Konica Minolta BIZHUB 920 Software Manual
  1. Manuals
  2. Brands
  3. Konica Minolta Manuals
  4. All in One Printer
  5. BIZHUB PRO 920
  6. Software manual
Konica Minolta BIZHUB 920 Software Manual

Konica Minolta BIZHUB 920 Software Manual

Security target
Hide thumbs Also See for BIZHUB 920:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
Multi functional printer
(digital copier)
bizhub 920 / bizhub PRO 920
Security Target
Version : 6
June 10, 2005
Konica Minolta Business Technologies, Inc.
Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved

Advertisement

Table of Contents
loading

Related Manuals for Konica Minolta BIZHUB 920

Summary of Contents for Konica Minolta BIZHUB 920

  • Page 1 Multi functional printer (digital copier) bizhub 920 / bizhub PRO 920 Security Target Version : 6 June 10, 2005 Konica Minolta Business Technologies, Inc. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 2 - Modification by changing distribution flowchart - Modification for the matters identified to correct - Modification for the matters identified to correct Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Approved Checked 01/21/2005 01/21/2005 Masaru Ushio Kazuo Yasuda...

  • Page 3: Table Of Contents

    4.2. Security Objectives Policies for the Environment ... 20 5. IT Security Requirements ...22 5.1. TOE Security Requirements ... 22 5.1.1. TOE Security Functional Requirements ... 22 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Table of Contents...
  • Page 4 8.3.1. Conformity of Security Functional Requirements to TOE Summary Specification ... 86 8.3.2. Security Function Strength Rationale ... 91 8.3.3. Assurance Measures Rationale ... 91 8.4. PP Claim Rationle... 91 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 5 List of Figures Figure 2.1 Operating Environment of bizhub PRO 920 Series…..………………………………...11 Figure 2.2 TOE Structure... 13 Figure 2.3 Processing Architecture of Basic Function... 15 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 6 Table 8.2 Correspondence between Security Objectives Policies and IT Security Functional……… Requirements ... 77 Table 8.3 Dependence Relationship of TOE Security Functional Requirements... 81 Table 8.4 Correspondence between IT Security Functions and Security Functional Requirements 86 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 7: St Introduction

    1. ST Introduction 1.1. ST Identification 1.1.1. ST Identification and Management Title: Multi functional printer (digital copier) bizhub 920 / bizhub PRO 920 Security Target Version: Created on: June 10, 2005 Created by: Konica Minolta Business Technologies, Inc. 1.1.2. TOE Identification and Management Title:...

  • Page 8: St Overview

    ST Overview This Security Target (ST) describes bizhub PRO 920 control software installed in digital MFP bizhub 920 / bizhub PRO 920 (it is called bizhub PRO 920 series, hereafter.) manufactured by Konica Minolta Business Technologies, Inc. Bizhub PRO 920 control software prevents the document data from disclosing during the use of functions such as copier and printer.
  • Page 9 - ISO/IEC 15408, Information Technology – Security techniques – Evaluation criteria for IT security – Part2, 99/12 - ISO/IEC 15408, Information Technology – Security techniques – Evaluation criteria for IT security – Part3, 99/12 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 10: Toe Description

    Figure 2.1 shows the expected operating environment with bizhub PRO 920 series in office. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Description This is the directory to store the document data (Refer to No.2 below).

  • Page 11: Related Persons And Their Roles For Bizhub Pro 920 Series

    He/She has the fundamental knowledge concerning IT, and can attack TOE using the opened information, however, he/she is not assumed to create any new attack by using the unopened information. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Image Controller...
  • Page 12 PRO 920 series provides. He/She closes the maintenance contract for bizhub PRO 920 series with the responsible person or administrator. The product-related persons are the general user, administrator, and CE. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 13: Toe Structure

    PRO 920 control software. The image control program controls the management function, CE function, user functions (refer to the later Table 2.1 : copier, printer, scan to Email, scan Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Controller...

  • Page 14: Functional Structure Of Bizhub Pro 920 Control Software

    User BOX. Figure 2.3 shows the processing overview of basic functions. The Sub BOX is created in the User BOX, and the document data is stored together into the Sub BOX. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 15: Figure 2.3 Processing Architecture Of Basic Function

    Scan to Email function Scan to FTP function Scan to PC(SMB) function HDD storage function HDD readout function Document data deletion function Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved bizhub PRO 920 HDD1 temporary storage/DRAM temporary storage Docume Document...
  • Page 16 The document data gotten by the scanning function, which is stored temporarily into the HDD1 temporary storage or DRAM temporary storage, is sent to the FTP server via the HDD2 temporary storage. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 17: Management Function

    CSRC does not have the interface to the document data. 2.7. Asset to be protected The asset to be protected by the TOE is the document. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 18 2.8 Function not provided by the TOE The TOE does not prevent the deletion of document data, because the user owns its original data in his/her PC or on the paper. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 19: Toe Security Environment

    Impersonation of the CE and administrator ・When a general user uses illegally the interfaces for CE function and administrator function, there is a possible threat of disclosing the document data. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 20: Security Objectives Policies

    OE.USR Instruction for the general user The administrator shall instruct a general user not to disclose the User BOX password. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 21 Assurance of the CE The responsible person or administrator shall close the maintenance contract with the CE. The contract shall be specified a statement that CE will not carry out an illegal act. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 22: It Security Requirements

    The TSF shall require each user to identify itself before allowing any other TSF- mediated actions on behalf of that user. : “User” → Refinement Administrator, CE, and General user who owns the User BOX Dependencies: No dependencies Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved User identification before any action...
  • Page 23 TSF-mediated actions on behalf of that user. : “User” → Refinement Administrator, CE, and General user who owns the User BOX Dependencies: FIA_UID.1 Timing of identification Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved User authentication before any action...
  • Page 24 [assignment: list of feedback] - Dummy characters (*) for the number of password characters entered by the operator Dependencies: FIA_UAU.1 Timing of authentication Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Protected authentication feedback...
  • Page 25 - The administrator, CE, or general user who owns the User BOX authenticated unsuccessfully cannot execute for five seconds the next authentication trial. Dependencies: FIA_UAU.1 Timing of authentication Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Authentication failure handling...
  • Page 26 Types of structured characters: English one-byte capital letters, small letters, and Permitted condition: Prohibition of the same password with that used one “Secret” → Refinement: “User BOX password” Dependencies: No dependencies Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved FIA_SOS.1[1] Verification of secrets numerals generation ago...
  • Page 27 Types of structured characters: English one-byte capital letters, small letters, and Permitted condition: Prohibition of the same password with that used one “Secret” → Refinement: “Administrator password” and “CE password” Dependencies: No dependencies Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved FIA_SOS.1[2] Verification of secrets numerals generation ago...
  • Page 28 1) Read out the document data in the User BOX [assignment: access control SFP] - Access control policy 1 Dependencies: FDP_ACF.1 Security attribute based access control Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Subset access control BOX of the general user who owns the User BOX...
  • Page 29 - Operation: 1) Creation of the User BOX [assignment: access control SFP] - Access control policy 2 Dependencies: FDP_ACF.1 Security attribute based access control Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Subset access control BOX of the administrator...
  • Page 30 [assignment: rules, based on security attributes, that explicitly authorise access of subjects to objects]. [assignment: rules, based on security attributes, that explicitly authorise access of subjects to objects] Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Security attribute based access control...
  • Page 31 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] - None Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 32 [assignment: rules, based on security attributes, that explicitly authorise access of subjects to objects]. [assignment: rules, based on security attributes, that explicitly authorise access of subjects to objects] - None Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Security attribute based access control...
  • Page 33 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] - None Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 34: Table 5.1 Auditable Events

    Request of success in executing of the operation for the object FMT_SMF.1 Use of management function FDP_MTD.1 Success of the value of administrator data Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Audit data generation Table 5.1 Auditable Events Audit information...
  • Page 35 For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [assignment: other audit relevant information] [assignment: other audit relevant information] - None Dependencies: FPT_STM.1 Reliable time stamps Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 36 The TSF shall protect the stored audit records from unauthorised deletion. FAU_STG.1.2 The TSF shall be able to [selection: prevent, detect] modifications to the audit records. [selection: prevent, detect] - Prevent Dependencies: FAU_GEN.1 Audit data generation Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Protected audit trail storage...
  • Page 37 - Overwrite the oldest stored audit records [assignment: other actions to be taken in case of audit storage failure] - None Dependencies: FAU_STG.1 Protected audit trail storage Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Prevention of audit data loss...
  • Page 38 - Audit information shown in “Table 5.1 Auditable Events” regulated in FAU_GEN.1 FAU_SAR.1.2 The TSF shall provide the audit records in a manner suitable for the user to interpret the information. Dependencies: FAU_GEN.1 Audit data generation Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Audit review...
  • Page 39 Hierarchical to: No other components. FAU_SAR.2.1 The TSF shall prohibit all users read access to the audit records, except those users that have been granted explicit read-access. Dependencies: FAU_SAR.1 Audit review Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Restricted audit review...
  • Page 40 [selection: change_default, query, modify, delete, clear, [assignment: other operations]] Modify, Other operations [assignment: other operations] - Registration [assignment: the authorised identified roles] - CE Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 41 [selection: change_default, query, modify, delete, clear, [assignment: other operations]] Modify [assignment: other operations] None [assignment: the authorised identified roles] - CE Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 42 [selection: change_default, query, modify, delete, clear, [assignment: other operations]] Modify [assignment: other operations] None [assignment: the authorised identified roles] - Administrator Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 43 - Modify for only the password of general user who owns User BOX [assignment: the authorised identified roles] - Role of the general user who owns User BOX Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 44 [assignment: list of TSF data] - Administrator password [selection: change_default, query, modify, delete, clear, [assignment: other operations]] Modify [assignment: the authorised identified roles] - Administrator Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 45 [assignment: access control SFP, information flow control SFP] - Access control policy 2 Dependencies: [FDP_ACC.1 Subset access control or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Management of security attributes...
  • Page 46 [assignment: the authorised identified roles] - Administrator Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Static attribute initialisation...
  • Page 47 - CE - Role of the general user who owns User BOX FMT_SMR.1.2 The TSF shall be able to associate users with roles. Dependencies: FIA_UID.1 Timing of identification Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Security roles...
  • Page 48 [assignment: the authorised identified roles] - Administrator Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Management of security functions behaviour Check function of password length HDD identification/authentication function Record function of audit information...

  • Page 49: Table 5.2 List Of Management Requirements

    Management of the scale used for the FIA_SOS.1[1] validation of secret Management of the scale used for the FIA_SOS.1[2] validation of secret Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Specification of management functions User BOX identifier Administrator password User BOX password Administrator password...
  • Page 50 Management of the group that has a role FMT_MTD.1[3] that may affect TSF data with each other Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Management item There is no management item since the scale used for the validation of secret for IT environment cannot be changed.
  • Page 51 FDP_MTD.1 that may affect TSF data with each other Dependencies: No Dependencies Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Management item There is no management item since the role of general user who owns User BOX is fixed.
  • Page 52 FPT_RVM.1.1 The TSF shall ensure that TSP enforcement functions are invoked and succeed before each function within the TSC is allowed to proceed. Dependencies: No dependencies Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Non-bypassability of the TSP...
  • Page 53 HDD lock password [selection: change_default, query, modify, delete, clear, [assignment: other operations]] Modify [assignment: the authorised identified roles] Administrator Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Management of administrator data...
  • Page 54 FPT_STM.1 Hierarchical to: No other components. FPT_STM.1.1 The TSF shall be able to provide reliable time stamps for its own use. Dependencies: No dependencies Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Reliable time stamps...
  • Page 55 Length of password: 8 to 32 characters Types of structured characters: English one-byte capital letters, small letters, and Permitted condition: None Refinement: “Secret of IT environment” → “HDD lock password” Dependencies: No dependencies Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved numerals...

  • Page 56: Toe Security Assurance Requirements

    Distribution and operation Development Guidance document Life cycle support Test Vulnerability assessment Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Assurance requirement ACM_CAP.3 Authentication management ACM_SCP.1 TOE CM coverage ADO_DEL.1 Distribution procedures ADO_IGS.1 Installation, creation, startup procedures ADV_FSP.1 Informal functional specification ADV_HLD.2 Security enforcing high-level design...

  • Page 57: Security Functional Requirements For The It Environment

    The TSF shall require each user to identify itself before allowing any other TSF-mediated actions on behalf of that user. Refinement: “TSF” → “HDD” Dependencies: No dependencies Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved User identification before any action...
  • Page 58 The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. Refinement: “TSF” → “HDD” Dependencies: FIA_UID.1 Timing of identification Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved User authentication before any action...

  • Page 59: Security Function Strength

    FIA_SOS.1[2](Verification of secrets) FDP_SOS.1(Verification of secrets of IT environment) FIA_AFL.1(Authentication failure handling) The SOF-Basic is claimed for the above seven TOE function of requirements and the minimum TOE function strength. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 60: Toe Summary Specification

    The interface for the identification and authentication of administrator requests to enter the password registered in IA.ADM_ADD and Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved TOE security FIA_SOS.1[2] FMT_MTD.1[1] FMT_SMF.1...
  • Page 61 IA.PASS provides the interface for password change and requests to enter the new password. The following shows the changeable passwords by the type of user. CE : CE password, Administrator password Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved FIA_UID.2 FIA_UAU.2 FIA_UAU.7 FIA_AFL.1 FPT_RVM.1...

  • Page 62: Access Control Function

    After the successful identification and authentication, the following operation is permitted for the document data in the User BOX shown by the identified and authenticated User BOX identifier. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved password TOE security functional requirement FIA_UID.2...

  • Page 63: Audit Function

    In case that the storage area of audit information is exhausted, AUD.MNG overwrites the audit information from the beginning of the storage area. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved TOE security FAU_GEN.1 FPT_RVM.1 FPT_STM.1...

  • Page 64: Management Support Function

    The inquiry of audit information has the information for the date and time Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved TOE security functional requirement FMT_MOF.1 FPT_RVM.1...

  • Page 65: Security Function Strength

    This TOE claims the security function strength of SOF-Basic for the password mechanism. The applicable password mechanism is the identification and authentication function (IA.ADM_AUTH, IA.CE_AUTH, ACL.USR, IA.ADM_ADD, and IA.PASS), and the management support function (MNG.ADM and MNG.HDD). Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved FDP_SOS.1 FDP_MTD.1 FPT_RVM.1...

  • Page 66: Assurance Measures

    Component requirements item ACM_CAP.3 Configuration management ACM_SCP.1 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Related document bizhub 920/bizhub PRO 920 Configuration Management Plan bizhub 920/bizhub PRO 920 List of Design Documents bizhub 920/bizhub PRO 920 List 1 of Source Codes...
  • Page 67 PRO 920 User’s Guide Network Scanner (English) bizhub PRO 920 User’s Guide Security (English) IC203 User’s Guide (English) bizhub PRO 920 SERVICE MANUAL Field Service (English) bizhub PRO 920 INSTALLATION MANUAL (English) Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 68 ADO_IGS.1 ADV_FSP.1 Development ADV_HLD.2 ADV_RCR.1 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved bizhub 920/bizhub PRO 920 Introduction and Operation Regulations (Japanese) bizhub 920/bizhub PRO 920 Installation Manual (Japanese) bizhub 920/bizhub PRO 920 User’s Guide Copier (Japanese) bizhub 920/bizhub PRO 920 User’s Guide POD Administrator’s Reference (Japanese)
  • Page 69 PRO 920 User’s Guide POD Administrator’s Reference (English) bizhub PRO 920 User’s Guide Network Scanner (English) bizhub PRO 920 User’s Guide Security (English) bizhub PRO 920 SERVICE MANUAL Field Service (English) IC203 User’s Guide (English) Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 70 ATE_COV.2 ATE_DPT.1 Test ATE_FUN.1 ATE_IND.2 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved bizhub 920/bizhub PRO 920 User’s Guide Copier (Japanese) bizhub 920/bizhub PRO 920 User’s Guide POD Administrator’s Reference (Japanese) bizhub 920/bizhub PRO 920 User’s Guide Network Scanner (Japanese) bizhub 920/bizhub PRO 920 User’s Guide Security...
  • Page 71 PRO 920 User’s Guide Security (English) bizhub PRO 920 SERVICE MANUAL Field Service (English) IC203 User’s Guide (English) bizhub 920/bizhub PRO 920 Vulnerability Analysis AVA_SOF.1 Report bizhub 920/bizhub PRO 920 Vulnerability Analysis AVA_VLA.1 Report Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 72: Pp Claim

    7. PP Claim There is no applicable PP in this ST. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 73: Rationale

    OE.NET (Management of the network) OE.USR (Instruction for the general user) OE.ADMIN (Personal condition for the administrator) OE.CE (Assurance of CE) OE.HDD (Access limit to the HDD itself) Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved ・ ・ ・ ・ ・...
  • Page 74 CE and administrator as audit information in O.AUDIT. As above mentioned, the threat - T.IMPADMIN can be resisted by O.IA, O.CE, O.MANAGE, O.DATAACCESS, and O.AUDIT of security objectives policies. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 75 OE.USR, therefore, the general user does not disclose his/her own User BOX password. As above mentioned, the assumption - ASM.USR can be realized by OE.USR of the security objectives policies. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 76: Security Requiremetns Rationale

    8.2.1.2. Correspondence between security objectives policies and IT security functional requirements Requirements shows the correspondence relation of the TOE security functional requirements to the security objectives policies. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 77: Table 8.2 Correspondence Between Security Objectives Policies And It Security Functional

    FDP_ACC.1[1] FDP_ACC.1[2] FDP_ACF.1[1] FDP_ACF.1[2] FAU_GEN.1 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FMT_MTD.1[1] FMT_MTD.1[2] FMT_MTD.1[3] FMT_MTD.1[4] FMT_MTD.1[5] Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Requirements ・ ・ ・ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔...
  • Page 78 When the User BOX password is changed, the User BOX password is checked whether it obeys the password rules regulated in FIA_SOS.1[1]. The management of password is specified in FMT_SMF.1. The general user who owns the Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved ✔ ✔...
  • Page 79 FIA_SOS.1[2]. The management of CE password and administrator password is specified in FMT_SMF.1. The administrator and CE are maintained in FMT_SMR.1. Their functions are not bypassed with FPT_ Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 80 Therefore, O.AUDIT can be realized by the correspondent security functional requirements. OE.HDD:Protection of the HDD FDP_UID.2[E] and FDP_UAU.2[E] permit the access for only the TOE that HDD1 and HDD2 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 81: Toe Security Functional Requirements Dependency

    None FIA_SOS.1[1] None FIA_SOS.1[2] None FDP_SOS.1 None FDP_ACC.1[1] None Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Reference Dependent None As the mediate action of FIA_UID.1 is unnecessary, FIA_UID.2 is used. FIA_UAU.1 As the mediate action of FIA_UAU.1 is unnecessary, FIA_UAU.2 is used.
  • Page 82 FMT_MSA.1 None FMT_MSA.3 None FMT_MOF.1 None FMT_SMF.1 None FMT_SMR.1 None Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved FDP_ACF.1 FDP_ACC.1 FMT_MSA.3 is fulfilled FMT_MSA.3 with dependent relationship of FDP_ACF.1[2] that is access control for the identical object. FDP_ACC.1 FMT_MSA.3...

  • Page 83: Toe Security Functional Requirements Interaction

    FDP_ACF.1[2] FAU_GEN.1 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FMT_MTD.1[1] FPT_RVM.1 FMT_MTD.1[2] FPT_RVM.1 FMT_MTD.1[3] FPT_RVM.1 FMT_MTD.1[4] FPT_RVM.1 FMT_MTD.1[5] FPT_RVM.1 Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved None None FMT_SMR.1 FMT_SMF.1 None Function that provides defense Detour Deactivation FPT_RVM.1 FMT_MOF.1 FPT_RVM.1 FMT_MOF.1...

  • Page 84: Consistency Of Security Function Strength To Security Objectives Policies

    This TOE assumes the attack capability of general user to be low level in “2. TOE Description”, and describes “operate from the operation panel” or “connect unauthorized reading device with HDD” in “3. TOE Security Environment”, namely, the especially highly skilled attacker is not Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved FPT_RVM.1 FMT_MOF.1 FPT_RVM.1...

  • Page 85: Assurance Requirement Rationale

    TOE, result of developer test, analysis of developer for obvious vulnerability, and analysis of function strength in order to resist the threat with attack capability of low level. Therefore, the level of evaluation assurance is proper for EAL3. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 86: Toe Summary Specification Rationale

    FIA_AFL.1 FIA_SOS.1[1] FIA_SOS.1[2] FDP_SOS.1 FDP_ACC.1[1] FDP_ACC.1[2] FDP_ACF.1[1] FDP_ACF.1[2] FAU_GEN.1 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FMT_MTD.1[1] Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved Requirements ・ ・ ・ ・ ・ ・ ・ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔...
  • Page 87 User BOX, the entered password is displayed as dummy characters (*) corresponding to the number of characters in IA.ADM_AUTH, IA.CE_AUTH, and ACL.USR respectively. Therefore, FIA_UAU.7 is realized by implementing IA.ADM_AUTH, IA.CE_AUTH, and ACL.USR. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved ✔ ✔ ✔...
  • Page 88 MNG.ADM creates the User BOX according to Access control policy 2. Therefore, FDP_ACC.1[2] is realized by implementing MNG.ADM. FDP_ACF.1[1] ACL.USR executes to read out the document data according to Access control policy 1. Therefore, FDP_ACF.1[1] is realized by implementing ACL.USR. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 89 Therefore, FMT_MTD.1[1] is realized by implementing IA.ADM_ADD and IA.PASS. FMT_MTD.1[2] In IA.PASS, the change of CE password is permitted and executed by only the CE. Therefore, FMT_MTD.1[2] is realized by implementing IA.PASS. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...
  • Page 90 CE, and User BOX passwords is implemented in IA.PASS. The function to manage the User BOX is implemented in MNG.ADM. Therefore, FMT_SMF.1 is realized by implementing IA.ADM_ADD, IA.PASS, and MNG.ADM. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

  • Page 91: Security Function Strength Rationale

    ST is covered by the related rules shown in the assurance measures. Therefore, TOE security assurance requirements in EAL3 can be realized. 8.4. PP Claim Rationale There is no applicable PP in this ST. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved...

Table of Contents