- 目次 - ST 概説 (ST Introduction) ..........1 ST 参照 (ST Reference) ..............1 1.1. TOE 参照 (TOE Reference) ............. 1 1.2. TOE 概要 (TOE Overview) ............. 1 1.3. TOE 種別および主要セキュリティ機能 (TOE Type and Major Security Features) ... 1 1.3.1.
Page 4
拡張コンポーネント定義 (Extended Components Definition) ..30 FPT_FDI_EXP Restricted forwarding of data to external interfaces ..30 5.1. セキュリティ要件 (Security Requirements) ........ 32 セキュリティ機能要件 (Security Functional Requirements) ...... 35 6.1. Class FAU: Security Audit ............... 38 6.1.1. Class FCS: Cryptographic Support ........... 46 6.1.2.
Page 5
- 図表目次 - 図 1 TOE の想定する利用環境 ..................4 図 2 MFD 内の各ユニットと TOE の論理的範囲 ..............7 図 3 プライベートプリントと親展ボックスの認証フロー ..............10 図 4 MFD 内の各ユニットと TOE の物理的範囲 ..............14 図 5 保護資産と保護対象外資産 .................. 21 Table 1 TOE が提供する機能と機能種別 ................2 Table 2 TOE が想定する利用者役割...
TOE assets and establishing related の責任者または管理者。 security policies. カストマーエンジニア カストマーエンジニア専用のイン ターフェースを使用して、TOE の機器動作設定を行う者。 1.4.2. TOE の論理的範囲 (Logical Scope and Boundary) TOE の論理的範囲はプログラムの各機能である。 図 2 に TOE の論理的構成を記述する。 - 6 – Copyright 2012 by Fuji Xerox Co., Ltd...
図 2 MFD 内の各ユニットと TOE の論理的範囲 Channel には以下の 4 つのタイプがある。 a) Private Medium Interface 複数の利用者が同時にアクセスすることのできない操作パネルやローカルインターフェース。 b) Shared Medium Interface 複数の利用者が同時にアクセスすることのできるネットワーク等のインターフェース。 c) Original Document Handler ハードコピーの User Document Data を TOE に転送するメカニズム - 7 – Copyright 2012 by Fuji Xerox Co., Ltd...
User Function Data are the ジョブフロー スキャン文書の処理を行うために、 information about a user’s スキャナー設定情報や変換フォーマ document or job to be ット、データの配信方法/配信先な processed by the TOE. ど一連の処理の流れ(手順)を、あ らかじめ機器に設定したもの。 親展ボックス 内部ハードディスク装置に作成さ れ、スキャナー機能およびコピー機 能により読み込まれた文書データを 蓄積する論理的なボックス。 - 19 – Copyright 2012 by Fuji Xerox Co., Ltd...
Functions perform MFD の機能 許可された特定の利用者だけが processing, storage, and TOE のコピー機能、プリンター機 transmission of data that 能、スキャナー機能等を使用するこ may be present in HCD とが可能。 products. These functions are used by SFR packages. - 20 – Copyright 2012 by Fuji Xerox Co., Ltd...
Persons who are not permitted to use the TOE who may attempt to use the TOE. b) Persons who are authorized to use the TOE who may attempt to use TOE - 21 – Copyright 2012 by Fuji Xerox Co., Ltd...
Users will be authorized to use the TOE only as permitted by the TOE Owner P.SOFTWARE.VERIFICATION To detect unintentional malfunction of the TSF, procedures will exist to self-verify executable code in the - 22 – Copyright 2012 by Fuji Xerox Co., Ltd...
TOE in accordance with those policies and procedures. A.ADMIN.TRUST Administrators do not use their privileged access rights for malicious purposes. - 23 – Copyright 2012 by Fuji Xerox Co., Ltd...
O.AUDIT_ACCESS.AUTH The TOE shall ensure that audit records can be ORIZED accessed in order to detect potential security violations, and only by authorized persons. - 24 – Copyright 2012 by Fuji Xerox Co., Ltd...
The TOE Owner shall ensure that audit logs are reviewed at appropriate intervals for security violations or unusual patterns of activity. OE.INTERFACE.MANAGED The IT environment shall provide protection from unmanaged access to TOE interfaces. - 25 – Copyright 2012 by Fuji Xerox Co., Ltd...
O.USER.AUTHORIZED establishes user persons. identification and authentication as the T.PROT.ALT basis for authorization. OE.USER.AUTHORIZED establishes responsibility of the TOE Owner to appropriately grant authorization. T.CONF.DIS TSF Confidential O.CONF.NO_DIS protects D.CONF from - 27 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 34
TOE. O.AUDIT_ACCESS.AUTHORIZED enables the analysis of audit logs only by authorized users to detect potential security violations for the TOE. - 28 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 35
Administrators. purposes. Administrators are aware of and OE.USER.TRAINED establishes A.USER.TRAINING trained to follow responsibility of the TOE Owner to provide security policies and appropriate User training. procedures. - 29 – Copyright 2012 by Fuji Xerox Co., Ltd...
Definition of the role(s) that are allowed to perform the management activities. b) Management of the conditions under which direct forwarding can be allowed by an administrative role. c) Revocation of such an allowance. - 30 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 37
The TSF shall provide the capability to restrict data receivedon [assignment: list of external interfaces] from being forwarded without further processing by the TSF to [assignment: list of external interfaces]. - 31 – Copyright 2012 by Fuji Xerox Co., Ltd...
Shared Job Flow sheet すべての利用者が共有して使用できるジョブフロー。 Used document data MFD の内部ハードディスク装置に蓄積された後、利用が終了しファ stored in the internal イルは削除されるが、内部ハードディスク装置内にはデータ部は残 存している状態の文書データ。 一般利用者(U.NORMAL)、SA が MFD のコピー機能、プリンタ Document data ー機能、スキャナー機能を利用する際に、MFD 内部を通過する全 ての画像情報を含むデータを、総称して文書データと表記する。 Security Audit Log いつ、誰が、どのような作業を行ったかという事象や重要なイベント (例えば障害や構成変更、ユーザー操作など)を、追跡記録された データ。 - 32 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 39
General User identifier、SA identifier、Key Operator identifier の総称である General User identifier 一般利用者(U.NORMAL)を識別認証するためのユーザーID SA を識別認証識別するためのユーザーID SA identifier Key Operator identifier 機械管理者を識別認証するためのユーザーID User identifier for each コピー機能、プリンター機能、スキャナー機能に対応したアクセス可 function 能なユーザー情報、使用制限の情報 Owner identifier of 親展ボックス、プライベートプリント内の文書データに対応したアクセ D.DOC ス可能なユーザー情報 - 33 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 40
TOE 設定データ(TSF データ)であり、SA 認証のためのパスワード Data on SA Password 情報 Data on General user ID TOE 設定データ(TSF データ)であり、一般利用者 (U.NORMAL)識別のための ID 情報。 TOE 設定データ(TSF データ)であり、一般利用者 Data on General user (U.NORMAL)認証のためのパスワード情報 Password - 34 – Copyright 2012 by Fuji Xerox Co., Ltd...
Data on Auto Clear 能の有効/無効およびクリア時間の情報、および CWIS のオート クリア機能の有効/無効の情報。 TOE 設定データ(TSF データ)であり、自己テスト機能の有効/無 Data on Self Test 効の情報。 TOE 設定データ(TSF データ)であり、レポート出力機能の設定 Data on Report Print 情報。 6.1. セキュリティ機能要件 (Security Functional Requirements) 本 TOE が提供するセキュリティ機能要件を以下に記述する。 - 35 – Copyright 2012 by Fuji Xerox Co., Ltd...
Audit data generation Hierarchical to: No other components. Dependencies: FPT_STM.1 Reliable time stamps FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: - 38 – Copyright 2012 by Fuji Xerox Co., Ltd...
FCS_CKM.1 None a) Minimal: Success and - - failure of the activity. b) Basic: The object attribute(s), and object value(s) excluding any sensitive information (e.g. secret or private keys). - 39 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 46
Mailbox. FDP_ACF.1(f) User name, job information, and success/failure regarding access to Mailbox. User name, job information, and success/failure regarding execution of Store Print. - 40 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 47
Unsuccessful use of the authentication mechanism; b) Basic: All use of the authentication mechanism. c) Detailed: All TSF mediated actions performed before authentication of the user. - 41 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 48
> FMT_MSA.1(c) administrator, values of security FMT_MSA.1(d) changes in attributes. FMT_MSA.1(e) registration data FMT_MSA.1(f) (ID, password, FMT_MSA.1(g) access right) of system administrator, and deletion of system administrator - 42 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 49
Test and the test TSF self tests and the result results of the tests. Minimal FTA_SSL.3 Log-in timeout None a) Minimal: Termination < > from remote. required of an interactive session - 43 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 50
FAU_GEN.2 User identity association Hierarchical to: No other components. Dependencies: FAU_GEN.1 Audit data generation FIA_UID.1 Timing of identification FAU_GEN.2.1 For audit events resulting from actions of identified users, the - 44 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 51
The TSF shall be able to [selection, choose one of: prevent, detect] unauthorized modifications to the stored audit records in the audit trail. [selection, choose one of: prevent, detect] - prevent FAU_STG.4 Prevention of audit data loss - 45 – Copyright 2012 by Fuji Xerox Co., Ltd...
[assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. [assignment: list of standards] - none [assignment: cryptographic key generation algorithm] - the Fuji Xerox’s standard method, FXOSENC [assignment: cryptographic key sizes] - 256bits FCS_COP.1 Cryptographic operation ...
- Delete the document except for data in Mailbox and his/her own Private Print documents - R1 - R2 - Register the document U.USER - R3 data to the Mailbox - 47 – Copyright 2012 by Fuji Xerox Co., Ltd...
- User identifier - Owner identifier of D.DOC - Owner identifier of D.FUNC +SMI Indicates data that is transmitted or received over a shared-medium interface. - none - 48 – Copyright 2012 by Fuji Xerox Co., Ltd...
Access control rule Copy - User identifier - Copy operation from U.USER When the user (F.CPY, F.SCN, - User identifier for control panel identifier for F.DSR) each function the function - 49 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 56
[assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP] - the list of subjects, objects, and operations among subjects and objects covered by the PRT Access Control SFP in Table19. - 50 – Copyright 2012 by Fuji Xerox Co., Ltd...
D.FUNC matches the user identifier of D.DOC, execution of Job Flow sheet is permitted. FDP_ACC.1 (e) Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control - 51 – Copyright 2012 by Fuji Xerox Co., Ltd...
[assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]. - the list of subjects, objects, and operations among subjects and objects covered by the DSR Access Control SFP in Table - 52 – Copyright 2012 by Fuji Xerox Co., Ltd...
[assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]. - the list of subjects, objects, and operations among subjects and objects in Table 23 - 53 – Copyright 2012 by Fuji Xerox Co., Ltd...
[assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. - rules specified in the Common Access Control SFP in - 54 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 61
[assignment: access control SFP] - TOE Function Access Control SFP in Table 18 [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security - 55 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 62
The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. - 56 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 63
19 governing access among Users and controlled objects using controlled operations on controlled objects. FDP_ACF.1.3(c) The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, - 57 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 64
The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. - 58 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 65
[assignment: access control SFP] - CPY Access Control SFP in Table 21 [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security - 59 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 66
- none FDP_ACF.1 (f) Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialization - 60 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 67
FDP_ACF.1.4 (f) The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly deny access of - 61 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 68
The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. - 62 – Copyright 2012 by Fuji Xerox Co., Ltd...
[assignment: range of acceptable values]] unsuccessful authentication attempts occur related to [assignment: list of authentication events]. [assignment: list of authentication events] - 63 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 70
- [assignment: positive integer number] FIA_AFL.1.2 (b) When the defined number of unsuccessful authentication attempts has been [selection: met, surpassed], the TSF shall [assignment: list of actions]. [selection: met, surpassed] - met - 64 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 71
No other components Dependencies: FIA_UAU.1 Timing of authentication FIA_AFL.1.1 (d) The TSF shall detect when [selection: [assignment: positive integer number], an administrator configurable positive integer within [assignment: range of acceptable values]] - 65 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 72
Verification of secrets Hierarchical to: No other components. Dependencies: No dependencies. FIA_SOS.1.1 The TSF shall provide a mechanism to verify that secrets (SA password and U.NORMAL password when local authentication - 66 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 73
The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. FIA_USB.1 User-subject binding Hierarchical to: No other components. Dependencies: FIA_ATD.1 User attribute definition - 67 – Copyright 2012 by Fuji Xerox Co., Ltd...
[selection: determine the behavior of, disable, enable, modify the behavior of] - disable, enable, modify the behavior of [assignment: list of functions] -List of security functions in Table 24 - 68 – Copyright 2012 by Fuji Xerox Co., Ltd...
SFP(s)] to restrict the ability to [selection: change default, query, modify, delete, [assignment: other operations]] the security attributes [assignment: list of security attributes] to [assignment: the authorized identified roles]. - 69 – Copyright 2012 by Fuji Xerox Co., Ltd...
Key operator identifier modify Key Operator SA identifier query, modify U.ADMINISTRATOR delete, creation General user identifier query, modify U.ADMINISTRATOR delete, creation User identifier for each query, modify U.ADMINISTRATOR function - 71 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 84
[assignment: access control SFP, information flow control SFP] - PRT Access Control SFP in Table 19 [selection, choose one of: restrictive, permissive, [assignment: other property]] - [assignment: other property] - Initialization property in Table 32 - 78 – Copyright 2012 by Fuji Xerox Co., Ltd...
[assignment: the authorized identified roles] - none FMT_MSA.3 (e) Static attribute initialization Hierarchical to: No other components. Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles - 79 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 86
FMT_MSA.3.2 (f) The TSF shall allow the [assignment: the authorized identified roles] to specify alternative initial values to override the default values when an object or information is created. - 80 – Copyright 2012 by Fuji Xerox Co., Ltd...
The TSF shall restrict the ability to [selection: change default, query, modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorized identified roles]. - 81 – Copyright 2012 by Fuji Xerox Co., Ltd...
U.ADMINISTRATOR Protection Data on Customer Engineer query, modify U.ADMINISTRATOR Operation Restriction Data on Hard Disk Data query, modify U.ADMINISTRATOR Encryption Data on Hard Disk Data query, modify U.ADMINISTRATOR Overwrite - 82 – Copyright 2012 by Fuji Xerox Co., Ltd...
Data on General user ID query, modify, delete, U.ADMINISTRATOR creation Data on General user modify U.ADMINISTRATOR , Password U.NORMAL FMT_SMF.1 Specification of Management Functions Hierarchical to: No other components. - 83 – Copyright 2012 by Fuji Xerox Co., Ltd...
FCS_COP.1 Management of data on Hard Disk There are no management Data Encryption activities foreseen. FDP_ACC.1(a) There are no management FDP_ACC.1(b) activities foreseen. FDP_ACC.1(c) FDP_ACC.1(d) FDP_ACC.1(e) FDP_ACC.1(f) FDP_ACC.1(g) - 84 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 91
Management of actions to be taken in the event of an FIA_AFL.1(d) Reason: The function is fixed and is authentication failure. not managed. FIA_ATD.1 none a) If so indicated in the - 85 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 92
FMT_MSA.1(f) specified values. FMT_MSA.1(g) FMT_MSA.3(a) none a) managing the group of roles FMT_MSA.3(b) Reason: The role group is only a that can specify initial values; - 86 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 93
Configuring the actions that Network Data Protection. require trusted channel, if supported. FPT_FDI_EXP.1 none a) Definition of the role(s) that Reason: The role and transfer are allowed to perform the - 87 – Copyright 2012 by Fuji Xerox Co., Ltd...
[assignment: list of external interfaces] - any external interfaces [assignment: list of external interfaces] - any Shared-medium interfaces FPT_STM.1 Reliable time stamps Hierarchical to: No other components. Dependencies: No dependencies. - 88 – Copyright 2012 by Fuji Xerox Co., Ltd...
Page 95
The TSF shall provide authorised users with the capability to verify the integrity of [selection: [assignment: parts of TSF], TSF]. [selection: [assignment: parts of TSF] - [assignment: parts of TSF] - TSF executable code in program ROM - 89 – Copyright 2012 by Fuji Xerox Co., Ltd...
[assignment: list of functions for which a trusted channel is required]. [assignment: list of functions for which a trusted channel is required]. - communication of D.DOC, D.FUNC, and D.CONF over any Shared-medium Interface - 90 – Copyright 2012 by Fuji Xerox Co., Ltd...
EAL 3 is augmented with ALC_FLR.2, Flaw reporting procedures. ALC_FLR.2 ensures that instructions and procedures for the reporting and remediation of identified security flaws are in place, and their inclusion is expected by the consumers of this TOE. - 103 – Copyright 2012 by Fuji Xerox Co., Ltd...
(1) FMT_MOF.1 Management of security functions behaviour(セキュリティ機能のふるま いの管理) FMT_MTD.1(a)、FMT_MTD.1(b) Management of TSF data (TSF データの管理) FMT_SMF.1 Specification of Management Functions (管理機能の特定) TOE は識別認証されたシステム管理者のみに、下記の TOE セキュリティ機能に関係する TOE 設定デー タ(TSF データ)の参照と設定変更、および各機能の有効/無効を設定するユーザーインターフェースを提 - 113 – Copyright 2012 by Fuji Xerox Co., Ltd...
(Serial Electronically Erasable and Programmable Read Only Memory) セキュリティ機能方針(Security Function Policy) セキュリティ機能要件(Security Functional Requirement) 電子メール送信プロトコル(Simple Mail Transfer Protocol) SMTP 機能強度(Strength of Function) セキュリティターゲット(Security Target) 評価対象(Target of Evaluation) TOE セキュリティ機能(TOE Security Function) - 122 – Copyright 2012 by Fuji Xerox Co., Ltd...