1. Manuals
  2. Brands
  3. Ricoh Manuals
  4. All in One Printer
  5. Aficio MP 7001 SP
  6. Manual

Ricoh Aficio MP 7001 SP Manual

With dataoverwritesecurity unit type h security target
Hide thumbs Also See for Aficio MP 7001 SP:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
Aficio MP 9001/8001/7001/6001 series
with DataOverwriteSecurity Unit Type H
Portions
of
DataOverwriteSecurity Unit Type H Security Target are reprinted with written
permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey 08855, from
IEEE 2600.1, Protection Profile for Hardcopy Devices, Operational
Environment A, Copyright © 2009 IEEE. All rights reserved.
This document is a translation of the evaluated and certified security target
written in Japanese.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Security Target
Author : RICOH COMPANY, LTD.
Date
: 2011-04-12
Version : 1.00
Aficio
MP
9001/8001/7001/6001
series
with

Advertisement

Table of Contents
loading

Related Manuals for Ricoh Aficio MP 7001 SP

Summary of Contents for Ricoh Aficio MP 7001 SP

  • Page 1 IEEE 2600.1, Protection Profile for Hardcopy Devices, Operational Environment A, Copyright © 2009 IEEE. All rights reserved. This document is a translation of the evaluated and certified security target written in Japanese. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 2: Revision History

    Page 1 of 87 Revision History Version Date Author Detail 1.00 2011-04-12 RICOH COMPANY, LTD. Publication version. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 3: Table Of Contents

    Consistency Claim with TOE Type in PP ...............28 2.4.2 Consistency Claim with Security Problems and Security Objectives in PP ..28 2.4.3 Consistency Claim with Security Requirements in PP..........28 Security Problem Definitions....................31 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 4 Class FTP: Trusted path/channels................62 Security Assurance Requirements................62 Security Requirements Rationale ................63 6.3.1 Tracing ........................63 6.3.2 Justification of Traceability..................64 6.3.3 Dependency Analysis....................70 6.3.4 Security Assurance Requirements Rationale ............72 TOE Summary Specification....................73 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 5 Table 34: Relationship between Security Objectives and Functional Requirements ........63 Table 35: Result of Dependency Analysis of TOE Security Functional Requirements......... 70 Table 36: Auditable Events and Audit Data ....................73 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 6 Table 41: Security Attributes Management of TOE Function Access Control SFP ........81 Table 42: List of Static Initialisation for Security Attributes of Common Access Control SFP....82 Table 43: Management of TSF Data ......................83 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 7: St Introduction

    Printer(*1) 1.16e Gestetner MP 7001 SP, 03.00.00 Gestetner MP 8001 SP, Gestetner MP 9001 SP, RemoteFax 03.00.00 infotec MP 6001 SP, Web Support 1.13.1 infotec MP 7001 SP, Web Uapl 1.05 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 8 Lanier MP 9001, nashuatec MP 6001, nashuatec MP 7001, nashuatec MP 8001, nashuatec MP 9001, Rex-Rotary MP 6001, Rex-Rotary MP 7001, Rex-Rotary MP 8001, Rex-Rotary MP 9001, Savin 9060, Savin 9070, Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 9: Toe Overview

    This TOE is a digital multi function product (hereafter "MFP"), which is an IT device that inputs, stores, and outputs documents. 1.3.2 TOE Usage The operational environment of the TOE is illustrated below and the usage of the TOE is outlined in this section. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 10: Figure 1 : Example Of Toe Environment

    Various settings for the MFP using a Web browser, Print, fax, network transmission, and deletion of user documents using a Web browser, Store and print of documents using the printer driver, Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 11: Major Security Features Of Toe

    The physical boundary of the TOE is the MFP, which consists of the following hardware components (shown in Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, Controller Board, HDD, Ic Ctlr, Network Unit, USB Port, SD Card Slot, and SD Card. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 12: Figure 2 : Hardware Configuration Of The Toe

    It has the memory medium inside, and the signature root key is installed before the TOE is shipped. - FlashROM A non-volatile memory medium in which the following software components are installed: Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 13 The Network Unit is an external interface to an Ethernet (100BASE-TX/10BASE-T) LAN. USB Port The USB Port is an external interface to connect a client computer to the TOE for printing directly from the client computer. During installation, this interface is disabled. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 14: Guidance Documents

    - Quick Reference Copy Guide - Quick Reference Printer Guide - Quick Reference Scanner Guide - Manuals for Users 9060/9060sp/9070/9070sp/9080/9080sp/9090/9090sp MP 6001/MP 6001 SP/MP 7001/MP 7001 SP/MP 8001/MP 8001 SP/MP 9001/MP 9001 SP Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 15: Table 3 : Guidance For English Version-2

    Guidance Documents for Product - Quick Reference Copy Guide - Quick Reference Fax Guide - Quick Reference Printer Guide - Quick Reference Scanner Guide - Manuals for This Machine - Manuals for Users Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 16: Table 4 : Guidance For English Version-3

    Guidance Documents for Product - Quick Reference Copy Guide - Quick Reference Fax Guide - Quick Reference Printer Guide - Quick Reference Scanner Guide - Manuals for This Machine - Manuals for Users Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 17: Table 5 : Guidance For English Version-4

    TOE Components Guidance Documents for Product - MP 6001/MP 7001/MP 8001/MP 9001 MP 6001/MP 7001/MP 8001/MP 9001 Aficio MP 6001/7001/8001/9001 Operating Instructions About This Machine - MP 6001/MP 7001/MP 8001/MP 9001 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 18: Definition Of Users

    This section defines the users related to the TOE. These users include those who routinely use the TOE (direct users) and those who do not (indirect users). The direct users and indirect users are described as follows: Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 19: Direct User

    LAN settings. This privilege allows configuration privilege of network settings. Authorised to manage user documents. This File management privilege allows access management of user privilege documents. 1.4.3.2. Indirect User Responsible manager of MFP Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 20: Logical Boundary Of Toe

    The Copy Function is to scan paper documents and print scanned image data according to the specified number of copies, magnification, and custom settings. It can also be used to store scanned image data in the Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 21 Fax documents can be sent by fax using the Operation Panel to access the TOE. Fax transmission is allowed only for the telephone numbers that are pre-registered in the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 22 A function for the TOE user to remotely control the TOE from the client computer. To control the TOE remotely, the TOE user needs to install the designated Web browser on the client computer following the guidance documents and connect the client computer to the TOE via the LAN. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 23: Security Functions

    If the LAN-Fax Transmission Function of Fax Function is used, the protection function can be enabled using the fax driver to specify encrypted communication. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 24: Protected Assets

    Digitised user documents, deleted documents, temporary documents and their data fragments, which are managed by the TOE. Function Jobs specified by users. In this ST, a "user job" is referred to as a "job". data Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 25: Tsf Data

    An identifier assigned to each user. The TOE identifies users by this identifier. Login password A password associated with each login user name. Lockout A type of behaviour to deny login of particular users. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 26 Function, and those stored using the LAN Fax. - Received fax document: The value for the fax data received and stored. This document is externally received, and its user cannot be identified. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 27 MFP administrator. LAN Fax One of Fax Functions. A function that transmits fax data and stores the documents using the fax driver on client computer. Sometimes referred to as "PC FAX". Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 28: Conformance Claim

    Package Claims The SAR package which this ST and TOE conform to is EAL3+ALC_FLR.2. The selected SFR Packages from the PP are: 2600.1-PRT conformant 2600.1-SCN conformant 2600.1-CPY conformant 2600.1-FAX conformant 2600.1-DSR conformant Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 29: Conformance Claim Rationale

    For the ownership of the received fax documents, the TOE has the characteristic that the ownership of the document is assigned to the intended user. This is according to PP APPLICATION NOTE 93. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 30 For conforming to the PP, some sections in this document are literally translated to make it easier for readers to understand when translating English into Japanese. However, this translation is not beyond the requirements of the PP conformance. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 31 PP are satisfied. The functional requirements FCS_CKM.1 and FCS_COP.1 are added and their dependent functional requirements are also added and changed in order to realise O.STORAGE.ENCRYPTED, however, these changes do not interfere the functional requirements demanded in the PP. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 32: Security Problem Definitions

    TSF Confidential Data under the TOE management may be altered by persons without a login user name, or by persons with a login user name but without an access permission to the TSF Confidential Data. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 33: Organisational Security Policies

    Administrators are aware of the security policies and procedures of their organisation, are competent to correctly configure and operate the TOE in accordance with the guidance document following those policies and procedures. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 34 Page 33 of 87 A.ADMIN.TRUST Trusted administrator The responsible manager of MFP selects administrators who do not use their privileged access rights for malicious purposes according to the guidance document. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 35: Security Objectives

    The TOE shall protect TSF Confidential Data from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the TSF Confidential Data. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 36: Security Objectives Of Operational Environment

    Management of external interfaces in IT environment The IT environment shall provide protection from unmanaged access to TOE external interfaces (LAN). The responsible manager of MFP shall give an instruction to Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 37: Non-It Environment

    Log audit The responsible manager of MFP shall ensure that audit logs are reviewed at appropriate intervals according to the guidance document for detecting security violations or unusual patterns of activity. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 38: Security Objectives Rationale

    Table 11 describes the correspondence between the assumptions, threats and organisational security policies, and each security objective. Table 11: Rationale for Security Objectives T.DOC.DIS T.DOC.ALT T.FUNC.ALT T.PROT.ALT T.CONF.DIS T.CONF.ALT P.USER.AUTHORIZATION P.SOFTWARE.VERIFICATION P.AUDIT.LOGGING P.INTERFACE.MANAGEMENT P.STORAGE.ENCRYPTION A.ACCESS.MANAGED A.ADMIN.TRAINING A.ADMIN.TRUST A.USER.TRAINING Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 39: Security Objectives Descriptions

    TOE. By O.PROT.NO_ALT, the TOE protects the TSF protected Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 40 P.USER.AUTHORIZATION is enforced by these objectives. P. SOFTWARE.VERIFICATION P.SOFTWARE.VERIFICATION is enforced by O.SOFTWARE.VERIFIED. By O.SOFTWARE.VERIFIED, the TOE provides measures for self-verifying the executable code of the TSF. P.SOFTWARE.VERIFICATION is enforced by this objective. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 41 By OE.PHYSICAL.MANAGED, the TOE is located in a restricted or monitored environment according to the guidance documents and is protected from the physical access by the unauthorised persons. A.ACCESS.MANAGED is upheld by this objective. A.ADMIN.TRAINING A.ADMIN.TRAINING is upheld by OE.ADMIN.TRAINED. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 42 By OE.USER.TRAINED, the responsible manager of MFP instructs the users in accordance with the guidance documents to make them aware of the security policies and procedures of their organisation, and the users follow those policies and procedures. OE.USER.TRAINED is upheld by this objective. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 43: Extended Components Definition

    Definition of the role(s) that are allowed to perform the management activities Management of the conditions under which direct forwarding can be allowed by an administrative role Revocation of such an allowance Audit: FPT_FDI_EXP.1 There are no auditable events foreseen. Rationale: Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 44 The TSF shall provide the capability to restrict data received on [assignment: the Operation Panel, LAN, telephone line] from being forwarded without further processing by the TSF to [assignment: the LAN and telephone line]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 45: Security Requirements

    Table 12 : List of Auditable Events Functional Actions Which Should Be Auditable Auditable Events Requirements FDP_ACF.1(a) a) Minimal: Successful requests to Original: perform an operation on an object - Start and end operation of Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 46 FMT_SMF.1 a) Minimal: Use of the management Minimal: Record functions. management items in Table 32. FMT_SMR.1 a) Minimal: modifications to the record Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 47 The TSF shall [selection: overwrite the oldest stored audit records] and [assignment: no other actions to be taken in case of audit storage failure] if the audit trail is full. FAU_SAR.1 Audit review Hierarchical to: No other components. Dependencies: FAU_GEN.1 Audit data generation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 48: Class Fcs: Cryptographic Support

    [assignment: cryptographic algorithm shown in Table 14] and cryptographic key sizes [assignment: cryptographic key sizes shown in Table 14] that meet the following: [assignment: standards shown in Table 14]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 49: Class Fdp: User Data Protection

    Table 16]. Table 16: List of Subjects, Objects, and Operations among Subjects and Objects (b) Subjects Objects Operations among Subjects and Objects Normal user process MFP application Execute Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 50: Table 17: Subjects, Objects And Security Attributes (A)

    FDP_ACF.1.2(a) The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules on user documents in Table 18 and rules on user jobs in Table 19]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 51: Table 18: Rules On User Documents

    (print, download, fax, e-mail and folder transmission) and deletion are allowed for that normal user process. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 52: Table 19: Rules On User Jobs (A)

    FDP_ACF.1.2(b) The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: operations on objects by subjects and rules governing access to operations shown in Table 22]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 53: Class Fia: Identification And Authentication

    User authentication using the Operation Panel User authentication using the TOE from client computer Web browser User authentication when printing from the client computer User authentication when using LAN Fax from client computer Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 54: Table 24: List Of Actions For Authentication Failure

    Symbols: SP (spaces) ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ (33 symbols) Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 55 The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. FIA_USB.1 User-subject binding Hierarchical to: No other components. Dependencies: FIA_ATD.1 User attribute definition Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 56: Class Fmt: Security Management

    Login user name of normal user delete Normal user who owns the applicable Query login user name Application type No operations permitted Login user name of supervisor Query, Supervisor Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 57: Table 28: User Roles For Security Attributes (B)

    MFP administrator modify Query Applicable normal user Function type No operations permitted -: No user roles are permitted for operations by the TOE. FMT_MSA.3(a) Static attribute initialisation Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 58: Table 29: Properties Of Static Attribute Initialisation (A)

    FMT_MSA.3.2(a) The TSF shall allow the [assignment: authorised identified roles shown in Table 30] to specify alternative initial values to override the default values when an object or information is created. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 59: Table 30: Authorised Identified Roles Allowed To Override Default Values

    The TSF shall restrict the ability to [selection: query, modify, delete, [assignment: newly create]] the [assignment: list of TSF data in Table 31] to [assignment: the user roles in Table 31]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 60: Table 31: List Of Tsf Data

    FMT_SMF.1 Specification of Management Functions Hierarchical to: No other components. Dependencies: No dependencies. FMT_SMF.1.1 The TSF shall be capable of performing the following management functions: [assignment: management functions shown in Table 32]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 61: Table 32: List Of Specification Of Management Functions

    Query of destination information for folder transmission by normal user Query and modification of users for stored and received documents by MFP administrator FMT_SMR.1 Security roles Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 62: Class Fpt: Protection Of The Tsf

    The TSF shall terminate an interactive session after a [assignment: elapsed time of auto logout, completion of print data reception from the printer driver, and completion of transmission information reception from the fax driver]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 63: Class Ftp: Trusted Path/Channels

    Developer defined life-cycle model ALC_FLR.2 Flaw reporting procedures ASE: ASE_CCL.1 Conformance claims Security Target evaluation ASE_ECD.1 Extended components definition ASE_INT.1 ST introduction ASE_OBJ.2 Security objectives ASE_REQ.2 Derived security requirements ASE_SPD.1 Security problem definition Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 64: Security Requirements Rationale

    Table 34 shows that each TOE security functional requirement fulfils at least one TOE security objective. Table 34: Relationship between Security Objectives and Functional Requirements FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FCS_CKM.1 FCS_COP.1 FDP_ACC.1(a) Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 65: Justification Of Traceability

    To normal users, the available document type of the user document is restricted by the executing MFP application, and the normal user can read only user document for which the reading permission is granted. The MFP administrator and supervisor are not allowed to read the user documents. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 66 (object) when the user document is generated. satisfying FDP_ACC.1(a), FDP_ACF.1(a), FDP_RIP.1, FTP_ITC.1, FMT_MSA.1(a) FMT_MSA.3(a), which security functional requirements for these countermeasures, O.DOC.NO_ALT is fulfilled. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 67 O.CONF.NO_DIS is the security objective to allow only users who can maintain the security to disclose the TSF confidential data. To fulfil this security objective, it is required to implement the following countermeasures. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 68 FIA_UAU.1 authenticates the users if the user is the registered user or not prior to the TOE use. (2) Allow the successfully identified and authenticated user to use the TOE. FIA_ATD.1 and FIA_USB.1 manage the access procedures to the protected assets of the users who are Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 69 (2) Automatically terminate the connection to the Operation Panel and LAN interface. FTA_SSL.3 terminates the session after no operation is performed from the Operation Panel or LAN interface for certain period. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 70 O.AUDIT.LOGGED is the security objective to ensure the encryption when writing data into the HDD, and decryption when reading data from the HDD. To fulfil this security objective, it is required to implement the following countermeasures. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 71: Dependency Analysis

    FCS_COP.1 FCS_CKM.4 FCS_COP.1] FCS_CKM.4 FCS_COP.1 [FDP_ITC.1 or FCS_CKM.1 FCS_CKM.4 FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FDP_ACC.1(a) FDP_ACF.1(a) FDP_ACF.1(a) None FDP_ACC.1(b) FDP_ACF.1(b) FDP_ACF.1(b) None FDP_ACF.1(a) FDP_ACC.1(a) FDP_ACC.1(a) None FMT_MSA.3(a) FMT_MSA.3(a) FDP_ACF.1(b) FDP_ACC.1(b) FDP_ACC.1(b) None Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 72 TOE at the start of TOE operation, the cryptographic key will be continuously used for the HDD and will not be deleted. Therefore, cryptographic key destruction by the standard method is unnecessary. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 73: Security Assurance Requirements Rationale

    TOE operation according to flow reporting procedure (ALC_FLR.2). Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is appropriate for this TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 74: Toe Summary Specification

    Communicating IP address Storing user documents Reading user documents (print, download, fax transmission, e-mail transmission, and folder transmission) Deleting user documents Success and failure of new creation, modification, deletion S/MIME user information Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 75: Copyright (C) 2011 Ricoh Company, Ltd. All Rights Reserved

    The TOE encrypts data before writing it to the HDD, and decrypts data after reading it from the HDD. This process is performed for all data written to and read from the HDD. The following are the specific cryptographic operations: Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 76: Table 37: List Of Cryptographic Operations For Stored Data Protection

    - If the MFP application executed from a Web browser is the Fax Function, it is allowed to print, download and delete the received fax document. The normal user is required the operation permission for Document Server Function to perform the operation on received fax document. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 77 It also overwrites the area on the HDD where the temporary document and its fragments that are created during the user job execution exist with the specific pattern after the user job completes. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 78: Table 38: Unlocking Administrators For Each User Role

    It checks if the registering or changing password meets the conditions (2) and (3). If it does, the TOE registers the login password. If it does not, it does not register the login password and displays an error message. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 79 Web Image Monitor Help from a Web browser, system status, counter, and information of inquiries, and execution of fax reception. Table 39 shows the identified user by Identification and Authentication Function, and authentication procedures. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 80: Table 39: Functions Provided By The Toe, Identified User And Authentication Procedures

    MFP administrator process is associated with the login user name of MFP administrator as security attributes. These associations are reflected to the operation permissions for each user role. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 81: Table 40: Security Attributes Management Of Common Access Control Sfp

    Document user list of user documents Operation Panel Query, MFP administrator including received fax documents. (*1) Web browser modify -: No user roles are permitted for operations by the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 82: Table 41: Security Attributes Management Of Toe Function Access Control Sfp

    FMT_MSA.3(a) (Static attribute initialisation) The TOE sets the default value for the security attribute in Table 42 that corresponds to the object in Table 42 when generating the object listed in Table 42. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 83: Table 42: List Of Static Initialisation For Security Attributes Of Common Access Control Sfp

    For Fax Function: the value that identifies the Fax Function. FMT_MTD.1 (Management of TSF data) The TOE allows only specified users to operate the information of the TSF (TSF data) from the specified operation interfaces as shown in Table 43. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 84: Table 43: Management Of Tsf Data

    Operation Panel query, S/MIME user information Web browser delete Query Normal user Newly create, MFP administrator modify Destination information folder Operation Panel query, transmission Web browser delete Query Normal user Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 85 Query and deletion of audit logs by MFP administrator New creation of HDD cryptographic key by MFP administrator New creation, modification, query and deletion of S/MIME user information by MFP administrator Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 86 Query of login user name of that MFP administrator Modification of login password of that MFP administrator A supervisor is allowed the following operations: Query and modification of login user name of supervisor Modification of login password of supervisor Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 87 TOE and a client computer, which is a trusted IT product, for the operations via a Web browser of client computer, and the operations of printing, fax transmission, and fax data storage from client Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 88 The TOE provides S/MIME communication as a trusted channel of the TSF to protect the LAN communication between the TOE and servers for e-mailing to an SMTP Server, which are trusted IT products. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

This manual is also suitable for:

Aficio mp 9001 seriesAficio mp 8001 seriesAficio mp 7001 seriesAficio mp 6001 series

Table of Contents