Fuji Xerox C2265 Manual page 102

Hide thumbs Also See for C2265:

User manual (565 pages)

Administrator's manual (771 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

Security Objectives

O.SOFTWARE.VERIFI

(Verification of

software integrity)

O.INTERFACE.MANA

GED

(Management of

external interfaces)

Fuji Xerox C2265/C2263

Security Functional Requirements Rationale

identity of user who caused the event.

By FPT_STM.1, the auditable events are recorded with time stamp in the

audit log, using highly reliable clock of TOE.

Thus, the functional requirements related to this objective are surely

fulfilled.

O.SOFTWARE.VERIFIED is the objective to provide the procedure of self

verification on the executable code of TOE.

This security objective can be realized by satisfying the following security

functional requirement:

By FPT_TST.1, self test function can be set to be executed upon

initialization. This function verifies the integrity of TSF executable code

and TSF data.

Thus, the functional requirements related to this objective are surely

fulfilled.

O.INTERFACE.MANAGED is the objective to manage the operations

related to the external interfaces such as CWIS, the control panel, and the

printer driver according to the security policy.

This security objective can be realized by satisfying the following security

functional requirement:

In order to prevent attackers from using privileges given to system

administrators and accessing protected assets, the power needs to be

cycled when the system-administrator authentication fails (FIA_AFL.1 (a)),

and the number of system-administrator authentication failures reaches

the defined number of times (FIA_AFL.1 (b)).

By FIA_UAU.1 and FIA_UID.1, user identification and authentication is

conducted upon access to CWIS and control panel to identify authorized

user and system administrator.

The user identification/authentication is also conducted upon saving data

for the private print function.

By FIA_UAU.7, unauthorized disclosure of the authentication information

(password) is prevented because the authentication feedback is protected.

By FTA_SSL.3, when there is no access to CWIS and control panel for a

specified period of time, login is cleared and re-authentication is required.

The session is ended immediately after the required processing ends,

without retaining the session with printer.

By FIA_SOS1, the minimum length of password for SA and general user is

limited.

By FPT_FDI_EXP.1, unpermitted transfer of the data received from

external interfaces to the internal network is restricted.

Thus, the functional requirements related to this objective are surely

- 97 -

Security Target



2016 by Fuji Xerox Co., Ltd

Table of Contents

This manual is also suitable for:

C2263

Fuji Xerox C2265 Manual page 102

Related Manuals for Fuji Xerox C2265

Related Products for Fuji Xerox C2265

This manual is also suitable for:

Table of Contents