Fuji Xerox C2265 Manual page 103

Hide thumbs Also See for C2265:

User manual (565 pages)

Administrator's manual (771 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

Security Objectives

O.USER.AUTHORIZE

(Authorization of

Normal Users and

Administrators to use

the TOE)

O.DOC.NO_DIS

(Protection of User

Document Data from

unauthorized

Fuji Xerox C2265/C2263

Security Functional Requirements Rationale

fulfilled.

O.USER.AUTHORIZED is the objective to request the authentication and

identification of the user with authority given according to the security

policy before the use of TOE is permitted.

This objective can be realized by satisfying the following security

functional requirements:

By FDP_ACC.1(b) and FDP_ACF.1(b), user authentication is performed and

only authorized user is allowed to operate the objects.

In order to prevent attackers from using privileges given to system

administrators and accessing protected assets, the power needs to be

cycled when the system-administrator authentication fails (FIA_AFL.1 (a)),

and the number of system-administrator authentication failures reaches

the defined number of times (FIA_AFL.1 (b)).

By FIA_ATD.1 and FIA_USB.1, each role of key operator, SA, and general

user is maintained and only the authorized users are associated with the

subjects.

By FIA_UAU.1 and FIA_UID.1, user identification and authentication is

conducted upon access from CWIS and control panel to identify

authorized user and system administrator. The user

identification/authentication is also conducted upon saving data for the

private print function.

By FIA_SOS1, the minimum length of password for SA and general user is

limited.

By FIA_UAU.7, unauthorized disclosure of the authentication information

(password) is prevented because the authentication feedback is protected.

By FMT_MSA.1(b), the query, modification, deletion, and creation of

security attributes are managed.

By FMT_MSA.3 (b), the suitable default values are managed.

By FMT_SMR.1, the role of key operator, SA, system administrator and

general user is maintained and associated with the key operator, SA,

system administrator and general user.

By FTA_SSL.3, when there is no access to CWIS and control panel for a

specified period of time, settings on the control panel are cleared and

re-authentication is required.

Thus, the functional requirements related to this objective are surely

fulfilled.

O.DOC.NO_DIS is the objective to protect User Document Data of TOE

from unauthorized disclosure.

This security objective can be realized by satisfying the following security

functional requirements:

- 98 -

Security Target



2016 by Fuji Xerox Co., Ltd

Table of Contents

This manual is also suitable for:

C2263

Fuji Xerox C2265 Manual page 103

Related Manuals for Fuji Xerox C2265

Related Products for Fuji Xerox C2265

This manual is also suitable for:

Table of Contents