Security Target
Page 4
... 68 6.2 Security Assurance Requirements 68 6.3 Security Requirements Rationale 69 6.3.1 Tracing ...69 6.3.2 Justification of Traceability 71 6.3.3 Dependency Analysis 77 6.3.4 Security Assurance Requirements Rationale 79 7 TOE Summary Specification 80 7.1 Audit Function ...80 7.2 Identification and Authentication Function 82 Copyright (c) 2011...
... 68 6.2 Security Assurance Requirements 68 6.3 Security Requirements Rationale 69 6.3.1 Tracing ...69 6.3.2 Justification of Traceability 71 6.3.3 Dependency Analysis 77 6.3.4 Security Assurance Requirements Rationale 79 7 TOE Summary Specification 80 7.1 Audit Function ...80 7.2 Identification and Authentication Function 82 Copyright (c) 2011...
Security Target
Page 6
...of Administrative Roles...19 Table 8 : Definition of User Data ...26 Table 9 : Definition of TSF Data ...27 Table 10 : Specific Terms Related to This ST 27 Table 11 : Rationale for Security Objectives 42 Table 12 : List of Auditable Events ...49 Table...Roles Allowed to Override Default Values 64 Table 29 : List of TSF Data ...65 Table 30 : List of Specification of Management Functions 66 Table 31 : TOE Security Assurance Requirements (EAL3+ALC_FLR.2 69 Table 32 : Relationship between Security... 35 : List of Audit Log Items ...81 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
...of Administrative Roles...19 Table 8 : Definition of User Data ...26 Table 9 : Definition of TSF Data ...27 Table 10 : Specific Terms Related to This ST 27 Table 11 : Rationale for Security Objectives 42 Table 12 : List of Auditable Events ...49 Table...Roles Allowed to Override Default Values 64 Table 29 : List of TSF Data ...65 Table 30 : List of Specification of Management Functions 66 Table 31 : TOE Security Assurance Requirements (EAL3+ALC_FLR.2 69 Table 32 : Relationship between Security... 35 : List of Audit Log Items ...81 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Security Target
Page 27
... and their fragments, which are user data, TSF data, and functions. 1.4.5.1. Stored Data Protection Function The Stored Data Protection Function is referred to overwrite specific patterns on the HDD and protect the data so that data leakage can be protected by the TOE are managed by users. User Data The... user data is used. Copyright (c) 2011 RICOH COMPANY, LTD. Table 8 defines user data according to encrypt the data on the HDD and disable the reusing of the residual data included in ...
... and their fragments, which are user data, TSF data, and functions. 1.4.5.1. Stored Data Protection Function The Stored Data Protection Function is referred to overwrite specific patterns on the HDD and protect the data so that data leakage can be protected by the TOE are managed by users. User Data The... user data is used. Copyright (c) 2011 RICOH COMPANY, LTD. Table 8 defines user data according to encrypt the data on the HDD and disable the reusing of the residual data included in ...
Security Target
Page 28
...Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, OptionPCLFont, LANG0, LANG1 and Data Erase Std. Copyright (c) 2011 RICOH COMPANY, LTD. Login user name, Number of 93 data 1.4.5.2. This data must be protected from changes by users without viewing permissions. The ...components that are classified as "TSF confidential data". In this ST, Table 10 provides the definitions of specific terms. Terms MFP Control Software Table 10 : Specific Terms Related to as "TSF protected data". Page 27 of Attempts before Lockout, settings for Lockout Release ...
...Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, OptionPCLFont, LANG0, LANG1 and Data Erase Std. Copyright (c) 2011 RICOH COMPANY, LTD. Login user name, Number of 93 data 1.4.5.2. This data must be protected from changes by users without viewing permissions. The ...components that are classified as "TSF confidential data". In this ST, Table 10 provides the definitions of specific terms. Terms MFP Control Software Table 10 : Specific Terms Related to as "TSF protected data". Page 27 of Attempts before Lockout, settings for Lockout Release ...
Security Target
Page 48
...FPT_FDI_EXP has been defined to another external interface. Rationale: Quite often, a TOE is supposed to perform specific checks and process data received on one external interface to require TSF controlled processing of data received over...an authorized administrative role. 5 Extended Components Definition This section describes Extended Components Definition. Examples Copyright (c) 2011 RICOH COMPANY, LTD. Many products receive information on specific external interfaces and are intended to perform the management activities b) Management of the conditions under which direct ...
...FPT_FDI_EXP has been defined to another external interface. Rationale: Quite often, a TOE is supposed to perform specific checks and process data received on one external interface to require TSF controlled processing of data received over...an authorized administrative role. 5 Extended Components Definition This section describes Extended Components Definition. Examples Copyright (c) 2011 RICOH COMPANY, LTD. Many products receive information on specific external interfaces and are intended to perform the management activities b) Management of the conditions under which direct ...
Security Target
Page 49
... interfaces is therefore a function that-if allowed at all-can be placed in either the FDP or the FPT class. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. It has been viewed as useful to have this . It was most appropriate to place it was found...the authors to define a new family with just one member. Page 48 of 93 are firewall systems but also other components Dependencies: FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security roles FPT_FDI_EXP.1.1 The TSF shall provide the capability to restrict data received on [assignment: the Operation Panel, LAN...
... interfaces is therefore a function that-if allowed at all-can be placed in either the FDP or the FPT class. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. It has been viewed as useful to have this . It was most appropriate to place it was found...the authors to define a new family with just one member. Page 48 of 93 are firewall systems but also other components Dependencies: FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security roles FPT_FDI_EXP.1.1 The TSF shall provide the capability to restrict data received on [assignment: the Operation Panel, LAN...
Security Target
Page 51
b) Basic: All requests to folder, and deleting", are the job types of Copyright (c) 2011 RICOH COMPANY, LTD. c) Detailed: All TSF mediated actions performed before authentication of the - Start and end operation of the user. Start and ... mechanism; b) Basic: All use of the authentication mechanism; Start and end operation of the authentication mechanism; All rights reserved. c) Detailed: The specific security attributes used in making an access check. Start and end operation of sending document data by the SFP. Start and end operation of faxing...
b) Basic: All requests to folder, and deleting", are the job types of Copyright (c) 2011 RICOH COMPANY, LTD. c) Detailed: All TSF mediated actions performed before authentication of the - Start and end operation of the user. Start and ... mechanism; b) Basic: All use of the authentication mechanism; Start and end operation of the authentication mechanism; All rights reserved. c) Detailed: The specific security attributes used in making an access check. Start and end operation of sending document data by the SFP. Start and end operation of faxing...
Security Target
Page 63
...Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of MFP administrator Document data attribute Document user list [when document data attributes are permitted for External Authentication ...Query, modify MFP administrator, applicable normal user who owns the applicable login user name Supervisor - All rights reserved. Copyright (c) 2011 RICOH COMPANY, LTD. Table 26 : User Roles for Security Attributes (a) Security Attributes Login user name of normal user for Basic Authentication Login...
...Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of MFP administrator Document data attribute Document user list [when document data attributes are permitted for External Authentication ...Query, modify MFP administrator, applicable normal user who owns the applicable login user name Supervisor - All rights reserved. Copyright (c) 2011 RICOH COMPANY, LTD. Table 26 : User Roles for Security Attributes (a) Security Attributes Login user name of normal user for Basic Authentication Login...
Security Target
Page 64
... attributes Hierarchical to: No other components. All rights reserved. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of External Authentication) No operation permitted No operation permitted User Roles with operation permission in Table 27] to : No other components. FMT_MSA.3(a)Static attribute initialisation... (b) Security Attributes Login user name of normal user for Basic Authentication Login user name of normal user for operations by the TOE. Copyright (c) 2011 RICOH COMPANY, LTD.
... attributes Hierarchical to: No other components. All rights reserved. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of External Authentication) No operation permitted No operation permitted User Roles with operation permission in Table 27] to : No other components. FMT_MSA.3(a)Static attribute initialisation... (b) Security Attributes Login user name of normal user for Basic Authentication Login user name of normal user for operations by the TOE. Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 65
... the default values when an object or information is created. No authorised identified roles - No authorised identified roles - Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions Copyright (c) 2011 RICOH COMPANY, LTD. MFP administrator - Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles FMT_MSA.3.1(b)The TSF shall enforce the [assignment: TOE function...
... the default values when an object or information is created. No authorised identified roles - No authorised identified roles - Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions Copyright (c) 2011 RICOH COMPANY, LTD. MFP administrator - Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles FMT_MSA.3.1(b)The TSF shall enforce the [assignment: TOE function...
Security Target
Page 67
... 66 of 93 TSF Data Users for stored and received documents User authentication method Operations Query, modify Query User Roles MFP administrator MFP administrator FMT_SMF.1 Specification of performing the following management functions: [assignment: management functions shown in Table 30]. FMT_SMF.1.1 The TSF shall be capable of Management Functions Hierarchical to: No...modification of available function list by MFP administrator Query of own available function list by normal user when the Basic Authentication is used Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: No dependencies.
... 66 of 93 TSF Data Users for stored and received documents User authentication method Operations Query, modify Query User Roles MFP administrator MFP administrator FMT_SMF.1 Specification of performing the following management functions: [assignment: management functions shown in Table 30]. FMT_SMF.1.1 The TSF shall be capable of Management Functions Hierarchical to: No...modification of available function list by MFP administrator Query of own available function list by normal user when the Basic Authentication is used Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: No dependencies.
Security Target
Page 69
... Class FTA: TOE access FTA_SSL.3 TSF-initiated termination Hierarchical to: No other components. Dependencies: No dependencies. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Page 68 of 93 FPT_FDI_EXP.1 Restricted forwarding of data to external interfaces Hierarchical to the ...FTP_ITC.1.2 The TSF shall permit [selection: the TSF, another trusted IT product that is EAL3+ALC_FLR.2. Dependencies: FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security roles FPT_FDI_EXP.1.1 The TSF shall provide the capability to restrict data received on [assignment: the...
... Class FTA: TOE access FTA_SSL.3 TSF-initiated termination Hierarchical to: No other components. Dependencies: No dependencies. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Page 68 of 93 FPT_FDI_EXP.1 Restricted forwarding of data to external interfaces Hierarchical to the ...FTP_ITC.1.2 The TSF shall permit [selection: the TSF, another trusted IT product that is EAL3+ALC_FLR.2. Dependencies: FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security roles FPT_FDI_EXP.1.1 The TSF shall provide the capability to restrict data received on [assignment: the...
Security Target
Page 70
Copyright (c) 2011 RICOH COMPANY, LTD. If all security functional requirements are satisfied as below, the security objectives defined in "4 Security ...ALC_FLR.2 ASE_CCL.1 ASE_ECD.1 ASE_INT.1 ASE_OBJ.2 ASE_REQ.2 ASE_SPD.1 ASE_TSS.1 ATE_COV.2 ATE_DPT.1 ATE_FUN.1 ATE_IND.2 AVA_VAN.2 Assurance Components Security architecture description Functional specification with complete summary Architectural design Operational user guidance Preparative procedures Authorisation controls Implementation representation CM coverage Delivery procedures Identification of security measures Developer defined life...
Copyright (c) 2011 RICOH COMPANY, LTD. If all security functional requirements are satisfied as below, the security objectives defined in "4 Security ...ALC_FLR.2 ASE_CCL.1 ASE_ECD.1 ASE_INT.1 ASE_OBJ.2 ASE_REQ.2 ASE_SPD.1 ASE_TSS.1 ATE_COV.2 ATE_DPT.1 ATE_FUN.1 ATE_IND.2 AVA_VAN.2 Assurance Components Security architecture description Functional specification with complete summary Architectural design Operational user guidance Preparative procedures Authorisation controls Implementation representation CM coverage Delivery procedures Identification of security measures Developer defined life...
Security Target
Page 74
...is fulfilled. The TSF confidential data sent and received by the TOE via the LAN are protected by FTP_ITC.1. Copyright (c) 2011 RICOH COMPANY, LTD. FMT_MSA.3(a) sets the restrictive value to the security attributes of user jobs (object) when the user jobs are ...is required to specified users only. FMT_MSA.1(a) restricts each available operation (newly create, query, modify and delete) for Security Function. (3) Specification of the TSF confidential data. All rights reserved. FMT_SMF.1 performs the required Management Functions for the login user name to implement the following...
...is fulfilled. The TSF confidential data sent and received by the TOE via the LAN are protected by FTP_ITC.1. Copyright (c) 2011 RICOH COMPANY, LTD. FMT_MSA.3(a) sets the restrictive value to the security attributes of user jobs (object) when the user jobs are ...is required to specified users only. FMT_MSA.1(a) restricts each available operation (newly create, query, modify and delete) for Security Function. (3) Specification of the TSF confidential data. All rights reserved. FMT_SMF.1 performs the required Management Functions for the login user name to implement the following...
Security Target
Page 75
...Function. The MFP administrator is only allowed to operate the audit log and newly create an HDD cryptographic key. (2) Specification of supervisor. By satisfying FMT_MTD.1, FMT_SMF.1, FMT_SMR.1 and FTP_ITC.1, which are the security functional requirements for authentication using ...and FIA_UAU.2 authenticates RC Gate. (2) Allow the successfully identified and authenticated user to use the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. The authentication failure handling and verification of secrets are successfully identified and authenticated with the...
...Function. The MFP administrator is only allowed to operate the audit log and newly create an HDD cryptographic key. (2) Specification of supervisor. By satisfying FMT_MTD.1, FMT_SMF.1, FMT_SMR.1 and FTP_ITC.1, which are the security functional requirements for authentication using ...and FIA_UAU.2 authenticates RC Gate. (2) Allow the successfully identified and authenticated user to use the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. The authentication failure handling and verification of secrets are successfully identified and authenticated with the...
Security Target
Page 78
...are the security functional requirements for the TOE security functional requirements. FCS_CKM.1 generates the cryptographic key for Security Function. (5) Specification of 93 (1) Generate appropriate cryptographic keys. FMT_SMR.1 maintains the users who have the privileges. By satisfying FCS_CKM.1, FCS_COP.1, .... FMT_MTD.1 allows the MFP administrator to be stored in ST None None None None None None FCS_CKM.4 Copyright (c) 2011 RICOH COMPANY, LTD. FMT_SMF.1 performs the required Management Functions for encryption. (2) Perform cryptographic operation. Table 33 : Results of ...
...are the security functional requirements for the TOE security functional requirements. FCS_CKM.1 generates the cryptographic key for Security Function. (5) Specification of 93 (1) Generate appropriate cryptographic keys. FMT_SMR.1 maintains the users who have the privileges. By satisfying FCS_CKM.1, FCS_COP.1, .... FMT_MTD.1 allows the MFP administrator to be stored in ST None None None None None None FCS_CKM.4 Copyright (c) 2011 RICOH COMPANY, LTD. FMT_SMF.1 performs the required Management Functions for encryption. (2) Perform cryptographic operation. Table 33 : Results of ...
Security Target
Page 81
...RC Gate communication interface Table 30 Record of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. FAU_SAR.1, FAU_SAR.2, and FAU_STG.1 The TOE displays the operation menu for audit logs to be viewed and deleted only by...(hour/minute/second) the TOE records for the audit log are recorded. Page 80 of 93 7 TOE Summary Specification This section describes the TOE summary specification for each corresponding security functional requirement. 7.1 Audit Function The Audit Function is insufficient space in the audit log files ...
...RC Gate communication interface Table 30 Record of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. FAU_SAR.1, FAU_SAR.2, and FAU_STG.1 The TOE displays the operation menu for audit logs to be viewed and deleted only by...(hour/minute/second) the TOE records for the audit log are recorded. Page 80 of 93 7 TOE Summary Specification This section describes the TOE summary specification for each corresponding security functional requirement. 7.1 Audit Function The Audit Function is insufficient space in the audit log files ...
Security Target
Page 88
... the deleted documents, temporary documents and their fragments on communicating devices. If the user deletes document data, the TOE Copyright (c) 2011 RICOH COMPANY, LTD. FDP_RIP.1 Methods to start operating Copy Function, Printer Function, Scanner Function, Document Server Function, and Fax Function. All...256bits), 3DES(168bits) SMTP server S/MIME 3DES(168bits) 7.6 Residual Data Overwrite Function The Residual Data Overwrite Function is to overwrite specific patterns on the HDD and disable the reusing of supervisor and RC Gate, using any existing residual data is that of 93 ...
... the deleted documents, temporary documents and their fragments on communicating devices. If the user deletes document data, the TOE Copyright (c) 2011 RICOH COMPANY, LTD. FDP_RIP.1 Methods to start operating Copy Function, Printer Function, Scanner Function, Document Server Function, and Fax Function. All...256bits), 3DES(168bits) SMTP server S/MIME 3DES(168bits) 7.6 Residual Data Overwrite Function The Residual Data Overwrite Function is to overwrite specific patterns on the HDD and disable the reusing of supervisor and RC Gate, using any existing residual data is that of 93 ...