Ricoh Aficio MP C2800 Manual
  1. Manuals
  2. Brands
  3. Ricoh Manuals
  4. All in One Printer
  5. Aficio MP C2800
  6. Manual

Ricoh Aficio MP C2800 Manual

Aficio mp c2800/c3300 series with fax option type c5000 security target
Hide thumbs Also See for Aficio MP C2800:
Table of Contents

Advertisement

Quick Links

See also: Function Manual , User Manual
Aficio MP C2800/C3300 series with Fax Option Type C5000
Author
: RICOH COMPANY, LTD., Yasushi FUNAKI
Date
: 2010 -07 -29
Version
: 1.00
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
Security Target
Page 1 of 80

Advertisement

Table of Contents
loading

Related Manuals for Ricoh Aficio MP C2800

Summary of Contents for Ricoh Aficio MP C2800

  • Page 1 Page 1 of 80 Aficio MP C2800/C3300 series with Fax Option Type C5000 Security Target Author : RICOH COMPANY, LTD., Yasushi FUNAKI Date : 2010 -07 -29 Version : 1.00 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 2 Page 2 of 80 Revision History Version Date Author Details Yasushi 1.00 2010-07-29 Released version FUNAKI Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 3: Table Of Contents

    Protected Assets........................22 1.4.5.1 Document Data.........................22 1.4.5.2 Print Data..........................22 Conformance Claims ....................24 CC Conformance Claim ..................24 PP Claims, Package Claims................24 Conformance Rationale..................24 Security Problem Definitions ..................25 Threats ......................25 Organisational Security Policies................. 25 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 4 Reading Audit Logs ......................65 7.1.1.3 Protection of Audit Logs....................65 7.1.1.4 Time Stamps........................65 7.1.2 SF.I&A User Identification and Authentication Function ........65 7.1.2.1 User Identification and Authentication..............66 7.1.2.2 Actions in Event of Identification and Authentication Failure......66 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 5 Sending by E-mail from TOE..................74 7.1.7.4 Delivering to Folders from TOE..................74 7.1.8 SF.FAX_LINE Protection Function for Intrusion via Telephone Line....74 7.1.9 SF.GENUINE MFP Control Software Verification Function........74 Appendix ........................76 Definitions of Terminology.................76 References ......................80 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 6 Table 31: Authorised operations on general user information................71 Table 32: Administrators authorised to specify machine control data............72 Table 33: List of encryption operations on data stored on the HDD..............73 Table 34: Specific terms used in this ST......................76 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 7: St Introduction

    MFPs and an FCU, and also matches the following software/hardware version. Manufacturer : RICOH COMPANY, LTD. MFP Name Ricoh Aficio MP C2800, Ricoh Aficio MP C2800G , Ricoh Aficio MP C3300, Ricoh Aficio MP C3300G Savin C2828, Savin C2828G , Savin C3333 , Savin C3333G...

  • Page 8: Toe Overview

    USB connection, according to users' needs. Users can operate the TOE from the Operation Panel, a client computer connected to the local network, or a client computer connected to the TOE though USB. Figure 1 shows an example of the assumed TOE environment. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 9: Figure 1: Example Toe Environment

    FTP server is used for the TOE to deliver the document data stored in the TOE to folders in FTP server. SMB Server SMB server is used for the TOE to send the document data stored in the TOE to folders in SMB server. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 10: Toe Description

    The physical boundary of the TOE is the MFP, which consists of the following hardware (shown in Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, Controller Board, Ic Ctlr, HDD, Network Unit, USB Port, and SD Card Slot. Figure 2 outlines the configuration of the TOE hardware. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 11: Figure 2: Hardware Configuration Of Toe

    The Fax Unit is a device tha t has a modem function to send and receive fax data when connected to a telephone line. The Fax Unit has an interface to the MFP Control Software. The interface provides the MFP Control Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 12 SD card. When installing the TOE, the CE inserts an SD card into the SD CARD Slot to activate the Stored Data Protection Function. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 13: Guidance Documents

    Aficio MP C2800/MP C3300/MP C4000/MP C5000 Notes for Security Functions Notes for Administrators: Using this Machine in a CC-Certified Environment [English version-2] Quick Reference Copy Guide Quick Reference Fax Guide Quick Reference Printer Guide Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 14 Aficio MP C2800/MP C3300/MP C4000/MP C5000 Manuals for Administrators MP C2800/MP C3300/MP C4000/MP C5000 Aficio MP C2800/MP C3300/MP C4000/MP C5000 Notes for Security Functions Notes for Administrators: Using this Machine in a CC-Certified Environment Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 15: User Roles

    A "general user" is an authorised TOE us er who is registered in the Address Book by a user administrator. General users can store document data in the TOE and perform operations on the document data. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 16: Customer Engineer

    Function, and Scanner Function. Administrators and supervisor are provided with the Management Function. These functions are accesse d by pushing the relevant buttons on the Operation Panel. General users, administrators, and supervisor can use the Web Service Functions, depending on their role. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 17 Document Server Function can be printed and deleted using the Document Server Function. Document data stored in the D-BOX using the Scanner Function cannot be printed or deleted using the Document Server Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 18: Security Functions

    Data Access Control Function, Stored Data Protection Function, Network Communication Data Protection Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion Protection Function, and MFP Control Software Verification Function. This section describes these functions. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 19 Print Settings is also permitted. Table 2 shows the relationship between the operation authorised by the permissions to process document data and the operations possible on the document data. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 20: Table 2: Correspondence Between Operations Authorised By Permissions To Process Document Data

    Management of document data ACL Allows only specified users to modify the document Data ACL. Modifying the document data ACL includes changing document file owners, registering new document file users for the Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 21 Telephone Line Intrusion Protection Function This function is for devices equipped with a Fax Unit. It restricts communication over a telephone line to the TOE, so that the TOE receives only permitted data. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 22: Protected Assets

    Print data is imported to the TOE via the internal network or the USB Port. When passing from Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 23 Page 23 of 80 a client computer to the TOE through the inter n al network, print data is protected from leakage, and tampered data can be detected. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 24: Conformance Claims

    This ST and TOE do not conform to any PPs. This ST claims conformance to the following package: Package: EAL3 conformant Conformance Rationale Since this ST does not claim conformance to PPs, there is no rationale for PP conformance. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 25: Security Problem Definitions

    Attackers may gain access to the TOE through telephone lines. Organisational Security Policies The following security policy is assumed for organisations t h at demand integrity of the software installed in its IT products. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 26: Assumptions

    When the network that the TOE is connected to (the internal network) is connected to an external network such as the Internet, the internal network shall be protected from the external network. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 27: Security Objectives

    (Protection of integrity of MFP Control Software) The TOE shall provide TOE users with a function that verifies the integrity of the MFP Control Software, which is installed in the FlashROM. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 28: Security Objectives Of Operational Environment

    Table 3 demonstrates that each security objective corresponds to at least one threat, organisational security policy, or assumption. As indicated by the shaded region in Table 3, assumptions are not upheld by TOE security objectives. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 29: Tracing Justification

    As specified by OE.SUPERVISOR, the responsible manager of the MFP shall select a trusted person as a supervisor and instruct him/her on the role of supervisor. Therefore, A.SUPERVISOR is upheld. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 30 O.MEM.PROTECT is recorded in audit logs by O.AUDIT, and the function for reading audit logs is available to the machine administrator only, so that the machine administrator can later identify whether or not O.MEM.PROTECT was performed successfully. Therefore, the TOE can counter T.SALVAGE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 31 To enforce this organisational security policy, the TOE provides the function to verify the integrity of MFP Control Softwa re, which is installed in FlashROM, with the TOE users by O.GENUINE. Therefore, the TOE can enforce P.SOFTWARE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 32: Extended Components Definition

    In this ST and TOE, there are no extended components, i.e., the new security requirements and security assurance requirements that are not described in the CC, which is claimed the conformance in " 2 .1 CC Conformance Claim" . Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 33: Security Requirements

    Basic: Unsuccessful attempts to FAU_SAR.2 Auditable events not recorded. read information from the audit records. FAU_STG.1 None a) Basic: Actions taken due to the FAU_STG.4 Auditable events not recorded. audit storage failure. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 34 (e.g. re -enabling of a terminal). FIA_ATD.1 None a) Minimal: Rejection by the TSF of b) Basic FIA_SOS.1 any tested secret; 1. Newly creating authentication Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 35 Basic: All modifications to the <Individually -defined auditable FMT_MTD.1 values of TSF data. events> 1. Newly creating authentication information of general users. 2. Changing authentication information of general users. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 36 (Outcome: Success/Failure) associated with all trusted path failures, if available. c) Basic: All attempted uses of the trusted path functions. d) Basic: Identification of the user associated with all trusted path Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 37 Hierarchical to: FAU_STG.3 Action in case of possible audit data loss. Dependencies: FAU_STG.1 Protected audit trail storage. FAU_STG.4.1 The TSF shall [selection: overwrite the oldest stored audit records] and [assignment: no Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 38: Class Fcs: Cryptographic Support

    Cryptographic Key type Standard Cryptographic operations algorithm key size - Encryption when writing the FIPS197 256 bits cryptographic document data on HDD - Encryption when reading the document data from HDD Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 39: Class Fdp: User Data Protection

    FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing subject Table 9]. operations on objects and access to the operations shown in Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 40: Table 9: Rules Governing Access

    No other components. Dependencies: FDP_IFF.1 Simple security attributes. FDP_IFC.1.1 The TSF shall enforce the [assignment: telephone line information flow SFP] on Table 11]. [assignment: subjects, information, and an operation listed in Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 41: Table 11: List Of Subjects, Information And Operation

    [assignment: no rules, based on security attributes that explicitly authorise information flows]. FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following rules: [assignment: no rules, based on security attributes that explicitly deny information flows]. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 42: Class Fia: Identification And Authentication

    There is also a special Lockout release: If an administrator (any role) or a supervisor is locked out, restarting the TOE has the same effect as the Lockout release operation performed by an unlocking administrator. FIA_ATD.1 User attribute definition Hierarchical to: No other components. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 43 FIA_UAU.1 Timing of authentication. FIA_UAU.7.1 The TSF shall provide only [assignment: displaying a dummy letter (*: asterisks, or ?: bullets) for one letter of passwords on authentication feedback] to the user while the Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 44: Class Fmt: Security Management

    6.1.5 Class FMT: Security managem ent FMT_MSA.1 Management of security attributes Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 45: Table 16: Management Roles Of Security Attributes

    SFP. FMT_MSA.3.2 The TSF shall allow the [assignment: no authorised identified roles] to specify alternative initial values to override the default values when an object or information is created. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 46: Table 17: Characteristics Of Static Attribute Initialisation

    Query, Setting for Lockout Release Timer Machine administrator modify Query, Lockout time Machine administrator modify Date and time of system clock Query, Machine administrator Date setting, time setting (hour, minute, modify Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 47 Hierarchical to: No other components. Dependencies: No dependencies. FMT_SMF.1.1 The TSF shall be capable of performing the following Management Functions: [assignment: Table 19]. list of specifications of Management Functions described in Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 48: Table 19: List Of Specifications Of Management Functions

    - Security Management Function FIA_UAU.2 data by an administrator, (management of general user b) Management of the authentication information): management of data by the user associated with this authentication information of general Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 49 Management of administrator roles by FMT_MSA.1 interact with the security attributes; administrators. b) Management of rules by which b) None: No rules by which security security attributes inherit specified attributes inherit specified values. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 50 FMT_SMR.1 Security roles Hierarchical to: No other components. Dependencies: FIA_UID.1 Timing of identification. FMT_SMR.1.1 The TSF shall maintain the roles [assignment: general users, administrators (machine Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 51: Class Fpt: Protection Of The Tsf

    The TSF shall initiate communication via the trusted channel for [assignment: Deliver to Folders from TOE to SMB server (IPSec) service and Deliver to Folders from TOE to FTP server (IPSec) service]. FTP_TRP.1 Trusted path Hierarchical to: No other components. Dependencies: No dependencies. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 52: Table 20: Services Requiring Trusted Paths

    E-mail service to client computer from TOE (S/MIME) Initial user authentication (SSL) Remote users TOE web service from client PC (SSL) Printing service from client PC (SSL) Fax service from client PC (SSL) Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 53: Security Assurance Requirements

    Security problem definition ASE_TSS.1 TOE summary specification ATE: Tests ATE_COV.2 Analysis of coverage ATE_DPT.1 Testing: basic design ATE_FUN.1 Functional testing ATE_IND.2 Independent testing – sample AVA: Vulnerability assessment AVA_VAN.2 Vulnerability analysis Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 54: Security Requirements Rationale

    Table 22 shows that each TOE security functional requirement fulfils at least one TOE security objecti ve. Table 22: Relationship between security objectives and functional requirements FAU_GEN.1 FAU_SAR.1 FAU_SAR.2 FAU_S TG.1 FAU_STG.4 FCS_CKM.1 FCS_COP.1 FDP_ACC.1 FDP_ACF.1 FDP_IFC.1 FDP_IFF.1 FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU.2 FIA_UAU.7 FIA_UID.2 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 55: Justification Of Traceability

    If auditable events occur and the audit log files are full, FAU_STG.4 prevents loss of recent audit logs by writing the newer audit logs over audit logs that have the oldest time stamp. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 56 . For general users, FDP_ACC.1 and FDP_ACF.1 allow storage of document data, and when the general user IDs associated with general user processes are registered in the d ocument data ACL of a document, Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 57 - supervisor to query and specify the Lockout Flag for administrators, and specify supervisor authentication information; and - supervisor and applicable administrators to change administrator authentication information. Specify Management Functions. To fulfil O.MANAGE, the Security Management Functions for the implemented TSF shall be Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 58 The SSL protocol protects document data and print data that are is travelling through a web service, print service, or fax service from a client computer from leakage and attempts at tampering. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 59: Dependency Analysis

    None FAU_STG.4 FAU_STG.1 FAU_STG.1 None [FCS_CKM.2 or FCS_CKM.1 FCS_COP.1 FCS_CKM.4 FCS_COP.1] FCS_CKM.4 [FDP_ITC.1 or FCS_COP.1 FCS_CKM.1 FCS_CKM.4 FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FDP_ACC.1 FDP_ACF.1 FDP_ACF.1 None FDP_ACF.1 FDP_ACC.1 FDP_ACC.1 None FMT_MSA.3 FMT_MSA.3 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 60 Rationale for Removing Dependencies on FIA_UAU.1 Since this TOE employs FIA_UAU.2, which is hierarchical to FIA_UAU.1, the dependency on FIA_UAU.1 is satisfied by FIA_AFL.1 and FIA_UAU.7. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 61: Security Assurance Requirements Rationale

    Development security (ALC_DVS.1) is therefore important also. Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3 is appropriate for this TOE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 62: Toe Summary Specification

    As Table 24 shows, at least one TOE Security Function satisfies each security functional requirements described in section "6.1" . Table 24: Relationship between TOE security functional requirements and TOE Security Functions FAU_GEN.1 FAU_SAR.1 FAU_SAR.2 FAU_STG.1 FAU_STG.4 FCS_CKM.1 FCS_COP.1 FDP_ACC.1 FDP_ACF.1 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 63: Sf.audit Audit Function

    The TOE generates audit log entries whenever an auditable event occurs, and appends these to audit log files. Audit logs consist of basic audit information and expanded audit information. Basic audit information is data Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 64: Table 25: Auditable Events And Auditable Information

    ID of object document data Changing date and time of system clock Communication with trusted IT Communication IP address product Communication with remote user Deletion of entire audit log -: No applicable expanded audit information Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 65: Reading Audit Logs

    TOE Security Functions. Following are the explanations of each functional item in " SF.I&A User Identification Authentication Function" and their corresponding functional requirements. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 66: User Identification And Authentication

    When either of the following two Lockout release actions, (1) or (2), is performed by a user whose Lockout Flag is set to "Active", the TOE resets the Lockout Flag for that user to "Inactive" and releases the Lockout. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 67: Password Feedback Area Protection

    Symbols: SP (space) ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ (33 symbols) Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 68: Sf.doc_Acc Document Data Access Control Function

    Table 28 shows the value of the document data ACL when storing document data. Table 28: Default value for document data ACL Type of document data Default value for document data ACL Document data stored by a general user Document data default ACL Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 69: File Administrator Operations On Document Data

    - General users with full control authorisation Changing of document file users' operation - File administrators permissions for document data - Document file owners - General users with full control authorisation Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 70: Management Of Administrator Information

    Table 30, respectively. By the above, FIA_USB.1 (User-subject binding), FMT_MSA.1 (Manag ement of security attributes), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (Specification of management functions) and FMT_SMR.1 (Security roles) are satisfied. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 71: Management Of Supervisor Information

    ACL. By the above, FMT_MSA.1 (Management of security attributes), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (Specification of management functions), and FMT_SMR.1 (Security roles) are satisfied. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 72: Management Of Machine Control Data

    Service Mode Lock Function The Service Mode Lock Function restricts use of the Maintenance Functions to CEs only, based on the Service Mode Lock Function setting specified by the machine administrator. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 73: Sf.cipher Encryption Function

    HDD encryption keys have changed. By the above, FCS_CKM.1 (Cryptographic key generation), FCS_COP.1 (Cryptographic operation), FMT_MTD.1 (Management of TS F data), and FPT_TST.1 (TSF testing) are satisfied. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 74: Sf.net_Prot Network Communication Data Protection Function

    MFP Control Software Verification Function At every TOE start -up, th e MFP Control Software Verification Function verifies the integrity of the MFP Control Software that is installed in the FlashROM. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 75 The TOE become s available for users only if the integrity of the control software can be verified. If integrity cannot be verified, it indicates that the MFP Control Software is not correct . By the above, FPT_TST.1 (TSF testing) is satisfied. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 76: Appendix

    Information about each general user that is required for using S/MIME. information Includes e-mail address, user certificates, and a specified value for S/MIME use. A server for sharing files with a client computer using Server Message Block SMB server Protocol. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 77 An administrator role assigning responsibility for management of general User administration users. The user administrator is a person who has the user management role. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 78 An item of administrator information and an identification code for Administrator ID identification and authentication of the administrator. Indicates the administrator's login name on this TOE. Administrator A password for identification and authentication of an administrator. authentication information Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
  • Page 79 General users who are registered in the document data ACL but are not Document file user owners of the document data. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • Page 80: References

    Common Methodology for Information Technology Security Evaluation Version 3.1 Evaluation methodology Revision 2(CCMB-2007-09-0004) "Japanese -translated version" Common Methodology for Information Technology Security Evaluation version 3.1 Evaluation Methodology Revision 2 [Japanese translation ver. 2.0] Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

This manual is also suitable for:

Aficio mp c3300Aficio mp c2800gAficio mp c3300g

Table of Contents