Fuji Xerox C2265 Manual
  1. Manuals
  2. Brands
  3. Fuji Xerox Manuals
  4. Copier
  5. DocuCentre-V C2265
  6. Manual
Fuji Xerox C2265 Manual

Fuji Xerox C2265 Manual

Hide thumbs Also See for C2265:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, User Manual
Fuji Xerox
DocuCentre-V C2265/C2263 models
with Hard Disk, Data Security, Scan, 
and Fax
Security Target
Version 1.1.7
This document is a translation of the evaluated
and certified security target written in Japanese.
March 2016

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the C2265 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Fuji Xerox C2265

Summary of Contents for Fuji Xerox C2265

  • Page 1 Fuji Xerox DocuCentre-V C2265/C2263 models with Hard Disk, Data Security, Scan,  and Fax Security Target Version 1.1.7 This document is a translation of the evaluated and certified security target written in Japanese. March 2016...

  • Page 2: Table Of Contents

    - Table of Contents - ST INTRODUCTION ........................ 1 1.1. ST Reference ..............................1 1.2. TOE Reference ............................... 1 1.3. TOE Overview ..............................2 1.3.1. TOE Type and Major Security Features ...................... 2 1.3.2. Environment Assumptions ..........................5 1.3.3. Required Non-TOE Hardware and Software .................... 6 1.4.
  • Page 3 6.1.2. Class FCS: Cryptographic Support ......................50 6.1.3. Class FDP: User Data Protection ........................ 51 6.1.4. Class FIA: Identification and Authentication ..................67 6.1.5. Class FMT: Security Management ......................70 6.1.6. Class FPT: Protection of the TSF ........................ 90 6.1.7. Class FTA: TOE Access .............................
  • Page 4 - List of Figures and Tables - Figure 1 General Operational Environment ......................6 Figure 2 MFD Units and TOE Logical Scope ......................9 Figure 3 Authentication Flow for Private Print and Mailbox ................ 12 Figure 4 MFD Units and TOE Physical Scope ..................... 17 Figure 5 Assets under and not under Protection ....................
  • Page 5 Table 33 Initialization property ..........................79 Table 34 Initialization property ..........................81 Table 35 Initialization property ..........................84 Table 36 Operation of TSF Data ..........................84 Table 37 Operation of TSF Data ..........................86 Table 38 Security Management Functions Provided by TSF ............... 86 Table 39 Security Assurance Requirements ......................

  • Page 6: St Introduction

    Ver. 2.0.8 Developer: Fuji Xerox Co., Ltd. NOTE: When Fuji Xerox DocuCentre-V C2265/C2263 is not equipped with one or more of the following: Hard Disk, Data Security, Scan, and Fax functions, the corresponding kits described below shall be installed. ・Function Extension Kit (Hard Disk): EC103136 (For Japan and for overseas) ・Fax Kit: QC100164 (For Japan), EC103127 (For overseas)

  • Page 7: Toe Overview

    TOE Type and Major Security Features 1.3.1.1. TOE Type This TOE, categorized as an IT product, is the Fuji Xerox DocuCentre-V C2265/C2263 (hereinafter referred to as “MFD”) which has the copy, print, scan, and fax functions. The TOE is the product which controls the whole MFD and protects the data that are transmitted over the encryption communication protocols.
  • Page 8 Print function is to decompose and print out the print data transmitted by a general user client. ・ CWIS (CentreWare Internet Services) is to retrieve the document data scanned by MFD from Mailbox. - 3 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 9 A system administrator can prohibit CE from referring to, and changing the TOE security function settings. (6) Security Audit Log The important events of TOE such as device failure, configuration change, and user - 4 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 10: Environment Assumptions

    This TOE is assumed to be used as an IT product at general office and to be connected to public telephone line, user clients, and the internal network protected from threats on the external network by firewall etc. Figure 1 shows the general environment for TOE operation. - 5 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 11: Required Non-Toe Hardware And Software

    MFD. Additionally, the general user can change the settings which he/she registered to the MFD: Mailbox name, password, access control, and automatic deletion of document. - 6 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 12 The OS of (1) general user client and (2) system administrator client are assumed to be Windows Vista, and Windows 7. The (5) LDAP server and (6) Kerberos server are assumed to be Windows Active Directory. - 7 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 13: Toe Description

    CE. 1.4.2. Logical Scope and Boundary The logical scope of this TOE is each function of the programs. Figure 2 shows the logical architecture of the MFD. - 8 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 14: Figure 2 Mfd Units And Toe Logical Scope

    Control panel and local interface that cannot be accessed by multiple simultaneous Users. Shared Medium Interface Mechanisms for exchanging information that can be simultaneously accessed by multiple Users; such as network interface. Original Document Handler - 9 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 15: Table 3 Toe Basic Functions

    IIT and sent to the destination via public telephone line. The document data are received from the sender’s machine via public - 10 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 16 Accounting System preset from printer driver. A user must be authenticated from the control panel for print job.) Functions controlled by CWIS: Display of device condition, display of job status and its log, function to retrieve - 11 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 17: Figure 3 Authentication Flow For Private Print And Mailbox

    Printer Driver Authentication Authentication Authentication Print Job Private Scanned Data, Mailbox Received Fax Data Print Authentication from Control Panel Print Figure 3 Authentication Flow for Private Print and Mailbox - 12 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 18 ・ Set the cryptographic seed key for Hard Disk Data Encryption; ・ Refer to and set the function that use password entered from MFD control panel in user authentication; - 13 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 19 (6) Security Audit Log The important events of TOE such as device failure, configuration change, and user operation are traced and recorded based on when and who operated what function. Only a - 14 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 20 Default [5] Times  User Passcode Minimum Length (for general user and SA) Set to [9] characters  SSL/TLS Set to [Enabled]  IPSec Set to [Enabled]  S/MIME - 15 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 21 Set to [Save as Private Charge Print]  Auto Clear Set to [Enabled]  Security Audit Log Set to [Enabled]  Customer Engineer Operation Restriction Set to [Enabled]  Self Test Set to [Enabled] - 16 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 22: Physical Scope And Boundary

    Public Telephone Line Internal HDD Figure 4 MFD Units and TOE Physical Scope The MFD consists of the controller board, Fax Board, Internal HDD, control panel, IIT, ADF and IOT. - 17 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 23: Guidance

     DocuCentre-V C2263 Administrator Guide: ME7472J1-1 (SHA1 hash value: 0aeb4a0cc3607d03fd387ce23ce6bc00e96da02e)  DocuCentre-V C2263 User Guide:ME7471J1-1 (SHA1 hash value: 51c82a75e9bd48a66590832d7e7a42739b561ac6)  DocuCentre-V C2263 Security Function Supplementary Guide: ME7594J1-2 (SHA1 hash value: 60ad9a6573e1ab10b52d8a5635f29661c9980647) - 18 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 24 (2) For overseas  DocuCentre-V C2265/C2263 Administrator Guide:ME7480E2-1 (SHA1 hash value: 4616727b449dc0072caf1744e70338c635172870)  DocuCentre-V C2265/C2263 User Guide:ME7479E2-1 (SHA1 hash value: fb0c53b456e425c76f6926fd41f26e6c69fdc6b7)  DocuCentre-V C2265/C2263 Security Function Supplementary Guide:ME7595E2-2 (SHA1 hash value: e37a16c67566c8ff639c1051e69c156026f1a504) - 19 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 25: Conformance Claim

    Title: 2600.2-CPY, SFR Package for Hardcopy Device Copy Functions, Operational Environment B Package Version: 1.0 Title: 2600.2-FAX, SFR Package for Hardcopy Device Fax Functions, Operational Environment B Package Version: 1.0 - 20 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 26: Conformance Rationale

    The Security Objectives for the TOE are more restrictive than the statement in the Security Objectives of PP.  The relation between the SFR specified by PP and that used by ST is shown in Table 14. - 21 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 27 As to other TOE objectives and SFR, the contents required by PP are described.  The SAR specified in PP describes the content required by PP without any changes. Therefore, this ST demonstrably conforms to IEEE Std. 2600.2 -2009 - 22 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 28: Security Problem Definition

    HDD to store the user’s document or job to document data scanned by be processed by the TOE. scan function or fax receive function. - 23 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 29: Table 5 Assets For Tsf Data

    Fax functions of TOE. may be present in HCD products. These functions are used by SFR packages. - 24 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 30: Figure 5 Assets Under And Not Under Protection

    SEEPROM. Those setting data, however, are not assumed as assets to be protected because they do not engage in TOE security functions. Security Audit Log data are temporarily stored in NVRAM, but stored in the internal HDD as a file. - 25 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 31: Threats Agents

    TSF Protected Data may be altered by unauthorized persons T.CONF.DIS D.CONF TSF Confidential Data may be disclosed to unauthorized persons T.CONF.ALT D.CONF TSF Confidential Data may be altered by unauthorized persons - 26 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 32: Organizational Security Policies

    TOE in accordance with those policies and procedures. A.ADMIN.TRUST Administrators do not use their privileged access rights for malicious purposes. - 27 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 33: Security Objectives

    The TOE shall ensure that audit records are protected from unauthorized access, deletion and modifications. O.AUDIT_ACCESS.AUTHORI The TOE shall ensure that audit records can be accessed in order to detect potential security violations, and only by authorized persons. - 28 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 34: Security Objectives For The Environment

    Table 12 shows assumptions / threats / organizational security policies and the corresponding security objectives.) Moreover, Table 13 shows that each defined security problem is covered by the security objectives. - 29 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 35: Security Objectives

    Objectives and rationale assumptions User Document Data O.DOC.NO_DIS protects D.DOC from may be disclosed to unauthorized disclosure. T.DOC.DIS unauthorized persons. O.USER.AUTHORIZED establishes user identification and authentication as the basis - 30 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 36 OE.USER.AUTHORIZED establishes responsibility of the TOE Owner to appropriately grant authorization TSF Confidential Data O.CONF.NO_ALT protects D.CONF from T.CONF.ALT may be altered by unauthorized alteration. unauthorized persons. O.USER.AUTHORIZED establishes user - 31 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 37 HDD to the TOE. disable unauthorized reading-out of them. The TOE environment OE.PHYSICAL.MANAGED establishes a A.ACCESS.MANAGED provides protection from protected physical environment for the TOE. unmanaged access to - 32 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 38 Administrators. malicious purposes. Administrators are aware OE.USER.TRAINED establishes responsibility of of and trained to follow A.USER.TRAINING the TOE Owner to provide appropriate User security policies and training. procedures. - 33 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 39: Extended Components Definition

    Revocation of such an allowance. Audit: FPT_FDI_EXP.1 The following actions should be auditable if FAU_GEN Security Audit Data Generation is included in the PP/ST: There are no auditable events foreseen. - 34 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 40 The TSF shall provide the capability to restrict data received on [assignment: list of external interfaces] from being forwarded without further processing by the TSF to [assignment: list of external interfaces]. - 35 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 41: Security Requirements

    The chronologically recorded data of important events of the TOE. The events such as device failure, configuration change, and user operation are recorded based on when and who caused what event and its result. - 36 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 42 Mailbox and Private Print. Owner identifier of Data on authorized users for the Mailbox. D.FUNC - Entity outside the TOE Term/phrase Definition Key Operator An authorized user who manages MFD maintenance and - 37 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 43 MFD. - Other terminology Term/phrase Definition The Fuji Xerox’s standard The Fuji Xerox’s standard algorithm to generate a method, FXOSENC cryptographic key. This is used when MFD is booted. The FIPS-standard encryption algorithm used for encryption/decryption of Hard Disk data.
  • Page 44 Included in the TOE setting data. Data on date and time The time zone / summer time information and the present time data. Included in the TOE setting data. - 39 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 45: Security Functional Requirements

    Operations, and Access Control rule, and also the operations of Delete and Modify are detailed and added for each TOE. FDP_ACC.1(b) Subset access control Access Control SFP is described for each TOE. - 40 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 46 Described in accordance with TOE. information protection FIA_AFL.1 (a) Authentication failure Access denial function for FIA_AFL.1 (b) handling authentication failure in the system administrator authentication is provided by the addition of this SFR. - 41 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 47 Note that FMT_MTD.1(b) is for D.CONF only. FMT_SMF.1 Specification of List of security management functions Management is described for the TOE. Functions FMT_SMR.1 Security roles Described in accordance with TOE. - 42 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 48: Class Fau: Security Audit

    There are no auditable events foreseen. FAU_GEN.2 There are no auditable events foreseen. FAU_SAR.1 Successful download <Basic> None a) Basic: Reading of of audit log data. information from the audit records. - 43 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 49 Detailed: The specific success/failure security attributes used in regarding execution making an access check. of Store Print. FDP_ACF.1(a) User name, job FDP_ACF.1(d) information, and success/failure FDP_ACF.1(f) regarding access to Mailbox. - 44 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 50 Success/failure of <Basic> None a) Minimal: Unsuccessful use authentication required of the authentication mechanism; b) Basic: All use of the authentication mechanism. c) Detailed: All TSF mediated actions performed before - 45 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 51 Basic: Modifications of FMT_MSA.3 (b) the default setting of FMT_MSA.3 (c) permissive or restrictive rules. FMT_MSA.3 (d) b) Basic: All modifications of FMT_MSA.3 (e) the initial values of security - 46 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 52 Failure of the trusted <Minimal> None a)Minimal: Failure of the Communication required trusted channel functions. within a specified b) Minimal: Identification of period of time, and the initiator and target of - 47 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 53 No other components. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.1 The TSF shall provide [assignment: authorized users] with the capability to read [assignment: list of audit information] from the audit records. - 48 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 54 [selection, choose one of: “ignore audited events”, “prevent audited events, except those taken by the authorized user with special rights”, “overwrite the oldest stored audit records”] - 49 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 55: Class Fcs: Cryptographic Support

    [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. [assignment: list of standards] - none [assignment: cryptographic key generation algorithm] - the Fuji Xerox’s standard method, FXOSENC [assignment: cryptographic key sizes] - 256bits FCS_COP.1 Cryptographic operation Hierarchical to:...

  • Page 56: Class Fdp: User Data Protection

    R3: When the owner identifier of D.DOC matches the user identifier, operation to register the document in Mailbox is permitted. R4: When the owner identifier of D.FUNC matches the user identifier, operation to modify and delete the Mailbox is permitted. - 51 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 57: Table 17 Sfr Package Attributes

    [assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]. [assignment: access control SFP] - Common Access Control SFP in Table16 [assignment: list of subjects, objects, and operations among subjects - 52 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 58: Table 18 Function Access Control Sfp

    - User identifier for data in Private Print from each function control panel Mailbox Operation - User identifier - Mailbox operation U.USER (F.DSR, F.SMI) - User identifier for each function - 53 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 59: Table 19 Prt Access Control Sfp

    [assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]. - the list of subjects, objects, and operations among subjects and objects covered by the SCN Access Control SFP in Table 20 - 54 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 60: Table 20 Scn Access Control Sfp

    [assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]. - the list of subjects, objects, and operations among subjects and objects covered by the FAX Access Control SFP in Table 22 - 55 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 61: Table 22 Fax Access Control Sfp

    Mailbox mechanism if such functions are provided by a conforming - When the owner identifier of D.DOC matches the user identifier, retrieval operation is permitted. - 56 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 62: Table 24 D.func Operation List

    - the list of users as subjects and objects controlled under the Common Access Control SFP in Table 16, and for each, the indicated security attributes in Table 17 - 57 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 63 The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant - 58 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 64 The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. - 59 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 65 The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. [assignment: rules, based on security attributes, that explicitly - 60 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 66 - rules specified in the SCN Access Control SFP in Table 20 governing access among Users and controlled objects using controlled operations on controlled objects. - 61 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 67 The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects]. - 62 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 68 SFP-relevant security attributes]. - the list of subjects and objects controlled under the FAX Access Control SFP in Table 22, and for each, the indicated security attributes in Table 22. - 63 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 69 SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes]. [assignment: access control SFP] - DSR Access Control SFP in Table 23 - 64 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 70 FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialization FDP_ACF.1.1 (h) The TSF shall enforce the [assignment: access control SFP] to objects based on the following: [assignment: list of subjects and objects - 65 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 71 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. - none FDP_RIP.1 Subset residual information protection Hierarchical to: No other components. Dependencies: No dependencies - 66 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 72: Class Fia: Identification And Authentication

    [assignment: list of actions] - never allow the control panel to accept any operation except power cycle. Web browser is also inhibited from accepting authentication operation until the main unit is cycled - 67 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 73 The TSF shall maintain the following list of security attributes belonging to individual users: [assignment: list of security attributes]. [assignment: list of security attributes]. - Key Operator role - SA role - U.NORMAL role FIA_SOS.1 Verification of secrets - 68 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 74 No dependencies FIA_UID.1.1 The TSF shall allow [assignment: list of TSF-mediated actions] on behalf of the user to be performed before the user is identified. [assignment: list of TSF-mediated actions] - 69 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 75: Class Fmt: Security Management

    FMT_MOF.1.1 The TSF shall restrict the ability to [selection: determine the behavior of, disable, enable, modify the behavior of] the functions [assignment: list of functions] to [assignment: the authorized - 70 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 76: Table 25 List Of Security Functions

    [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MSA.1.1 (a) The TSF shall enforce the [assignment: access control SFP(s), - 71 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 77: Table 26 Security Attributes And Authorized Roles

    U.ADMINISTRATOR document data in Private Print) Owner identifier of D.FUNC (Personal query, delete, creation U.NORMAL, SA Mailbox) Owner identifier of D.FUNC (Personal query, delete Key Operator Mailbox) - 72 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 78: Table 27 Security Attributes And Authorized Roles (Function Access)

    User identifier for each function query, modify U.ADMINISTRATOR FMT_MSA.1 (c) Management of security attributes Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] - 73 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 79: Table 28 Security Attributes And Authorized Roles(Prt)

    [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MSA.1.1 (d) The TSF shall enforce the [assignment: access control SFP(s), - 74 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 80: Table 29 Security Attributes And Authorized Roles (Scn)

    FMT_MSA.1 (e) Management of security attributes Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions - 75 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 81 - query, modify, delete,[assignment: other operations] [assignment: other operations] - creation [assignment: list of security attributes] - the security attributes listed in Table 17 [assignment: the authorized identified roles]. - 76 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 82: Table 30 Security Attributes And Authorized Roles (Fax)

    - DSR Access Control SFP in Table 23 [selection: change default, query, modify, delete, [assignment: other operations]] - query, modify ,delete,[assignment: other operations] [assignment: other operations] - Creation [assignment: list of security attributes] - 77 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 83: Table 31 Security Attributes And Authorized Roles (Dsr)

    - query, modify, delete, [assignment: other operations] [assignment: other operations] - creation [assignment: list of security attributes] - the security attributes listed in Table 17 [assignment: the authorized identified roles]. - 78 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 84: Table 32 Security Attributes And Authorized Roles (D.func)

    D.FUNC Owner identifier of D.FUNC FMT_MSA.3.2 (a) The TSF shall allow the [assignment: the authorized identified roles] to specify alternative initial values to override the default values - 79 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 85 [assignment: other property]] default values for security attributes that are used to enforce the SFP. [assignment: access control SFP, information flow control SFP] - PRT Access Control SFP in Table 19 - 80 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 86: Table 34 Initialization Property

    [assignment: the authorized identified roles] - none FMT_MSA.3 (e) Static attribute initialization - 81 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 87 - Owner identifier of Mailbox which receives the fax data from public telephone line FMT_MSA.3.2 (f) The TSF shall allow the [assignment: the authorized identified roles] to specify alternative initial values to override the default values - 82 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 88 SFP. [assignment: access control SFP, information flow control SFP] - D.FUNC Control SFP in Table 24 [selection, choose one of: restrictive, permissive, [assignment: other - 83 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 89: Table 35 Initialization Property

    [assignment: the authorized identified roles except U.NORMAL]] - U.ADMINISTRATOR, Key Operator Table 36 Operation of TSF Data TSF Data Operation Roles Data on key operator ID modify Key Operator - 84 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 90 [assignment: list of TSF data] to [assignment: the authorized identified roles]. [selection: change default, query, modify, delete, clear, [assignment: other operations]] - query, modify, delete [assignment: other operations] - creation - 85 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 91: Table 37 Operation Of Tsf Data

    SA (ID and password) modification, addition) of the group of users with read access right to the audit records. FAU_SAR.2 There are no management activities foreseen. FAU_STG.1 There are no management activities - 86 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 92 FDP_ACF.1(g) D.DOC - Management of owner identifier of D.FUNC - Management of data on Store Print FDP_ACF.1(e) none Reason: there are no additional security attributes and is not managed. - 87 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 93 FIA_USB.1 none a) an authorized administrator can Reason: action and security attributes define default subject security are fixed and are not managed. attributes. - 88 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 94 FTA_SSL.3 - Management of data on Auto Clear. a) specification of the time of user - 89 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 95: Class Fpt: Protection Of The Tsf

    The TSF shall provide the capability to restrict data received on [assignment: list of external interfaces] from being forwarded without further processing by the TSF to [assignment: list of external interfaces]. - 90 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 96 - TSF data (excluding audit log data and present time data) FPT_TST.1.3 The TSF shall provide authorised users with the capability to verify the integrity of [selection: [assignment: parts of TSF], TSF]. [selection: [assignment: parts of TSF], TSF] - 91 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 97: Class Fta: Toe Access

    [assignment: list of functions for which a trusted channel is required]. [assignment: list of functions for which a trusted channel is required]. - communication of D.DOC, D.FUNC, D.PROT and D.CONF over any Shared-medium Interface - 92 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 98: Security Assurance Requirements

    Derived security requirements ASE_SPD.1 Security problem definition ASE_TSS.1 TOE summary specification ATE_COV.1 Evidence of coverage ATE: ATE_FUN.1 Functional testing Tests ATE_IND.2 Independent testing - sample AVA: Vulnerability AVA_VAN.2 Vulnerability analysis assessment - 93 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 99: Security Requirement Rationale

                FDP_ACF.1 (c)              FDP_ACF.1 (d) - 94 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 100              FMT_MSA.3 (e)              FMT_MSA.3 (f) - 95 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 101: Table 41 Security Objectives To Sfr Rationale

    - FCS_COP.1: An encryption failure is monitored as job status. - FMT_MSA.3: No change in default and rules. By FAU_GEN.2 and FIA_UID.1, each auditable event is associated with the - 96 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 102 By FIA_SOS1, the minimum length of password for SA and general user is limited. By FPT_FDI_EXP.1, unpermitted transfer of the data received from external interfaces to the internal network is restricted. Thus, the functional requirements related to this objective are surely - 97 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 103 O.DOC.NO_DIS is the objective to protect User Document Data of TOE (Protection of User from unauthorized disclosure. Document Data from This security objective can be realized by satisfying the following security unauthorized functional requirements: - 98 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 104 SA, system administrator and general user. By FMT_SMF.1, TOE security management functions are provided for system administrator. By FTP_ITC.1, communication data encryption protocol is supported to - 99 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 105 By FMT_MTD.1 (a), the person who can make settings of TOE security functions is limited to system administrator. Thus, only system administrators can query and modify TOE setting Data. - 100 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 106 O.AUDIT_STORAGE. This security objective can be realized by satisfying the following security PROTECTED functional requirements: By FAU_STG.1, the security audit log data stored in an audit log file is - 101 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 107: Dependencies Of Security Functional Requirements

    Table 42 describes the functional requirements that security functional requirements depend on and those that do not and the reason why it is not problematic even if dependencies are not satisfied. - 102 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 108: Table 42 Dependencies Of Functional Security Requirements

    FDP_ACC.1(a) FDP_ACF.1(a) Subset access control FDP_ACC.1(b) FDP_ACF.1(b) Subset access control FDP_ACC.1(c) FDP_ACF.1(c) Subset access control FDP_ACC.1(d) FDP_ACF.1(d) Subset access control FDP_ACC.1(e) FDP_ACF.1(e) Subset access control - 103 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 109 FDP_ACF.1 (g) FDP_ACC.1(g) Security attribute based FMT_MSA.3(g) access control FDP_ACF.1 (h) FDP_ACC.1(h) Security attribute based FMT_MSA.3(h) access control FDP_RIP.1 Subset residual None information protection FIA_AFL.1 Authentication failure FIA_UAU.1 handling - 104 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 110 FMT_SMF.1 attributes FMT_SMR.1 FMT_MSA.1(e) FDP_ACC.1(e) Management of security FMT_SMF.1 attributes FMT_SMR.1 FMT_MSA.1(f) FDP_ACC.1(f) Management of security FMT_SMF.1 attributes FMT_SMR.1 FMT_MSA.1(g) FDP_ACC.1(g) Management of security FMT_SMF.1 attributes FMT_SMR.1 FMT_MSA.1(h) FDP_ACC.1(h) - 105 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 111 Static attribute FMT_SMR.1 initialization FMT_MTD.1 FMT_SMF.1 Management of TSF FMT_SMR.1 data FMT_SMF.1 Specification of None management functions FMT_SMR.1 FIA_UID.1 Security roles FPT_STM.1 None Reliable time stamp FPT_TST.1 None TSF testing - 106 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 112: Security Assurance Requirements Rationale

    EAL 2 is augmented with ALC_FLR.2, Flaw reporting procedures. ALC_FLR.2 ensures that instructions and procedures for the reporting and remediation of identified security flaws are in place, and their inclusion is expected by the consumers of this TOE. - 107 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 113: Toe Summary Specification

            FDP_ACF.1(d)          FDP_ACF.1(e)          FDP_ACF.1(f) - 108 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 114         FMT_MTD.1(b)          FMT_SMF.1          FMT_SMR.1 - 109 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 115: Hard Disk Data Overwrite (Tsf_Iow)

    List of the used document data which are to be overwritten and deleted is on the internal HDD. When the existence of the used document data are found in this list at the time of booting the TOE, the overwrite function is performed. - 110 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 116: Hard Disk Data Encryption (Tsf_Cipher)

    256-bit encryption key at the time of booting through FXOSENC algorithm, which is Fuji Xerox’s standard method and a secure algorithm with sufficient complexity. (When the "hard disk data encryption seed key" is the same, the same cryptographic key is generated.)
  • Page 117 The TOE requests a user to enter his/her ID and password before permitting him/her to operate the MFD function via Web browser of a user client, or the control panel. The entered - 112 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 118: Table 44 Management Of Security Attributes

    Owner identifier of D.DOC (own document data Query, delete, create in Shared Mailbox) operator, SA, General user Owner identifier of D.DOC (all document data in Query, delete Key operator Mailbox) - 113 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 119 Security attribute based access control As shown in Table 45, the TOE restricts the operations of basic functions of MFD, copy, fax, scan, and print, to the authenticated user by user authentication function. - 114 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 120: Table 45 Access Control For Basic Functions

    Once the sending of fax data starts, there is no user interface provided other than that used by a system administrator for deleting the document data currently being sent. Any other operation is not permitted. - 115 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 121 In the same way, when the user is authenticated by entering his/her ID and password from CWIS for authentication and user sends a print request with designating the files within a - 116 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 122: System Administrator's Security Management (Tsf_Fmt)

    With these functions, the required security management functions are provided. The settings of the following TOE security functions can be referred to and changed from the control panel. - 117 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 123 (When Security Audit Log is enabled, security audit log data can be downloaded in the form of tab-delimited text to a system administrator client.); ・ Refer to the setting of SSL/TLS communication of Internal Network Data Protection, - 118 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 124: Customer Engineer Operation Restriction (Tsf_Ce_Limit)

    With these functions, the required security management functions are provided. (2) FMT_SMR.1 Security roles The system administrator's role is maintained and the role is associated with a system administrator. - 119 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 125: Security Audit Log (Tsf_Fau)

    UserID), Failed(Invalid Logout Password), Failed Login/Logout Locked System Administrator Authentication (Number of authentication Detected continuous failures recorded) Authentication Fail Change in Audit Policy Audit Policy Audit Log Enable/Disable Job Status - 120 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 126 A system administrator can access the security audit log data only via Web browser and the access from the control panel is inhibited. Therefore, a system administrator needs to log in - 121 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 127: Internal Network Data Protection (Tsf_Net_Prot)

    SSL/TLS can protect data transmission between the TOE and the remote from interception and alteration. Protection from interception is realized by encrypting transmission data with the following cryptographic keys. A cryptographic key is generated at the time of starting a - 122 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 128 Specifically, one of the following combinations between secret-key cryptographic method and hash method is adopted: Cryptographic Method and Size Hash Method of Secret Key AES / 128 bits SHA-1 3-Key Triple-DES /168 bits SHA-1 - 123 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 129: Information Flow Security (Tsf_Inf_Flow)

    (Note: The print job is stored in Private Print) Fax board / USB (Host) Unable to access TOE via Fax board that is connected with a controller board by an exclusive USB interface, and the - 124 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 130: Self Test (Tsf_S_Test)

    Also, at the time of booting the TOE, the TOE calculates the checksum of Controller ROM and Fax ROM to confirm if it matches the specified value, and displays an error on the control panel if an error occurs. - 125 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 131: Acronyms And Terminology

    Serial Electronically Erasable and Programmable Read Only Memory Security Function Policy Security Functional Requirement SMTP Simple Mail Transfer Protocol Strength of Function Security Target Target of Evaluation TOE Security Function - 126 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 132: Terminology

    This mode is distinguished mode from the operation mode that enables a general user to use the MFD functions. Auto Clear A function to automatically logout authentication after a specified - 127 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 133 Document Data - Bitmap data read from IIT and printed out from IOT (copy function), - Print data sent by general user client and its decomposed bitmap data (print function), - 128 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 134 TOE, and are protected from the security risks coming from the external network. Public Telephone Line/network of transmitting/receiving fax data. Line/Network Public Telephone Transmitted/received data over the public telephone line of fax. - 129 -  Copyright 2016 by Fuji Xerox Co., Ltd...
  • Page 135 Defined in the X.509 which is recommended by ITU-T. The data for user authentication (name, identification name, organization where he/she belongs to, etc.), public key, expiry date, serial number, signature, etc. - 130 -  Copyright 2016 by Fuji Xerox Co., Ltd...

  • Page 136: References

    Evaluation Methodology, dated September 2012, CCMB-2012-09-004 [CEM] (Japanese version 1.0, dated November, translated by Information-Technology Promotion Agency, Japan) Title: 2600.2, Protection Profile for Hardcopy Devices, Operational Environment B [PP] Version: 1.0 - 131 -  Copyright 2016 by Fuji Xerox Co., Ltd...

This manual is also suitable for:

C2263

Table of Contents