Ricoh Aficio MP C7501SP Manual
  1. Manuals
  2. Brands
  3. Ricoh Manuals
  4. All in One Printer
  5. Aficio MP C7501SP
  6. Manual
Ricoh Aficio MP C7501SP Manual

Ricoh Aficio MP C7501SP Manual

Security policy
Hide thumbs Also See for Aficio MP C7501SP:
Table of Contents

Advertisement

Quick Links

Download this manual
Portions of imagio MP C6001/C7501 series Security Target are reprinted with
written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey
08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices,
Operational Environment A, Copyright © 2009 IEEE. All rights reserved.
This document is a translation of the evaluated and certified security target
written in Japanese.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
imagio MP C6001/C7501 series
Security Target
Author : RICOH COMPANY, LTD.
Date
: 2011-09-15
Version : 1.00

Advertisement

Table of Contents
loading

Related Manuals for Ricoh Aficio MP C7501SP

Summary of Contents for Ricoh Aficio MP C7501SP

  • Page 1 08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices, Operational Environment A, Copyright © 2009 IEEE. All rights reserved. This document is a translation of the evaluated and certified security target written in Japanese. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 2: Revision History

    Page 1 of 89 Revision History Version Date Author Detail 1.00 2011-09-15 RICOH COMPANY, LTD. Publication version. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 3: Table Of Contents

    Consistency Claim with TOE Type in PP ...............28 2.4.2 Consistency Claim with Security Problems and Security Objectives in PP ..28 2.4.3 Consistency Claim with Security Requirements in PP..........29 Security Problem Definitions....................32 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 4 Security Requirements Rationale ................65 6.3.1 Tracing ........................65 6.3.2 Justification of Traceability..................67 6.3.3 Dependency Analysis....................73 6.3.4 Security Assurance Requirements Rationale ............75 TOE Summary Specification....................76 Audit Function ......................76 Identification and Authentication Function ..............78 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 5 Network Protection Function..................83 Residual Data Overwrite Function................83 Stored Data Protection Function ................. 84 Security Management Function .................. 84 Software Verification Function ..................89 7.10 Fax Line Separation Function ..................89 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 6 Table 33 : Stored Documents Access Control Rules for Normal Users ............81 Table 34 : Encrypted Communications Provided by the TOE ..............83 Table 35 : List of Cryptographic Operations for Stored Data Protection ............84 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 7 Page 6 of 89 Table 36 : Management of TSF Data ......................85 Table 37 : List of Static Initialisation for Security Attributes of Document Access Control SFP ....88 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 8: St Introduction

    - Ricoh imagio MP C7501 SP System/Copy 1.03 Network Support 9.62 Scanner 01.05 Printer 1.03 02.00.00 RemoteFax 02.00.00 Web Support 1.04 Web Uapl 1.01 NetworkDocBox 1.01 animation 1.00 RPCS 3.10.6 RPCS Font 1.00 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 9: Toe Overview

    This TOE is a digital multi function product (hereafter "MFP"), which is an IT device that inputs, stores, and outputs documents. 1.3.2 TOE Usage The operational environment of the TOE is illustrated below and the usage of the TOE is outlined in this section. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 10: Figure 1 : Example Of Toe Environment

    Print, fax, network transmission, and deletion of the stored documents. Also, the TOE receives information via telephone lines and can store it as a document. Network used in the TOE environment. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 11: Major Security Features Of Toe

    The TOE stores documents in it, and sends and receives documents to and from the IT devices connected to the LAN. To ensure provision of confidentiality and integrity for those documents, the TOE has the following security features: Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 12: Toe Description

    The physical boundary of the TOE is the MFP, which consists of the following hardware components (shown in Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, Controller Board, HDD, Ic Ctlr, Network Unit, USB Port, SD Card Slot, and SD Card. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 13: Figure 2 : Hardware Configuration Of The Toe

    NVRAM A non-volatile memory medium in which TSF data for configuring MFP operations is stored. Ic Key A security chip that has the functions of random number generation, cryptographic key generation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 14 TOE, is the identifier of the Fax Unit. The HDD is a hard disk drive that is a non-volatile memory medium. It stores documents, login user names and login passwords of normal users. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 15: Guidance Documents

    MP C7501/C6001 series Operating Instructions <Notes on Security Functions> D081-7685 Notes for Administrators: using this Machine in a Network Environment Compliant with IEEE Std. 2600.1 -2009 D081-7684 Help 83NHBNJAR1.10 v110 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 16: Definition Of Users

    Authorised to specify MFP device behaviour Machine management (network behaviours excluded). This privilege privilege allows configuration of device settings and view of the audit log. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 17: Indirect User

    Customer engineer The customer engineer is a person who belongs to the organisation which maintains TOE operation. The customer engineer is in charge of installation, setup, and maintenance of the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 18: Logical Boundary Of Toe

    The Copy Function is to scan paper documents and copy scanned image data from the Operation Panel. Magnification and other editorial jobs can be applied to the copy image. It can also be stored on the HDD as a Document Server document. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 19 TOE and with which secure communication can be ensured. E-mail transmission is possible only with the mail server and e-mail addresses that the MFP administrator pre-registers in the TOE and with which secure communication can be ensured. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 20 Documents can be printed and deleted using the Operation Panel, while they can be printed, deleted and downloaded from a Web browser. According to the guidance document, users first install the specified fax driver on their own client computers, and then use this function. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 21: Security Functions

    Also, this function provides the recorded audit log in a legible fashion for users to audit. This function can be used only by the MFP administrator to view and delete the recorded audit log. To view and delete the audit log, the Web Function will be used. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 22 If the Printer Function is used, the protection function can be enabled using the printer driver to specify encrypted communication. If the folder transmission function of Scanner Function is used, the protection function can be enabled through encrypted communication. If the e-mail Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 23: Protected Assets

    Digitised documents, deleted documents, temporary documents and their fragments, which are managed by the TOE. Function data Jobs specified by users. In this ST, a "user job" is referred to as a "job". Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 24: Tsf Data

    Support, Web Uapl, NetworkDocBox, animation, RPCS, RPCS Font, LANG0, LANG1 and Data Erase Opt. Login user name An identifier assigned to each normal user, MFP administrator, and supervisor. The TOE identifies users by this identifier. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 25 +PRT One of the document data attributes. Documents printed from the client computer, or documents stored in the TOE by locked print, hold print, and sample print using the client computer. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 26 This list is assigned as an attribute of each normal user. Operation Panel Consists of a touch screen LCD and key switches. The Operation Panel is used by users to operate the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 27 The TOE displays the Repair Request Notification screen on the Operation Panel if paper jams frequently occur, or if the door or cover of the TOE is left open for a certain period of time while jammed paper is not removed. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 28: Conformance Claim

    Package Claims The SAR package which this ST and TOE conform to is EAL3+ALC_FLR.2. The selected SFR Packages from the PP are: 2600.1-PRT conformant 2600.1-SCN conformant 2600.1-CPY conformant 2600.1-FAX conformant 2600.1-DSR conformant Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 29: Conformance Claim Rationale

    TOE and RC Gate. Also, the protected assets are not operated from the RC Gate. For these reasons, these communications do not affect any security problems and security objectives defined in the PP. Therefore, P.RCGATE.COMM.PROTECT and O.RCGATE.COMM.PROTECT were augmented, yet still conform to the PP. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 30: Consistency Claim With Security Requirements In Pp

    The refinement of FIA_UAU.2 and FIA_UID.2 is to identify the identification and authentication method for normal users or administrator and the identification and authentication method for RC Gate; it is not to change the security requirements specified by the PP. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 31 While FDP_ACF.1.3(b) in the PP allows users with administrator privileges to operate the TOE functions, this ST allows them to operate Fax Reception Function only, which is part of the TOE functions. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 32 The fax reception process, which is accessed when receiving from a telephone line, is regarded as a user with administrator privileges. Therefore, FDP_ACF.1.3(b) in this ST satisfies FDP_ACF.1.3(b) in the PP. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 33: Security Problem Definitions

    TSF Confidential Data under the TOE management may be altered by persons without a login user name, or by persons with a login user name but without an access permission to the TSF Confidential Data. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 34: Organisational Security Policies

    The responsible manager of MFP trains users according to the guidance document and users are aware of the security policies and procedures of their organisation and are competent to follow those policies and procedures. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 35 A.ADMIN.TRUST Trusted administrator The responsible manager of MFP selects administrators who do not use their privileged access rights for malicious purposes according to the guidance document. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 36: Security Objectives

    The TOE shall protect TSF Confidential Data from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the TSF Confidential Data. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 37: Security Objectives Of Operational Environment

    If audit logs are exported to a trusted IT product, the responsible manager of MFP shall ensure that those logs can be accessed in order to detect potential security violations, and only by authorised persons. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 38: Non-It Environment

    Log audit The responsible manager of MFP shall ensure that audit logs are reviewed at appropriate intervals according to the guidance document for detecting security violations or unusual patterns of activity. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 39: Security Objectives Rationale

    Table 7 describes the correspondence between the assumptions, threats and organisational security policies, and each security objective. Table 7 : Rationale for Security Objectives T.DOC.DIS T.DOC.ALT T.FUNC.ALT T.PROT.ALT T.CONF.DIS T.CONF.ALT P.USER.AUTHORIZATION P.SOFTWARE.VERIFICATION P.AUDIT.LOGGING P.INTERFACE.MANAGEMENT P.STORAGE.ENCRYPTION P.RCGATE.COMM.PROTECT A.ACCESS.MANAGED A.ADMIN.TRAINING A.ADMIN.TRUST A.USER.TRAINING Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 40: Security Objectives Descriptions

    TOE. By O.PROT.NO_ALT, the TOE protects the TSF protected Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 41 P.USER.AUTHORIZATION is enforced by these objectives. P. SOFTWARE.VERIFICATION P.SOFTWARE.VERIFICATION is enforced by O.SOFTWARE.VERIFIED. By O.SOFTWARE.VERIFIED, the TOE provides measures for self-verifying the executable code of the TSF. P.SOFTWARE.VERIFICATION is enforced by this objective. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 42 By OE.PHYSICAL.MANAGED, the TOE is located in a restricted or monitored environment according to the guidance documents and is protected from the physical access by the unauthorised persons. A.ACCESS.MANAGED is upheld by this objective. A.ADMIN.TRAINING A.ADMIN.TRAINING is upheld by OE.ADMIN.TRAINED. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 43 By OE.USER.TRAINED, the responsible manager of MFP instructs the users in accordance with the guidance documents to make them aware of the security policies and procedures of their organisation, and the users follow those policies and procedures. OE.USER.TRAINED is upheld by this objective. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 44: Extended Components Definition

    Quite often, a TOE is supposed to perform specific checks and process data received on one external interface before such (processed) data are allowed to be transferred to another external interface. Examples Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 45 The TSF shall provide the capability to restrict data received on [assignment: the Operation Panel, LAN, telephone line] from being forwarded without further processing by the TSF to [assignment: the LAN and telephone line]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 46: Security Requirements

    RC Gate]. Table 8 shows the action (CC rules) recommended by the CC as auditable for each functional requirement and the corresponding auditable events of the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 47: Table 8 : List Of Auditable Events

    Minimal: Unsuccessful use of the b) Basic: Success and failure of login authentication mechanism; operation b) Basic: All use of the authentication mechanism; c) Detailed: All TSF mediated actions performed before authentication of the user. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 48 Basic: All attempted uses of the trusted channel functions. d) Basic: Identification of the initiator and target of all trusted channel functions. FAU_GEN.2 User identity association Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 49: Class Fcs: Cryptographic Support

    FCS_COP.1 Cryptographic operation] FCS_CKM.4 Cryptographic key destruction FCS_CKM.1.1 The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm [assignment: cryptographic key generation algorithm in Table 9] and Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 50: Class Fdp: User Data Protection

    FDP_ACF.1 Security attribute based access control FDP_ACC.1.1(a) The TSF shall enforce the [assignment: document access control SFP] on [assignment: list of subjects, objects, and operations among subjects and objects in Table 11]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 51: Table 11 : List Of Subjects, Objects, And Operations Among Subjects And Objects (A)

    Table 13 : Subjects, Objects and Security Attributes (a) Category Subjects or Objects Security Attributes Subject Normal user process - Login user name of normal user - User role Subject MFP administrator process - User role Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 52: Table 14 : Rules To Control Operations On Document Data And User Jobs (A)

    Document +CPY Delete Normal user Not allowed. However, it is allowed for data process normal user process that created the document data. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 53: Table 15 : Additional Rules To Control Operations On Document Data And User Jobs (A)

    [assignment: deny the operations on the document data and user jobs in case of supervisor process or RC Gate process]. FDP_ACF.1(b) Security attribute-based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 54: Table 16 : Subjects, Objects And Security Attributes (B)

    No dependencies. FDP_RIP.1.1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the [selection: deallocation of the resource from] the following objects: [assignment: user documents]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 55: Class Fia: Identification And Authentication

    No dependencies. FIA_ATD.1.1 The TSF shall maintain the following list of security attributes belonging to individual users: [assignment: the security attributes listed in Table 20 for each user in Table 20]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 56: Table 20 : List Of Security Attributes For Each User That Shall Be Maintained

    Help from a Web browser, system status, counter and information of inquiries, execution of fax reception, and repair request notification] on behalf of the user to be performed before the user is authenticated (refinement: authentication with Basic Authentication). Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 57 No dependencies. FIA_UID.1.1(b) The TSF shall allow [assignment: the viewing of the list of user jobs, Web Image Monitor Help from a Web browser, system status, counter and information of inquiries, execution Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 58: Class Fmt: Security Management

    The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users: [assignment: none]. 6.1.5 Class FMT: Security management FMT_MSA.1(a) Management of security attributes Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 59: Table 22 : User Roles For Security Attributes (A)

    [when document data attribute is (+DSR)] modify document data Document user list Query, MFP administrator [when document data attribute modify (+FAXIN)] -: No user roles are permitted for operations by the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 60: Table 23 : User Roles For Security Attributes (B)

    FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles FMT_MSA.3.1(a) The TSF shall enforce the [assignment: document access control SFP] to provide [selection: restrictive] default values for security attributes that are used to enforce the SFP. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 61: Table 24 : Authorised Identified Roles Allowed To Override Default Values

    The TSF shall restrict the ability to [selection: query, modify, delete, [assignment: newly create]] the [assignment: list of TSF data in Table 25] to [assignment: the user roles in Table 25]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 62: Table 25 : List Of Tsf Data

    Query Normal user Users for stored and received documents Query, modify MFP administrator User authentication method Query MFP administrator FMT_SMF.1 Specification of Management Functions Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 63: Table 26 : List Of Specification Of Management Functions

    Query and deletion of audit logs by MFP administrator New creation of HDD encryption key by MFP administrator New creation, modification, query and deletion of S/MIME user information by MFP administrator Query of S/MIME user information by normal user Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 64: Class Fpt: Protection Of The Tsf

    The TSF shall provide the capability to restrict data received on [assignment: the Operation Panel, LAN, telephone line] from being forwarded without further processing by the TSF to [assignment: the LAN and telephone line]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 65: Class Fta: Toe Access

    Development ADV_FSP.3 Functional specification with complete summary ADV_TDS.2 Architectural design AGD: AGD_OPE.1 Operational user guidance Guidance documents AGD_PRE.1 Preparative procedures ALC: ALC_CMC.3 Authorisation controls Life-cycle support ALC_CMS.3 Implementation representation CM coverage Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 66: Security Requirements Rationale

    Table 28 shows the relationship between the TOE security functional requirements and TOE security objectives. Table 28 shows that each TOE security functional requirement fulfils at least one TOE security objective. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 67: Table 28 : Relationship Between Security Objectives And Functional Requirements

    Table 28 : Relationship between Security Objectives and Functional Requirements FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FCS_CKM.1 FCS_COP.1 FDP_ACC.1(a) FDP_ACC.1(b) FDP_ACF.1(a) FDP_ACF.1(b) FDP_RIP.1 FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU.1(a) FIA_UAU.1(b) FIA_UAU.2 FIA_UAU.7 FIA_UID.1(a) FIA_UID.1(b) FIA_UID.2 FIA_USB.1 FPT_FDI_EXP.1 FMT_MSA.1(a) FMT_MSA.1(b) FMT_MSA.3(a) Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 68: Justification Of Traceability

    FMT_MSA.1(a) specifies the available operations (newly create, query, modify and delete) on the login user name, and available operations (query and modify) on the document user list, and a specified user Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 69 Deletion is the only modification operation on this TOE's user jobs. (2) Use trusted channels for sending or receiving user jobs. The user jobs sent and received by the TOE via the LAN are protected by FTP_ITC.1. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 70 The TSF confidential data sent and received by the TOE via the LAN are protected by FTP_ITC.1. By satisfying FMT_MTD.1, FMT_SMF.1, FMT_SMR.1 and FTP_ITC.1, which are the security functional requirements for these countermeasures, O.CONF.NO_DIS is fulfilled. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 71 FDP_ACC.1(b) and FDP_ACF.1(b) allow the applicable normal user to use the MFP application according to the operation permission granted to the successfully identified and authenticated normal user. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 72 (2) Automatically terminate the connection to the Operation Panel and LAN interface. FTA_SSL.3 terminates the session after no operation is performed from the Operation Panel or LAN interface for certain period. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 73 O.STORAGE.ENCRYPTED Encryption of storage devices O.STORAGE.ENCRYPTED is the security objective to ensure the data to be written into the HDD is encrypted. To fulfil this security objective, it is required to implement the following countermeasures. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 74: Dependency Analysis

    Satisfied in ST Not Satisfied in Requirements FAU_GEN.1 FPT_STM.1 FPT_STM.1 None FAU_GEN.2 FAU_GEN.1 FAU_GEN.1 None FIA_UID.1 FIA_UID.1 FAU_STG.1 FAU_GEN.1 FAU_GEN.1 None FAU_STG.4 FAU_STG.1 FAU_STG.1 None FAU_SAR.1 FAU_GEN.1 FAU_GEN.1 None FAU_SAR.2 FAU_SAR.1 FAU_SAR.1 None Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 75 FMT_SMR.1 FMT_SMF.1 FMT_SMF.1 FMT_MSA.1(b) [FDP_ACC.1(b) FDP_ACC.1(b) None or FDP_IFC.1] FMT_SMR.1 FMT_SMR.1 FMT_SMF.1 FMT_SMF.1 FMT_MSA.3(a) FMT_MSA.1(a) FMT_MSA.1(a) None FMT_SMR.1 FMT_SMR.1 FMT_MSA.3(b) FMT_MSA.1(b) FMT_MSA.1(b) None FMT_SMR.1 FMT_SMR.1 FMT_MTD.1 FMT_SMR.1 FMT_SMR.1 None FMT_SMF.1 FMT_SMF.1 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 76: Security Assurance Requirements Rationale

    TOE operation according to flow reporting procedure (ALC_FLR.2). Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is appropriate for this TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 77: Toe Summary Specification

    Shutdown of the Audit Function (*1) Success and failure of login operations (*2) Success and failure of login operations from RC Gate communication interface Table 26 Record of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 78: Table 31 : List Of Audit Log Items

    - Web Function communication address - Folder transmission - Printing via networks - LAN Fax via networks - Communication with RC Gate Communicating e-mail Communicating e-mail - E-mail transmission address address for e-mail transmission Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 79: Identification And Authentication Function

    When the sent login user name and login password are identified and authenticated, the user is allowed to use the TOE according to the identified user role. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 80: Table 32 : Unlocking Administrators For Each User Role

    "unlocking administrator" shown in Table 32 and specified for each user role releases the lockout. Table 32 : Unlocking Administrators for Each User Role User Roles (Locked out Users) Unlocking Administrators Normal user MFP administrator Supervisor MFP administrator MFP administrator Supervisor Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 81: Document Access Control Function

    The TOE controls user operations for document data and user jobs in accordance with (1) access control rule on document data and (2) access control rule on user jobs. (1) Access control rule on document data Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 82: Table 33 : Stored Documents Access Control Rules For Normal Users

    Operation Scanner Function Scanner documents Folder transmission Panel Delete Fax transmission Operation Fax transmission Folder transmission Fax Function Panel documents Print Delete Operation Print Fax Function Fax reception documents Panel Delete Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 83: Use-Of-Feature Restriction Function

    The Use-of-Feature Restriction Function is to authorise TOE users to use Copy Function, Printer Function, Scanner Function, Document Server Function and Fax Function in accordance with the roles of the identified and authenticated TOE users and user privileges set for each user. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 84: Network Protection Function

    For sequential overwriting, the TOE constantly monitors the information on a residual data area, and overwrites the area if any existing residual data is discovered. If the user deletes document data, the TOE Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 85: Stored Data Protection Function

    Function, and 3) set appropriate default values to security attributes, all of which accord with user role privileges or user privileges that are assigned to normal users, MFP administrator, or supervisor. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 86 Web browser modify user who stored the documents Query, MFP administrator modify Query Operation Panel, Available function list (Query is Web browser Applicable normal unavailable for user External Authentication) Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 87 Query, Audit log Web browser MFP administrator delete HDD cryptographic key Operation panel Newly create MFP administrator Newly create, Operation Panel, modify, S/MIME user information MFP administrator Web browser query, delete Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 88 FMT_MSA.3(a) and FMT_MSA.3(b) The TOE sets default values for objects and subjects according to the rules described in Table 37 when those objects and subjects are generated. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Page 89 Document Server Function, or Fax Function is available. For Basic Authentication, these values are specified by the MFP administrator. For External Authentication, the values indicate that none of the functions is available. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • Page 90: Software Verification Function

    Since the TOE is set to prohibit forwarding of received fax data during installation, received fax data will not be forwarded. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

This manual is also suitable for:

Imagio mp c6001 seriesImagio mp c7501 series

Table of Contents