received from the fax interface and buffered in memory before it is
transformed by an intermediary subsystem into an email attachment and sent
out through the network interface.
Authentication (TSF_ AUT)
FIA_ATD.1, FIA_UAU.1, FIA_UAU.7, FIA_UID.1, FIA_USB.1, FMT_SMR.1,
The TOE implements a role based access control system. The TOE ships
with three pre-configured roles:
System Administrator. Has access to all pathways, services and
features including all management functions on the TOE.
Administrator may create custom roles for Authenticated Users and
assign MFD function privileges.
Accounting Administrator. Has access to all device services and
pathways except for the tools pathway (which is used for system
The TOE also maintains a fourth category for unauthenticated users, enabling
the system administrator to specify what functions if any are available to
A user must authenticate by entering a username and password prior to
being granted access to the LUI or the Web UI. While the user is typing the
password, the TOE obscures each character entered.
Upon successful authentication, users are granted access based on their
role. Only a system administrator is allowed full access to the TOE including
all the system administration functions.
If configured for local authentication the system requires the system
administrator to enter a username and password for each user. The system
will authenticate the user against an internal database.
By default, the LUI will terminate any session that has been inactive for 1
minute. By default, the Web UI will terminate any session that has been
inactive for 60 minutes. The system administrator can configure both the LUI
and Web UI session timeouts to terminate an inactive session after some
other period of time.
Network Identification (TSF_NET_ID)
FIA_UAU.7, FIA_UID.1, FIA_USB.1, FMT_SMR.1, FTA_SSL.3
As an alternative to local authentication, the TOE may be configured to refer
to an external identity server (a trusted remote IT entity). User credentials
entered at the LUI or Web UI are authenticated at the server instead of the
TOE. The network authentication services supported by the TOE are: smart
Xerox Multi-Function Device Security Target
2013 Xerox Corporation. All rights reserved.