTD. FMT_MSA.1(a) specifies the available operations (newly create, query, modify and delete) on the login... sending or receiving document data. Page 71 of 93 O.DOC.NO_DI S O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FMT_MSA.3(b) FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTA_SSL.3 FTP_ITC.1 X X X X X X X X X X X X X X ...
...or the normal user who is registered on the document user list, and a specified user Copyright (c) 2011 RICOH COMPANY, LTD. FMT_MSA.1(a) specifies the available operations (newly create, query, modify and delete) on the login... sending or receiving document data. Page 71 of 93 O.DOC.NO_DI S O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FMT_MSA.3(b) FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTA_SSL.3 FTP_ITC.1 X X X X X X X X X X X X X X ...
Security Target
Page 77
... security objective to ensure that can be audited. FAU_GEN.1 and FAU_GEN.2 record the events, which are verified software at the start-up. O.STORAGE.ENCRYPTED Encryption of storage devices O.STORAGE.ENCRYPTED is encrypted. Copyright (c) 2011 RICOH COMPANY, LTD. By satisfying FIA_UID.1(a), FIA_UID.1(b), FIA_UAU.1(a), FIA_UAU.1(b), FIA_UID.2, FIA_UAU.2, FTA_SSL.3 and FPT_FDI_EXP.1, which should be written...
... security objective to ensure that can be audited. FAU_GEN.1 and FAU_GEN.2 record the events, which are verified software at the start-up. O.STORAGE.ENCRYPTED Encryption of storage devices O.STORAGE.ENCRYPTED is encrypted. Copyright (c) 2011 RICOH COMPANY, LTD. By satisfying FIA_UID.1(a), FIA_UID.1(b), FIA_UAU.1(a), FIA_UAU.1(b), FIA_UID.2, FIA_UAU.2, FTA_SSL.3 and FPT_FDI_EXP.1, which should be written...
Security Target
Page 80
... the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is important to ensure a secure development environment. Copyright (c) 2011 RICOH COMPANY, LTD. The MFP is a commercially available product. In order to securely operate the TOE continuously, it will not be used for the MFP... adequate for general needs. Therefore, cryptographic key destruction by the standard method is unnecessary. 6.3.4 Security Assurance Requirements Rationale This TOE is software for the HDD encryption of this TOE at the start of moderate or greater level attacks.
... the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is important to ensure a secure development environment. Copyright (c) 2011 RICOH COMPANY, LTD. The MFP is a commercially available product. In order to securely operate the TOE continuously, it will not be used for the MFP... adequate for general needs. Therefore, cryptographic key destruction by the standard method is unnecessary. 6.3.4 Security Assurance Requirements Rationale This TOE is software for the HDD encryption of this TOE at the start of moderate or greater level attacks.
Security Target
Page 94
...with the fax protocol is performed, the line is disconnected. For Fax Function, values to identify Fax Function. 7.9 Software Verification Function The Software Verification Function is to identify Scanner Function. If the hash does not match its original value and the certificate is ... fails, the TOE displays the error message and becomes unavailable. For Printer Function, values to identify Copy Function. Copyright (c) 2011 RICOH COMPANY, LTD. Each MFP application (Copy Function, Printer Function, Scanner Function, Document Server Function and Fax Function) Function type Page...
...with the fax protocol is performed, the line is disconnected. For Fax Function, values to identify Fax Function. 7.9 Software Verification Function The Software Verification Function is to identify Scanner Function. If the hash does not match its original value and the certificate is ... fails, the TOE displays the error message and becomes unavailable. For Printer Function, values to identify Copy Function. Copyright (c) 2011 RICOH COMPANY, LTD. Each MFP application (Copy Function, Printer Function, Scanner Function, Document Server Function and Fax Function) Function type Page...