Ricoh Aficio MP 3352 Security Target

Ricoh Aficio MP 3352 Manual

Get Ricoh Aficio MP 3352 PDF manuals and user guides View all Ricoh Aficio MP 3352 manuals
Add to My Manuals
Save this manual to your list of manuals

Ricoh Aficio MP 3352 manual content summary:

  • Ricoh Aficio MP 3352 | Security Target - Page 1
    Aficio MP 2352/2852/3352 series Security Target Author : RICOH COMPANY, LTD. Date : 2011-12-19 Version : 1.00 Portions of Aficio MP 2352/2852/3352 series Security Target are reprinted with written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey 08855, from IEEE 2600.1, Protection Profile
  • Ricoh Aficio MP 3352 | Security Target - Page 2
    Page 1 of 91 Version 1.00 Date 2011-12-19 Revision History Author RICOH COMPANY, LTD. Detail Publication version. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 3
    Definition of Users ...17 1.4.3.1. Direct User ...17 1.4.3.2. Indirect User ...18 1.4.4 Functions 22 1.4.5 Protected Assets ...24 1.4.5.1. User Data ...24 1.4.5.2. TSF Data ...25 1.4.5.3. in PP 30 2.4.2 Consistency Claim with Security Problems and Security Objectives in PP ......... 30 2.4.3
  • Ricoh Aficio MP 3352 | Security Target - Page 4
    Class FAU: Security audit 47 6.1.2 Class FCS: Cryptographic support 51 6.1.3 Class FDP: User data protection 52 6.1.4 Class FIA: Identification and authentication 56 Audit Function ...78 7.2 Identification and Authentication Function 80 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 5
    Restriction Function 84 7.5 Network Protection Function 85 7.6 Residual Data Overwrite Function 85 7.7 Stored Data Protection Function 86 7.8 Security Management Function 86 7.9 Software Verification Function 91 7.10 Fax Line Separation Function 91 Copyright (c) 2011 RICOH COMPANY, LTD. All
  • Ricoh Aficio MP 3352 | Security Target - Page 6
    Definition of User Data ...24 Table 8 : Definition of TSF Data ...25 Table 9 : Specific Terms Related to This ST 25 Table 10 : Rationale User Roles for Security Attributes (a 60 Table 26 : User Roles for Security Attributes (b 61 Table 27 : Authorised Identified Roles Allowed to Override Default
  • Ricoh Aficio MP 3352 | Security Target - Page 7
    Page 6 of 91 Table 36 : Stored Documents Access Control Rules for Normal Users 83 Table 37 : Encrypted Communications Provided by the TOE 85 Table 38 : List Static Initialisation for Security Attributes of Document Access Control SFP 90 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 8
    Unit Type 3352", or "Printer Unit Type 3352" and "Scanner Enhance Option Type 3352" must be installed on the MFP if the versions of Scanner and Printer are not displayed. Software System/Copy 1.04 Network Support 10.65 Fax 01.01.00 RemoteFax 01.00.00 Copyright (c) 2011 RICOH COMPANY, LTD
  • Ricoh Aficio MP 3352 | Security Target - Page 9
    Web Support Web Uapl animation Scanner Printer PCL PCL Font Data Erase Onb GWFCU3.5-1(WW) Engine OpePanel LANG0 LANG1 Ic Key Ic Hdd 1.00 1.01 1.00 1.00 01.01 1.02 1.00 1.12 1.03m 01.00.01 1.01:08 1.01 1.01 1.01 Hardware 01020714 01 Keywords : Digital MFP, Documents, Copy, Print, Scanner, Network
  • Ricoh Aficio MP 3352 | Security Target - Page 10
    MFP is connected to the office LAN, and users can perform the following operations from the Operation Panel of the MFP: - Various settings for the MFP, - Copy, fax, storage, and network transmission of paper documents, - Print, fax, network transmission, and deletion of the stored documents. Also
  • Ricoh Aficio MP 3352 | Security Target - Page 11
    client computer are as follows: - Various settings for the MFP using a Web browser installed on the client computer, - Operation of documents using a Web browser installed on the client computer, - Storage and printing of documents using the printer driver installed on the client computer, - Storage
  • Ricoh Aficio MP 3352 | Security Target - Page 12
    section describes Physical Boundary of TOE, Guidance Documents, Definition of Users, Logical Boundary of TOE, and Protected Assets. 1.4.1 Physical Boundary Controller Board, HDD, Ic Hdd, Network Unit, USB Port, SD Card Slot, and SD Card. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 13
    A volatile memory medium which is used as a working area for image processing such as compressing/decompressing the image data. It can also be used to temporarily read and write of random number generation, cryptographic key generation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 14
    installed: System/Copy, Network Support, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, paper documents, Printer Engine that is an output device to print and eject paper login user names and login passwords of normal users. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 15
    /MP 3352 Operating Instructions About This Machine D120-7523 - MP 2352/MP 2852/MP 3352 MP 2352/MP 2852/MP 3352 Aficio MP 2352/MP 2852/MP 3352 Operating Instructions Troubleshooting D120-7533 - Quick Reference Copy Guide D120-7517 - Quick Reference Printer Guide D595-7305 Copyright (c) 2011 RICOH
  • Ricoh Aficio MP 3352 | Security Target - Page 16
    Start Guide D085-7904B - MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP Aficio MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP Manuals and Safety Information for This Machine D120-7500 - Notes on Hard Disk Data Encryption D120-7549 - Manuals for Users MP
  • Ricoh Aficio MP 3352 | Security Target - Page 17
    /MP 3352/MP 3352SP Operating Instructions About This Machine D120-7525 - MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP Aficio MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP Operating Instructions Troubleshooting D120-7535 - Quick Reference Copy Guide
  • Ricoh Aficio MP 3352 | Security Target - Page 18
    Page 17 of 91 - Manuals for Users MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP Aficio MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP D595-7810 - Manuals for Administrators MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP Aficio MP 2352SP/MP 2852/MP 2852SP/MP 3352/MP 3352SP D595-7801 - SOFTWARE
  • Ricoh Aficio MP 3352 | Security Target - Page 19
    login password of the MFP administrator. Authorised to manage normal users. This privilege allows configuration of normal user settings. Authorised to specify MFP device behaviour (network of installation, setup, and maintenance of the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 20
    Figure 3 : Logical Scope of the TOE 1.4.4.1. Basic Functions The overview of the Basic Functions is described as follows: Copy Function The Copy Function is to scan paper documents and copy scanned image data from the Operation Panel. Magnification and other editorial jobs can be applied to the copy
  • Ricoh Aficio MP 3352 | Security Target - Page 21
    or store the documents the TOE receives from the printer driver installed on the client computer. It also allows users to print and delete the stored documents from the Operation Panel or a Web browser. - Receiving documents from the printer driver installed on the client computer. The TOE receives
  • Ricoh Aficio MP 3352 | Security Target - Page 22
    documents. Paper documents will be scanned and stored using the Operation Panel. printed, deleted and downloaded from a Web browser. According to the guidance document, users first install the specified fax driver on their own client computers, and then use this function. Copyright (c) 2011 RICOH
  • Ricoh Aficio MP 3352 | Security Target - Page 23
    Document Server documents. Also, users can print and delete fax documents. From a Web browser, users can print and delete Document Server documents, fax, print, download, and delete fax documents. Also, users can send scanner documents to folders or by e-mail, download and delete them. Management
  • Ricoh Aficio MP 3352 | Security Target - Page 24
    Operation Panel or via the network. By the network, users can use the TOE from a Web browser, printer/fax driver, and RC Gate. To use the TOE from the Operation Panel or a Web browser, a user will be required to enter his or her login user name and login password so that the user can be verified as
  • Ricoh Aficio MP 3352 | Security Target - Page 25
    is used, the protection function can be enabled using the fax driver to specify encrypted communication. When communicating with RC Gate, encrypted the TOE. Jobs specified by users. In this ST, a "user job" is referred to as a "job". Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved
  • Ricoh Aficio MP 3352 | Security Target - Page 26
    /Copy, Network Support, Scanner, Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, PCL Font, LANG0, LANG1 and Data Erase Onb. An identifier assigned to each normal user, MFP administrator, and supervisor. The TOE identifies users by this identifier. A password associated
  • Ricoh Aficio MP 3352 | Security Target - Page 27
    the TOE. The TOE authenticates TOE users by using the login user names and the login passwords registered on the external authentication server connected to the MFP via LAN. External Authentication implemented in the TOE includes Windows Authentication, LDAP Authentication, and Integration Server
  • Ricoh Aficio MP 3352 | Security Target - Page 28
    stored in the TOE after being printed with Document Server printing or stored print from the client computer, One of the security attributes of document data. A list of the login user names of the normal users whose access to documents is authorised, and it can be set for each document data. This
  • Ricoh Aficio MP 3352 | Security Target - Page 29
    for user access. The destination folder is registered and managed by the MFP administrator. A function to send documents by e-mail from the MFP via networks to the SMTP Server. The documents that can be delivered using this function include: scanned documents using Scanner Function, and scanned and
  • Ricoh Aficio MP 3352 | Security Target - Page 30
    .2. The selected SFR Packages from the PP are: 2600.1-PRT conformant 2600.1-SCN conformant 2600.1-CPY conformant 2600.1-FAX conformant 2600.1-DSR conformant Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 31
    the scanner device and print device, and have the Scanner Function, Printer Function or Problems and Security Objectives in PP Defining all security problems problem problems and security security problem definitions security problems and not affect any security problems and security objectives defined
  • Ricoh Aficio MP 3352 | Security Target - Page 32
    the security problems and For authentication of normal users of this TOE, APPLICATION NOTE 35, the authentications of users are assumed to be executed by and authentication methods for normal users or administrator, FIA_UAU.2 and authentication method for normal users or administrator and the
  • Ricoh Aficio MP 3352 | Security Target - Page 33
    the intended user. This user jobs, this ST rejects supervisor and RC Gate to operate document data and user users for this TOE. This indicates that the PP does not allow users to operate the TOE, unless they are identified as the users of document data and user the PP allows users with administrator
  • Ricoh Aficio MP 3352 | Security Target - Page 34
    TOE allows the MFP administrator to delete document data and user jobs (document access control SFP, FDP_ACC.1(a) and FDP_ACF.1(a)), and accessed when receiving from a telephone line, is regarded as a user with administrator privileges. Therefore, FDP_ACF.1.3(b) in this ST satisfies FDP_ACF.1.3(b) in
  • Ricoh Aficio MP 3352 | Security Target - Page 35
    Security Problem to persons without a login user name, or to persons with a login user name but without altered by persons without a login user name, or by persons with a login user name but without an to persons without a login user name, or to persons with a login user name but without an access
  • Ricoh Aficio MP 3352 | Security Target - Page 36
    , the TOE is placed in a restricted or monitored area that provides protection from physical access by unauthorised persons. A.USER.TRAINING User training The responsible manager of MFP trains users according to the guidance document and users are aware of the security policies and procedures of
  • Ricoh Aficio MP 3352 | Security Target - Page 37
    are competent to correctly configure and operate the TOE in accordance with the guidance document following those policies and procedures. A.ADMIN.TRUST Trusted administrator The responsible manager of MFP selects administrators who do not use their privileged access rights for malicious purposes
  • Ricoh Aficio MP 3352 | Security Target - Page 38
    login user name, or by persons with a login user user job alteration The TOE shall protect user jobs from unauthorised alteration by persons without a login user name, or by persons with a login user login user name, or by persons with a login user login user name, or by persons with a login user
  • Ricoh Aficio MP 3352 | Security Target - Page 39
    and authentication The TOE shall require identification and authentication of users and shall ensure that users are authorised in accordance with security policies before allowing them security violations, and only by authorised persons. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 40
    monitored area that provides protection from physical access to the TOE by unauthorised persons. OE.USER.AUTHORIZED Assignment of user authority The responsible manager of MFP shall give users and procedures. OE.ADMIN.TRUSTED Trusted administrator The RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 41
    Objectives Table 10 describes the USER.AUTHORIZATION X X P.SOFTWARE.VERIFICATION X P.AUDIT.LOGGING X XXX P.INTERFACE.MANAGEMENT X X P.STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH
  • Ricoh Aficio MP 3352 | Security Target - Page 42
    being allowed to use the TOE. By O.DOC.NO_DIS, the TOE protects the documents from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to those documents. T.DOC.DIS is countered by these objectives. T.DOC.ALT T.DOC.ALT
  • Ricoh Aficio MP 3352 | Security Target - Page 43
    protects the TSF confidential data from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to the TSF confidential data. T. is enforced by this objective. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 44
    objective. A.ACCESS.MANAGED A.ACCESS.MANAGED is upheld by OE.PHYSICAL.MANAGED. By OE.PHYSICAL.MANAGED, the TOE is located in a restricted or monitored environment according to the guidance documents and is protected from the physical access by the unauthorised persons. A.ACCESS.MANAGED is upheld by
  • Ricoh Aficio MP 3352 | Security Target - Page 45
    not abuse their privileges in accordance with the guidance documents. A.ADMIN.TRUST is upheld by this objective. A.USER.TRAINING A.USER.TRAINING is upheld by OE.USER.TRAINED. By OE.USER.TRAINED, the responsible manager of MFP instructs the users in accordance with the guidance documents to make them
  • Ricoh Aficio MP 3352 | Security Target - Page 46
    checks and process data received on one external interface before such (processed) data are allowed to be transferred to another external interface. Examples Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 47
    decided to define an extended component to address this functionality. This extended component protects both user data and TSF data, and it could therefore be placed in either the FDP or the [assignment: the LAN and telephone line]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 48
    /ST, [assignment: types of job for FDP_ACF.1(a), all login user names that attempted the user identification for FIA_UID.1, communication direction of Web Function, communication IP address of the communication used for Web Function and folder transmission, recipient's e-mail address used for e-mail
  • Ricoh Aficio MP 3352 | Security Target - Page 49
    above, "storing, printing, downloading, faxing, sending by e-mail, delivering to folder, and deleting", are the job types of additional information that are required by the PP. Original: Not recorded. b) Basic: Success and failure of login operation Copyright (c) 2011 RICOH COMPANY, LTD. All
  • Ricoh Aficio MP 3352 | Security Target - Page 50
    and failure of login operation. Also includes the user identification that is required by the PP as the additional information. b) Basic: Success and failure of login operation a) Minimal: Record of management items in Table 30. No record due to no modification. a) Minimal: Settings of Year-Month
  • Ricoh Aficio MP 3352 | Security Target - Page 51
    communication with trusted channel. FAU_GEN.2 User identity association Hierarchical to: No users, the TSF shall be able to associate each auditable event with the identity of the user the audit records in a manner suitable for the user to interpret the information. FAU_SAR.2 Restricted audit review
  • Ricoh Aficio MP 3352 | Security Target - Page 52
    other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key data on HDD - Decryption when reading the data from HDD Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 53
    Objects, and Operations among Subjects and Objects (b) Subjects Object Operation - Normal user process - MFP administrator process - Supervisor process - RC Gate process - Subset access control FMT_MSA.3 Static attribute initialisation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 54
    Supervisor process RC Gate process Document data Object User job Security Attributes - Login user name of normal user - User role - User role - User role - User role - Document data attribute - Document user list - Login user name of normal user FDP_ACF.1.2(a) The TSF shall enforce the following
  • Ricoh Aficio MP 3352 | Security Target - Page 55
    Read User jobs No setting of document data attribute Delete Normal user process Normal user process Normal user process Normal user process Normal user process Normal user process Normal user process Page 54 of 91 Not allowed. However, it is allowed for normal user process with login user name
  • Ricoh Aficio MP 3352 | Security Target - Page 56
    process MFP application Security Attributes - Login user name of normal user - Available function list - User role - User role - User role - Function type FDP_ACF.1.2(b) The operated using administrator permission is surely permitted]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 57
    User authentication using the Operation Panel User authentication using the TOE from client computer Web browser User authentication when printing from the client computer User time set by the MFP administrator, release operation by a supervisor or the TOE's restart. Copyright (c) 2011 RICOH COMPANY
  • Ricoh Aficio MP 3352 | Security Target - Page 58
    digits) Symbols: SP (spaces 33 symbols) (2) Registrable password length: For normal users: No fewer password complexity setting specified by the MFP administrator can be registered. The MFP administrator specifies either Level 1 or Level 2 for password complexity setting. Copyright (c) 2011 RICOH
  • Ricoh Aficio MP 3352 | Security Target - Page 59
    : No other components. Dependencies: No dependencies. FIA_UID.1.1(a) The TSF shall allow [assignment: the viewing of the list of user jobs, Web Image Monitor Help from a Web browser, system status, counter and information of inquiries, execution of fax reception, and repair request notification] on
  • Ricoh Aficio MP 3352 | Security Target - Page 60
    the viewing of the list of user jobs, Web Image Monitor Help from a Web browser, system status, counter User Security Attributes - Login user name of normal user - User role - Available function list - User role - Login user name of MFP administrator - User role - User role Copyright (c) 2011 RICOH
  • Ricoh Aficio MP 3352 | Security Target - Page 61
    Operation Permission MFP administrator Normal user who owns the applicable login user name MFP administrator Supervisor MFP administrator MFP administrator who owns the applicable login user name Supervisor None No operation permitted None Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved
  • Ricoh Aficio MP 3352 | Security Target - Page 62
    Authentication) No operation permitted No operation permitted User Roles with operation permission MFP administrator Normal user who owns the applicable login user name MFP administrator MFP administrator Applicable normal user None None Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 63
    Default Values Objects Document data Document data [when document data attribute is (+DSR)] Document data [when document data attributes are (+PRT), (+SCN), (+CPY), (+FAXIN), and (+FAXOUT)] User job Security Attributes Document data attribute Document user list Document user list Login user default
  • Ricoh Aficio MP 3352 | Security Target - Page 64
    TSF Data Login password of normal user for Basic Authentication Operations Newly create, modify Modify Login password of supervisor Login password of MFP Password complexity setting for Basic Authentication Audit logs HDD cryptographic key S/MIME user information Destination information for folder
  • Ricoh Aficio MP 3352 | Security Target - Page 65
    MFP administrator by MFP administrator Query and modification of own login user name by MFP administrator Query of login user name of MFP administrator by supervisor New creation and modification of login password of normal user by MFP administrator when the Basic Authentication is used Modification
  • Ricoh Aficio MP 3352 | Security Target - Page 66
    transmission by MFP administrator Query of destination information for folder transmission by normal user Query and modification of users for stored and received documents by MFP administrator Query of user authentication method by MFP administrator FMT_SMR.1 Security roles Hierarchical to: No
  • Ricoh Aficio MP 3352 | Security Target - Page 67
    of document data reception from the printer driver, completion of document data reception from the fax driver, and termination of communication with RC was added to the set of components defined in evaluation assurance level 3 (EAL3). Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved
  • Ricoh Aficio MP 3352 | Security Target - Page 68
    ADV: Development AGD: Guidance documents ALC: Life-cycle support ASE: Security Target evaluation ATE: Tests AVA: Vulnerability assessment objectives Derived security requirements Security problem definition TOE summary specification Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 69
    O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O. .1(b) FMT_MSA.3(a) X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 70
    of the security attributes. FMT_MSA.1(a) specifies the available operations (newly create, query, modify and delete) on the login user name, and available operations (query and modify) on the document user list, and a specified user Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 71
    operations (newly create, query, modify and delete) on the login user name, and available operations (query and modify) on the document user list, and a specified user is thus restricted to perform each operation. FMT_MSA.3(a) surely sets the restrictive value to the security attributes of document
  • Ricoh Aficio MP 3352 | Security Target - Page 72
    login user name to specified users only. FMT_MSA.3(a) sets the restrictive value to the security attributes of user jobs (object) when the user MIME user information, destination folder and users user to operate the login password of normal user. A supervisor is allowed to operate the login password
  • Ricoh Aficio MP 3352 | Security Target - Page 73
    so that only valid users can use the TOE functions. The authentication failure handling and verification of secrets are the security policies for authentication using passwords when the TOE is accessed from the Operation Panel or a Web browser of client computer, documents are printed by using the
  • Ricoh Aficio MP 3352 | Security Target - Page 74
    the security attributes. According to FMT_MSA.1(b), the login user name and available function list of normal user are managed by the MFP administrator, and users are not allowed to operate the function type. FMT_MSA.3(b) sets the restrictive default value to the function type. By satisfying FDP_ACC
  • Ricoh Aficio MP 3352 | Security Target - Page 75
    the data to be written into the HDD is encrypted. To fulfil this security objective, it is required to implement the following countermeasures. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 76
    for Security Function. (5) Specification of the roles. FMT_SMR.1 maintains the users who have the privileges. By satisfying FCS_CKM.1, FCS_COP.1, FMT_MTD.1, FMT_SMF.1 and Not Satisfied in ST None None None None None None FCS_CKM.4 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 77
    .4 None None None None None None None None None None None None None None None None None None None None None None None Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 78
    procedure (ALC_FLR.2). Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is appropriate for this TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 79
    Success and failure of login operations (except login operations from RC Gate) Success and failure of login operations from RC Gate communication interface Table 30 Record of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. All
  • Ricoh Aficio MP 3352 | Security Target - Page 80
    Web Function communication Folder transmission E-mail transmission Printing via networks LAN Fax via networks Storing document data Reading document data (print, download, fax transmission, e-mail transmission, and folder Setting Values User or TOE identity for an audit event caused by the user
  • Ricoh Aficio MP 3352 | Security Target - Page 81
    Application of Basic Authentication The TOE identifies and authenticates a user by checking the login user name and login password entered by the user. However, regarding the viewing of user job lists, Web Image Monitor Help from a Web browser, system status, the counter and information of inquiries
  • Ricoh Aficio MP 3352 | Security Target - Page 82
    if the fixed auto logout time (30 minutes by default) elapses after the final operation from a Web browser by the user who logs on to the TOE from a Web browser. The TOE logs out immediately after receiving the print data from the printer driver. The TOE logs out immediately after receiving the
  • Ricoh Aficio MP 3352 | Security Target - Page 83
    Login passwords for users can be registered only if these passwords meet the following conditions: (1) Usable characters and types: Upper-case letters: [A-Z] (26 letters) Lower-case letters: [a-z] (26 letters) Numbers: [0-9] (ten digits) Symbols: SP certificate is a set of identification and
  • Ricoh Aficio MP 3352 | Security Target - Page 84
    user logs in from the Operation Panel or a Web browser, the TOE displays a list of the stored documents whose operations are authorised and the menu for the authorised operations (printing, downloading to the client computers, fax transmission, e-mail transmission, sending to folders, deletion
  • Ricoh Aficio MP 3352 | Security Target - Page 85
    Server documents Scanner documents Fax transmission documents Printer documents Fax reception documents Print Delete E-mail transmission Folder transmission Download Delete (E-mail transmission and folder transmission are authorised for normal users who are privileged to use Scanner Function
  • Ricoh Aficio MP 3352 | Security Target - Page 86
    administrator, the user can operate Fax Reception Function that corresponds to MFP management. If the role is that of supervisor and RC Gate, using any functions is not allowed. 7.5 Network Protection Function The Network Protection Function is to provide network monitoring to prevent information
  • Ricoh Aficio MP 3352 | Security Target - Page 87
    to operate the Security Management Function, and 3) set appropriate default values to security attributes, all of which accord with user role privileges or user privileges that are assigned to normal users, MFP administrator, or supervisor. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 3352 | Security Target - Page 88
    printer document (with stored print) Document user list Stored document type is fax received document(*2) Default values of the document user list Available function list Operation Interface Operation Panel, Web browser Operation Panel, Web browser Operation Panel, Web browser Operation Panel, Web
  • Ricoh Aficio MP 3352 | Security Target - Page 89
    Function types User roles Login passwords of normal users when Basic Authentication is applied Login password of supervisor Login password of MFP administrator No operation interfaces available No operation interfaces available Operation Panel, Web browser No operations allowed No operations
  • Ricoh Aficio MP 3352 | Security Target - Page 90
    folder Users for stored and received documents User authentication procedures Operation Panel, Web browser Operation Panel, Web browser Operation Panel, Web browser Page 89 of 91 Query, (Query operation for a user received document users. FMT_MSA.3(a) and FMT_MSA.3(b) The TOE sets default values
  • Ricoh Aficio MP 3352 | Security Target - Page 91
    Function) Document user list Document user list Document user list Login user name of normal user Function type Default values +PRT: Documents printed from the client computer with direct print, locked print, hold print, and sample print. +SCN: Documents sent by e-mail or to folders from the MFP
  • Ricoh Aficio MP 3352 | Security Target - Page 92
    that the integrity of the FCU Control Software can be verified. 7.10 Fax Line Separation Function The Fax Line Separation Function is to receive performed, the line is disconnected. Since the TOE is set to prohibit forwarding of received fax data during installation, received fax data will
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Aficio MP 2352/2852/3352 series
Security Target
Author : RICOH COMPANY, LTD.
Date
: 2011-12-19
Version : 1.00
Portions of Aficio MP 2352/2852/3352 series Security Target are reprinted
with written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey
08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices,
Operational Environment A, Copyright © 2009 IEEE. All rights reserved.
This document is a translation of the evaluated and certified security target
written in Japanese.