Samsung X4220 Instruction Manual
  1. Manuals
  2. Brands
  3. Samsung Manuals
  4. Printer
  5. X4220
  6. Instruction manual

Samsung X4220 Instruction Manual

Multifunction multixpress
Hide thumbs
Table of Contents

Advertisement

Quick Links

Samsung Multifunction MultiXpress X4220, X4250, X4300,
X401, K4250, K4300, K4350, K401 Series
Security Target
Version 1.2
SAMSUNG ELECTRONICS Co., Ltd.
This is proprietary information of SAMSUNG ELECTRONICS Co., Ltd. No part of the information contained in
this document may be reproduced without the prior consent of SAMSUNG ELECTRONICS Co., Ltd

Advertisement

Table of Contents
loading

Related Manuals for Samsung X4220

Summary of Contents for Samsung X4220

  • Page 1 X401, K4250, K4300, K4350, K401 Series Security Target Version 1.2 SAMSUNG ELECTRONICS Co., Ltd. This is proprietary information of SAMSUNG ELECTRONICS Co., Ltd. No part of the information contained in this document may be reproduced without the prior consent of SAMSUNG ELECTRONICS Co., Ltd...

  • Page 2: Document History

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Document History SECTIONS VERSION DATE DESCRIPTION OF CHANGE REVISED BY AFFECTED ­ 2014-04-27 Kwangwoo Lee Initial version ­ 2014-09-30 Kwangwoo Lee KSEL-CC-2014-EOR-03-V1.00 ­ 2014-10-14 Error Correction Kwangwoo Lee ...

  • Page 3: Table Of Contents

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series CONTENTS Introduction ........................... 7 ..................7 ECURITY ARGET EFERENCES TOE R ......................7 EFERENCES TOE O ....................... 7 VERVIEW 1.3.1 TOE Type, Usage and Security features ..................7 TOE D ......................
  • Page 4 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.1.5 Class FMT: Security management ....................59 6.1.6 Class FPT: Protection of the TSF ....................64 6.1.7 Class FTA: TOE access ....................... 65 6.1.8 Class FTP: Trusted path/channels ....................65 ................

  • Page 5: List Of Figures

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series LIST OF FIGURES Figure 1: Operational Environment of the TOE ......................9 Figure 2: Logical Scope ............................... 15  Copyright 2014 SAMSUNG ELECTRONICS Co., Ltd., All rights reserved...
  • Page 6 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series LIST OF TABLES Table 1: General Specification for TOE ........................10 Table 2: Non-TOE Hardware ............................11 Table 3: Non-TOE Software ............................11 Table 4: Notational Prefix Conventions ........................19 Table 5: Acronyms ..............................

  • Page 7: Introduction

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Introduction This document describes Security Target of Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series. Security Target References Security Target Title Samsung Multifunction MultiXpress...
  • Page 8 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series U.USER against an internal database. If U.ADMINISTRATOR selects the external authentication as an authentication method, then MFP will authenticate the U.USER using an external authentication server. The TOE authorizes U.USER according to the identification &...

  • Page 9: Toe Description

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series The TOE provides a trusted channel between itself and another trusted IT product to protect user data or TSF data that are transmitted or received over network. TOE Description This section provides detailed information for the TOE evaluator and latent customer about TOE security functions.

  • Page 10: Table 1: General Specification For Toe

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series security audit report. The U.USER’s account information that requires asking for internal authentication by TOE can be stored on the hard disk drive of the TOE. All of the information stored on the hard disk drive is protected by the TOE.

  • Page 11: Non-Toe Hardware/Software Required By The Toe

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 1.4.2 Non-TOE Hardware/Software required by the TOE 1.4.2.1 Non-TOE Hardware Table 2: Non-TOE Hardware Item Objective Mail server The SMTP (Simple Mail Transfer Protocol) server is used for e-mail transmission.

  • Page 12: Physical Scope

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 1.4.3 Physical Scope This section describes physical scope of the TOE. The physical scope of the TOE is MFP itself. The TOE is consists of the following components; UI (Operational Panel), DADF Engine, Flatbed Engine, Fax Modem, Main Control Board, Power Unit, USB Port, Network Unit, Finisher, Optional Tray, and HDD.
  • Page 13 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series The Main Control Board consists of processor, RAM, Flash ROM, and NVRAM. It communicates the information with other part of TOE to control the MFP.  Power Unit A Power Unit provides the electric energy to operate the Engine Units and Control Boards.
  • Page 14 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series - Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Installation Guide V1.1  Copyright 2014 SAMSUNG ELECTRONICS Co., Ltd., All rights reserved...

  • Page 15: Logical Scope

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 1.4.4 Logical Scope Figure 2: Logical Scope 1.4.4.1 MFP Basic Functions Print Function: producing a hardcopy document from its electronic form Scan Function: producing an electronic document from its hardcopy form...
  • Page 16 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 1.4.4.2 TOE Security Functions The following security functions are provided by the TOE: Identification & Authentication (TSF_FIA) The TOE provides two types of user identification and authentication methods. If U.ADMINISTRATOR configures the local authentication, the MFP will authenticate the...
  • Page 17 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Packets via MAC addresses registered by U.ADMINISTRATOR are not allowed. Security Management (TSF_FMT) The TOE accomplishes security management for the security function, TSF data, and security attribute. Only U.ADMINISTRATOR can manage the security functions through the LUI (Local User Interface) and RUI (Remote User Interface): security functions can be start and stop by U.ADMINISTRATOR.
  • Page 18 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series The TOE provides an encryption function during the data storage procedure and a decryption function in the process of accessing stored data from hard disk drive. The TOE generates cryptographic keys when the TOE is initialized at the first setout the secret key (256 bits) is used for encrypting and decrypting user data and TSF data that is stored on the HDD.

  • Page 19: Conventions

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Conventions This section describes the conventions used to denote Common Criteria (CC) operations on security functional components and to distinguish text with special meaning. The notation, formatting, and conventions used in this ST are largely consistent with those used in the CC.
  • Page 20 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Application note clarifies the definition of requirement. It also can be used when an additional statement except for the four presentations previously mentioned. Application notes are denoted by underlined text.

  • Page 21: Terms And Definitions

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Terms and Definitions Basically, this security target shall follow the terms and definitions specified in common criteria and the protection profile. They will not be additionally described in this document.
  • Page 22 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Incoming Fax This is a fax function which is receiving a fax data through a public switched telephone network. RUI, Remote UI, Remote User Interface Interface for U.NORMAL or U.ADMINISTRATOR to access, use, or manage the TOE through a web service.

  • Page 23: Acronyms

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Abbreviation of Modified Relative Element Address Designate MH coding. Abbreviation of Modified Modified Relative Element Address Designate MH coding. More advanced type than MR coding. Acronyms This section defines the meanings of acronyms used throughout this Security Target (ST) document.

  • Page 24: Organization

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Modified Huffman coding Organization Chapter 1 introduces the overview of Security Target, which includes references of Security Target, reference of the TOE, the TOE overview, and the TOE description.

  • Page 25: Conformance Claims

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Conformance Claims This chapter describes how the Security Target conforms to the Common Criteria, Protection Profile and Package. Conformance to Common Criteria This Security Target conforms to the following Common Criteria: ...

  • Page 26: Conformance Claim Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series  Assurance Package: EAL2 augmented by ALC_FLR.2  2600.2-PRT, SFR Package for Hardcopy Device Print Functions, Operational Environment B Package version: 1.0, dated March 2009  2600.2-SCN, SFR Package for Hardcopy Device Scan Functions, Operational Environment B Package version: 1.0, dated March 2009...

  • Page 27: Security Objectives Related Conformance Claim Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Table 7: Security Problems Definition Related Conformance Claim Rationale - Organizational Security Policies Organizational Security Policy Rationale P.USER.AUTHORIZATION Equal to the PP: the security policies in this ST are defined the same as the PP.

  • Page 28: Security Functional Requirements Related Conformance Claim Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Security Objectives for TOE Rationale O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED Equal to the PP: the security objectives in this ST are defined the O.AUDIT_STORAGE.PROTECTED same as the PP. If the TOE provides an internal capability to provide access to audit records, then the ST Author should add these objectives.
  • Page 29 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Category PP SFR ST SFR Rationale the “demonstrable conformance”. FDP_ACC.1(a) FDP_ACC.1(1) FDP_ACC.1(b) FDP_ACC.1(2) FDP_ACF.1(a) FDP_ACF.1(1) FDP_ACF.1(b) FDP_ACF.1(2) FDP_RIP.1 FDP_RIP.1 FIA_ATD.1 FIA_ATD.1 FIA_UAU.1 FIA_UAU.1 FIA_UID.1 FIA_UID.1 FIA_USB.1 FIA_USB.1 FMT_MSA.1(a)(b) FMT_MSA.1(1)(2)

  • Page 30: Security Assurance Requirements Related Conformance Claim Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Category PP SFR ST SFR Rationale Requirements FPT_FDI_EXP.1 FPT_FDI_EXP.1 from the PP FTP_ITC.1 FTP_ITC.1 Addition FAU_SAR.1 These SFRs are augmented according to PP APPLICATION NOTE 5 and 7 in order for the FAU_SAR.2...

  • Page 31: Toe Type Related Conformance Claim Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series PP SAR ST SAR Rationale “demonstrable conformance”. augmented by ALC_FLR.2 augmented by ALC_FLR.2 2.4.5 TOE type related Conformance Claim Rationale This section demonstrates that the TOE type is consistent with the TOE type in the PPs for which conformance is being claimed.

  • Page 32: Security Problem Definition

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Security Problem Definition This chapter defines assumptions, organizational security policies, and threats intended for the TOE and TOE operational environments to manage. Threats agents The threats agents are users that can adversely access the internal asset or harm the internal asset in an abnormal way.

  • Page 33: Organizational Security Policies

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Organizational Security Policies This chapter describes the Organizational Security Policies (OSPs) that apply to the TOE. OSPs are used to provide a basis for Security Objectives that are commonly desired by TOE Owners in this operational environment but for which it is not practical to universally define the assets being protected or the threats to those assets.
  • Page 34 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Assumption Definition organization and are trained and competent to follow those policies and procedures. A.ADMIN.TRAINING Administrators are aware of the security policies and procedures of their organization, are trained and competent to follow the manufacturer’s guidance and documentation, and to correctly configure and operate the TOE in accordance with those policies and procedures.

  • Page 35: Security Objectives

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Security Objectives The security objectives are categorized into two parts: The security objectives for the TOE are to meet the goal to counter all threats and enforce all organizational security policies defined in this ST.

  • Page 36: Security Objectives For The Toe (Additional)

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 4.1.2 Security Objectives for the TOE (Additional) The security objectives for the TOE additionally defined are as follows: Table 19: Security Objectives for the TOE (Additional) Objective Definition O.AUDIT_STORAGE.PROTECTED...
  • Page 37 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Objective Definition OE.USER.TRAINED The TOE Owner shall ensure that TOE Administrators are aware of the security policies and procedures of their organization and have the training and competency to follow those policies and procedures.

  • Page 38: Security Objectives Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Security Objectives Rationale This section demonstrates that each threat, organizational security policy, and assumption is mitigated by at least one security objective and that those security objectives counter the threats, enforce the policies, and uphold the assumptions.

  • Page 39: Table 22: Sufficiency Of Security Objectives

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Table 22: Sufficiency of Security Objectives Threats, Policies, and Summary Objectives and Rationale Assumptions T.DOC.DIS User Document Data may be O.DOC.NO_DIS protects D.DOC from disclosed to unauthorized persons unauthorized disclosure O.USER.AUTHORIZED establishes user...
  • Page 40 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Threats, Policies, and Summary Objectives and Rationale Assumptions P.SOFTWARE.VERIF Procedures will exist to self- O.SOFTWARE.VERIFIED provides procedures ICATION verify executable code in the TSF to self-verify executable code in the TSF.

  • Page 41: Extended Component Definition

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Extended Component Definition FPT_FDI_EXP Restricted forwarding of data to external interfaces Family behaviour: This family defines requirements for the TSF to restrict direct forwarding of information from one external interface to another external interface.
  • Page 42 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series data first) between different external interfaces is therefore a function that—if allowed at all—can only be allowed by an authorized role. It has been viewed as useful to have this functionality as a single component that allows specifying the property to disallow direct forwarding and require that only an authorized role can allow this.

  • Page 43: Security Requirements

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Security Requirements This Security Target defines the subjects (user), objects, operations, security attributes, external entities, and other conditions used in the security requirements as follows: Users Users are entities that are external to the TOE and interact with the TOE. There may be two types of Users: Normal and Administrator.

  • Page 44: Table 25: Tsf Data

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series TSF Data TSF Data are data created by and for the TOE and that might affect the operation of the TOE. This type of data is composed of two objects: TSF Protected Data and TSF Confidential Data.

  • Page 45: Table 27: Functions

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series  Network Protocol and Port Configuration  Digital Certificate  IP Filtering Address  MAC Filtering Address  Image Overwrite Configuration  Encryption Key Data  Scan/Fax/SMB/E-mail destination lists ...

  • Page 46: Table 28: Attributes

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Table 28: Attributes Designation Definition +PRT Indicates data that are associated with a print job. +SCN Indicates data that are associated with a scan job. +CPY Indicates data that are associated with a copy job.

  • Page 47: Security Functional Requirements

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Security Functional Requirements The security functional requirements defined in this Security Target conform to the PP. Additional security functional requirements in this ST not defined in the PP are based on the functional requirements in Part 2 of the Common Criteria.

  • Page 48: Class Fau: Security Audit

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Class Component Defined in FIA_UID.1 Timing of identification FIA_USB.1 User-subject binding Security FMT_MSA.1(1)(2) Management of security attributes Management FMT_MSA.1(3)(4) Management of security attributes This ST additionally FMT_MSA.3(1)(2) Static attribute initialization FMT_MSA.3(3)(4)

  • Page 49: Table 31: Audit Data

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Relevant SFR in Table 31; [The Auditable Events specified in Table 31 below]. FAU_GEN.1.2 The TSF shall record within each audit record at least the following information: - Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event;...
  • Page 50 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.1.1.3 FAU_SAR.1 Audit review Hierarchical to: No other components. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.1 The TSF shall provide [U.ADMINISTRATOR] with the capability to read [all of audit information] from the audit records.

  • Page 51: Class Fcs: Cryptographic Support

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Dependencies: FAU_STG.1 Protected audit trail storage FAU_STG.4.1 The TSF shall overwrite the oldest stored audit records and [none] if the audit trail is full. 6.1.2 Class FCS: Cryptographic support 6.1.2.1 FCS_CKM.1 Cryptographic key generation...

  • Page 52: Class Fdp: User Data Protection

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.1.3 Class FDP: User data protection 6.1.3.1 FDP_ACC.1(1) Subset access control Hierarchical to: No other components Dependencies: FDP_ACF.1 Security attribute based access control FDP_ACC.1.1(1) The TSF shall enforce the Common Access Control SFP in Table 32 on the list of users as subjects, objects, and operations among subjects and objects covered by the Common Access Control SFP in Table 32.

  • Page 53: Table 32: Common Access Control Sfp

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FMT_MSA.3 Static attribute initialization FDP_ACF.1.1(1) The TSF shall enforce the Common Access Control SFP in Table 32 to objects based on the following: the list of users as subjects and objects controlled under the Common Access Control SFP in Table 32, and for each, the indicated security attributes in Table 32.

  • Page 54: Table 33: Toe Function Access Control Sfp

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FDP_ACF.1.2(2) The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: the user is explicitly authorized by U.ADMINISTRATOR to use a function FDP_ACF.1.3(2) The TSF shall explicitly authorize access of subjects to objects based on the...

  • Page 55: Table 34: Service (Prt, Scn, Cpy, Fax) Access Control Sfp

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FDP_ACF.1.4(3) The TSF shall explicitly deny access of subjects to objects based on the [None]. Table 34: Service (PRT, SCN, CPY, FAX) Access Control SFP Access Security Attribute...
  • Page 56 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FDP_IFC.2.2 The TSF shall ensure that all operations that cause any information in the TOE to flow to and from any subject in the TOE are covered by an information flow control SFP.

  • Page 57: Class Fia: Identification And Authentication

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.1.4 Class FIA: Identification and authentication 6.1.4.1 FIA_AFL.1 Authentication failure handling Hierarchical to: No other components Dependencies: FIA_UAU.1 Timing of authentication FIA_AFL.1.1 The TSF shall detect when [3] unsuccessful authentication attempts occur related to [U.ADMINISTRATOR and U.NORMAL authentication]...
  • Page 58 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FIA_UAU.1.2 The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. Application Note: U.ADMINISTRATOR authentication is performed internally by the TOE.

  • Page 59: Class Fmt: Security Management

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.1.4.6 FIA_USB.1 User-subject binding Hierarchical to: No other components. Dependencies: FIA_ATD.1 User attribute definition FIA_USB.1.1 The TSF shall associate the following user security attributes with subjects acting on the behalf of that user: [User ID, Group ID, and User Role].

  • Page 60: Table 35: Management Of Security Attributes

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MSA.1.1(2) The TSF shall enforce the TOE Function Access Control SFP in Table 33, [none] to restrict the ability to query, modify, delete, [create] the security attributes [list of security attributes in Table 33] to [U.ADMINISTRATOR].
  • Page 61 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ○ ○ Protocol ○ ○ Port 6.1.5.5 FMT_MSA.3(1) Static attribute initialization Hierarchical to: No other components. Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles FMT_MSA.3.1(1) The TSF shall enforce the Common Access Control SFP in Table 32, [none] to provide restrictive default values for security attributes that are used to enforce the SFP.

  • Page 62: Table 36: Management Of Tsf Data

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FMT_MSA.3.1(3) The TSF shall enforce the [Service (PRN, SCN, CPY, FAX) Access Control SFP in Table 34] to provide restrictive default values for security attributes that are used to enforce the SFP.

  • Page 63: Table 37: Management Functions

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series the authorized identified Selection Operation roles TSF data query modify delete [add] ○ ○ SMTP Server Configuration ○ ○ ○ ○ Address Book ○ ○ Log in Identification ○...

  • Page 64: Class Fpt: Protection Of The Tsf

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.1.5.11 FMT_SMR.1 Security roles Hierarchical to: No other components. Dependencies: FIA_UID.1 Timing of identification FMT_SMR.1.1 The TSF shall maintain the roles U.ADMINISTRATOR, U.NORMAL, [none]. FMT_SMR.1.2 The TSF shall be able to associate users with roles, except for the role “Nobody” to which no user shall be associated.

  • Page 65: Class Fta: Toe Access

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FPT_TST.1.1 The TSF shall run a suite of self tests during initial start-up to demonstrate the correct operation of [HDD Encryption Function]. FPT_TST.1.2 The TSF shall provide authorized users with the capability to verify the integrity of [Encryption Key data].

  • Page 66: Security Assurance Requirements

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FTP_ITC.1.3 The TSF shall initiate communication via the trusted channel for communication of D.DOC, D.FUNC, D.PROT, and D.CONF over any Shared-medium Interface. Security Assurance Requirements Security assurance requirements (SAR) defined in this document consists of assurance component in Common Criteria for Information Technology Security Evaluation, Part 3.

  • Page 67: Class Ase: Security Target Evaluation

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.2.1 Class ASE: Security Target evaluation 6.2.1.1 ASE_CCL.1 Conformance claims Dependencies: ASE_INT.1 ST introduction ASE_ECD.1 Extended components definition ASE_REQ.1 Stated security requirements Developer action elements: ASE_CCL.1.1D The developer shall provide a conformance claim.
  • Page 68 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.2.1.2 ASE_ECD.1 Extended components definition Dependencies: No dependencies. Developer action elements: ASE_ECD.1.1D The developer shall provide a statement of security requirements. ASE_ECD.1.2D The developer shall provide an extended components definition.
  • Page 69 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ASE_INT.1.7C The TOE description shall describe the physical scope of the TOE. ASE_INT.1.8C The TOE description shall describe the logical scope of the TOE. Evaluator action elements: ASE_INT.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
  • Page 70 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Content and presentation elements: ASE_REQ.2.1C The statement of security requirements shall describe the SFRs and the SARs. ASE_REQ.2.2C All subjects, objects, operations, security attributes, external entities and other terms that are used in the SFRs and the SARs shall be defined.

  • Page 71: Class Adv: Development

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ASE_REQ.1 Stated security requirements ADV_FSP.1 Basic functional specification Developer action elements: ASE_TSS.1.1D The developer shall provide a TOE summary specification. Content and presentation elements: ASE_TSS.1.1C The TOE summary specification shall describe how the TOE meets each SFR.
  • Page 72 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ADV_ARC.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.2.2.2 ADV_FSP.2 Security-enforcing functional specification Dependencies: ADV_TDS.1 Basic design Developer action elements: ADV_FSP.2.1D...

  • Page 73: Class Agd: Guidance Documents

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ADV_TDS.1.3C The design shall describe the behaviour of each SFR-supporting or SFR non-interfering TSF subsystem in sufficient detail to determine that it is not SFR-enforcing. ADV_TDS.1.4C The design shall summarise the SFR-enforcing behaviour of the SFR enforcing subsystems.

  • Page 74: Class Alc: Life-Cycle Support

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series AGD_OPE.1.7C The operational user guidance shall be clear and reasonable. Evaluator action elements: AGD_OPE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
  • Page 75 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series 6.2.4.2 ALC_CMS.2 Parts of the TOE CM coverage Dependencies: No dependencies. Developer action elements: ALC_CMS.2.1D The developer shall provide a configuration list for the TOE. Content and presentation elements: ALC_CMS.2.1C...

  • Page 76: Class Ate: Tests

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ALC_FLR.2.3D The developer shall provide flaw remediation guidance addressed to TOE users. Content and presentation elements: ALC_FLR.2.1C The flaw remediation procedures documentation shall describe the procedures used to track all reported security flaws in each release of the TOE.
  • Page 77 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ATE_COV.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.2.5.2 ATE_FUN.1 Functional testing Dependencies: ATE_COV.1 Evidence of coverage Developer action elements: ATE_FUN.1.1D...

  • Page 78: Class Ava: Vulnerability Assessment

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ATE_IND.2.3E The evaluator shall test a subset of the TSF to confirm that the TSF operates as specified. 6.2.6 Class AVA: Vulnerability assessment 6.2.6.1 AVA_VAN.2 Vulnerability analysis Dependencies: ADV_ARC.1 Security architecture description...

  • Page 79: Security Requirements Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Security Requirements Rationale This section demonstrates that the security requirements are satisfied with the security objectives for the TOE. 6.3.1 Security Functional Requirements’ Rationale The security functional requirements’ rationale shall demonstrate the following: Each security objective is addressed based on at least one security functional requirement.

  • Page 80: Table 39: Completeness Of Security Objectives

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Table 39: Completeness of Security Objectives TOE Security Function Security Functional Requirement FAU_GEN.1 FAU_GEN.2 FAU_SAR.1 FAU_SAR.2 FAU_STG.1 FAU_STG.4 FCS_CKM.1 FCS_CKM.4 FCS_COP.1 FDP_ACC.1(1) FDP_ACC.1(2) FDP_ACC.1(3) FDP_ACF.1(1) FDP_ACF.1(2) FDP_ACF.1(3) FDP_IFC.2 FDP_IFF.1...

  • Page 81: Table 40: Security Requirements Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Table 40: Security Requirements Rationale Objectives Description SFRs Purpose O.DOC.NO_DIS Protection of User Data from FDP_ACC.1(1)(3) Enforces protection unauthorized disclosure or establishing an access control O.DOC.NO_ALT alteration policy.
  • Page 82 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Objectives Description SFRs Purpose roles. FCS_CKM.1 Supports cryptographic operation by requiring the key generation for HDD encryption.. FCS_CKM.4 Supports cryptographic operation by requiring the key destruction for HDD encryption..
  • Page 83 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Objectives Description SFRs Purpose function. FIA_UAU.1 Enforces management external interfaces by requiring user authentication. FIA_UID.1 Enforces management external interfaces by requiring user identification. FMT_MSA.1(4) Supports information flow control function by enforcing control of security attribute.

  • Page 84: Security Assurance Requirements Rationale

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Objectives Description SFRs Purpose all users read access to the audit records, except those users that have been granted access specifically. 6.3.2 Security Assurance Requirements Rationale Security assurance requirements of this security target conform to U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std.2600.2™-2009).
  • Page 85 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FCS_CKM.4 [FDP_ITC.1, or FCS_CKM.4 FDP_ITC.2, or FCS_CKM.1] [FDP_ITC.1, or FDP_ITC.2, or 7, 8 FCS_COP.1 FCS_CKM.1] FCS_CKM.4 FDP_ACC.1(1) FDP_ACF.1(1) FDP_ACC.1(2) FDP_ACF.1(2) FDP_ACC.1(3) FDP_ACF.1(3) FDP_ACC.1(1), FDP_ACF.1(1) 10, 29 FMT_MSA.3(1) FDP_ACC.1(2), FDP_ACF.1(2)

  • Page 86: Sar Dependencies

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series FMT_MSA.1(1) FMT_MSA.3(1) 25, 34 FMT_SMR.1 FMT_MSA.1(2) FMT_MSA.3(2) 26, 34 FMT_SMR.1 FMT_MSA.1(3) FMT_MSA.3(3) 27, 34 FMT_SMR.1 FMT_MSA.1(4) FMT_MSA.3(4) 28, 34 FMT_SMR.1 FMT_SMR.1, FMT_MTD.1 34, 35 FMT_SMF.1 FMT_SMF.1 FMT_SMR.1 FIA_UID.1 FPT_FDI_EXP.1...

  • Page 87: Toe Summary Specification

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series TOE Summary Specification TOE Security Functions This section presents the security functions performed by the TOE to satisfy the identified SFRs in Section 6.1 • Identification & Authentication (TSF_FIA) •...

  • Page 88: Network Access Control (Tsf_Nac)

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series The TOE does not display the entered U.USER’s login password while the authentication is in progress. The TOE displays a sequence of ‘*’ or ‘•’ characters whose length is the same as that of the entered.

  • Page 89: Security Management (Tsf_Fmt)

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series The TOE only allows access from authorized ports, connection using authorized protocol services by configuring the port number, and enabling/disabling network services accessing the MFP system. The default values of protocol/port are “disabled”. Therefore, all packets will be denied until U.ADMINISTRATOR’s changes.

  • Page 90: Table 43: Management Of Tsf Data

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series ○ ○ Protocol (to deny) ○ ○ Port ○ ○ ○ ○ User Role, User ID, User group ID The TOE shall restrict the ability to query, modify, delete, and add the TSF data to the authorized identified roles.

  • Page 91: Security Audit (Tsf_Fau)

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Management Functions Management of security roles (User Group ID) Management of TSF testing (initiation) Management of fax forward functions There are two types of Users in the TOE; U.NORMAL and U.ADMINISTRATOR: U.ADMINISTRATOR has been specifically granted the authority to perform security management of...

  • Page 92: Image Overwrite (Tsf_Iow)

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Both successful and unsuccessful use of FIA_UAU. 1 Basic None required the authentication mechanism Both successful and unsuccessful use of FIA_UID. 1 Basic Attempted user the identification mechanism...

  • Page 93: Fax Data Control (Tsf_Flw)

    Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series Before storing temporary data, document data, and system data on the HDD of the MFP, the TOE encrypts the data using the AES 256 algorithm and cryptographic key.
  • Page 94 Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series The TOE also provides secure communication between the TOE and the other trusted IT product by IPSec. IPSec provides securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session.

This manual is also suitable for:

X4300X401K4250K4300K4350K401 series ... Show all

Table of Contents