Ricoh Aficio MP 4002 Security Target

Ricoh Aficio MP 4002 Manual

Get Ricoh Aficio MP 4002 PDF manuals and user guides View all Ricoh Aficio MP 4002 manuals
Add to My Manuals
Save this manual to your list of manuals

Ricoh Aficio MP 4002 manual content summary:

  • Ricoh Aficio MP 4002 | Security Target - Page 1
    1.00 Portions of Aficio MP 4002/5002 series Security Target are reprinted with written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey 08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices, Operational Environment A, Copyright © 2009 IEEE. All rights reserved. This document is
  • Ricoh Aficio MP 4002 | Security Target - Page 2
    Page 1 of 93 Version 1.00 Date 2012-04-11 Revision History Author RICOH COMPANY, LTD. Detail Publication version. Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 4002 | Security Target - Page 3
    Page 2 of 93 Table of Contents 1 ST Introduction ...7 1.1 ST Reference ...7 1.2 TOE Reference ...7 1.3 TOE Overview ...8 1.3.1 TOE Type ...8 1.3.2 TOE Usage ...8 1.3.3 Major Security Features of TOE 11 1.4 TOE Description...11 1.4.1 Physical Boundary of TOE 11 1.4.2 Guidance Documents Problems
  • Ricoh Aficio MP 4002 | Security Target - Page 4
    Page 3 of 93 3.1 Threats ...35 3.2 Organisational Security Policies 36 3.3 Assumptions...36 4 Security Objectives Functional Requirements 48 6.1.1 Class FAU: Security audit 48 6.1.2 Class FCS: Cryptographic support 52 6.1.3 Class FDP: User data protection 53 6.1.4 Class FIA: Identification and
  • Ricoh Aficio MP 4002 | Security Target - Page 5
    Page 4 of 93 7.3 Document Access Control Function 84 7.4 Use-of-Feature Restriction Function 87 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 88 7.7 Stored Data Protection Function 88 7.8 Security Management Function 89 7.9 Software Verification Function 93 7.10 Fax
  • Ricoh Aficio MP 4002 | Security Target - Page 6
    Page ...25 Table 9 : Definition of TSF Data...25 Table 10 : Specific Terms Related to This ST 26 Table 11 on Document Data and User Jobs (a 54 Table 19 : Additional Rules to Control Operations on Document Data : Authorised Identified Roles Allowed to Override Default Values 63 Table 29 : List of
  • Ricoh Aficio MP 4002 | Security Target - Page 7
    Page 6 of 93 Table 36 : Unlocking Administrators for Each User Role 84 Table 37 : Stored Documents Access Control Rules for Normal Users 85 Table 38 : Encrypted Communications Provided by the TOE 87 Table 39 : List of Cryptographic Operations for Stored Data Protection 88 Table 40 : Management
  • Ricoh Aficio MP 4002 | Security Target - Page 8
    Aficio MP 5002G, Savin MP 4002, Savin MP 4002G, Savin MP 5002, Savin MP 5002G, Lanier MP 4002, Lanier MP 4002G, Lanier MP 5002, Lanier MP 5002G, nashuatec MP 4002, nashuatec MP 5002, Rex-Rotary MP 4002, Rex-Rotary MP 5002, Gestetner MP 4002, Gestetner MP 5002, infotec MP 4002, infotec MP 5002 "Fax
  • Ricoh Aficio MP 4002 | Security Target - Page 9
    : Digital MFP, Documents, Copy, Print, Scanner, Network, Office, Fax Page 8 of 93 1.3 TOE Overview This section defines TOE Type, TOE Usage and Major Security Features of TOE. 1.3.1 TOE Type This TOE is an MFP, which is an IT device that inputs, stores, and outputs documents. 1.3.2 TOE Usage
  • Ricoh Aficio MP 4002 | Security Target - Page 10
    Page 9 of 93 Figure 1 : Example of TOE Environment The TOE is used by , fax, storage, and network transmission of paper documents, - Print, fax, network transmission, and deletion of the stored documents. Also, the TOE receives information via telephone lines and can store it as a document. LAN
  • Ricoh Aficio MP 4002 | Security Target - Page 11
    on the client computer, - Operation of documents using a Web browser installed on the client computer, - Storage and printing of documents using the printer driver installed on the client computer, - Storage and faxing of documents using the fax driver installed on the client computer. Telephone
  • Ricoh Aficio MP 4002 | Security Target - Page 12
    Page 11 of 93 1.3.3 Major Security Features of TOE The TOE stores documents in it, and sends and receives documents to and from the IT devices connected to the LAN. To ensure provision of confidentiality and integrity for those documents, the TOE has the following security features: - Audit Function
  • Ricoh Aficio MP 4002 | Security Target - Page 13
    Page 12 of 93 Figure 2 : Hardware Configuration of the TOE Controller Board The Controller Board is a device that contains Processors, RAM, NVRAM, Ic Key, and FlashROM. The Controller Board sends medium in which TSF data for configuring MFP operations is stored. - Ic Key A security chip that has the
  • Ricoh Aficio MP 4002 | Security Target - Page 14
    operation instructions from the key switches and the print and eject paper documents, and Engine Control Board. The Engine Control Software is installed in the Engine Control Board. The Engine Control Software sends stores documents, login user names and login passwords of normal users. Copyright
  • Ricoh Aficio MP 4002 | Security Target - Page 15
    MFP Guidance Documents for Product - MP 4002/4002SP/5002/5002SP Aficio MP 4002/4002SP/5002/5002SP User Guide D129-7803 - MP 4002/4002SP/5002/5002SP Aficio MP 4002/4002SP/5002/5002SP Read This First D129-7813 - Notes for Security Guide D143-7348 - SOFTWARE LICENSE AGREEMENT - Manuals D645-7900
  • Ricoh Aficio MP 4002 | Security Target - Page 16
    - Notes for Security Guide D143-7350 - SOFTWARE LICENSE AGREEMENT D645-7900 - Manuals MP 4002G/MP 4002SPG/MP 5002G/MP 5002SPG Aficio MP 4002G/MP 4002SPG/MP 5002G/MP 5002SPG - Printer/Scanner Drivers and Utilities RICOH Aficio MP 4002/MP 5002 LANIER MP 4002/MP 5002 SAVIN MP 4002/MP 5002 D129-7886
  • Ricoh Aficio MP 4002 | Security Target - Page 17
    : D129/D130 Copiers D629-8610 [English version-3] Page 16 of 93 Table 4 : Guidance for English Version-3 TOE Components Guidance Documents for Product MFP - MP 4002/4002SP/5002/5002SP Aficio MP 4002/4002SP/5002/5002SP Read This First D129-7812 - Notes for Security Guide D143-7347 - Safety
  • Ricoh Aficio MP 4002 | Security Target - Page 18
    -4 Page 17 of 93 TOE Components MFP FCU Guidance Documents for Product - MP 4002/4002SP/5002/5002SP Aficio MP 4002/4002SP/5002/5002SP User Guide D129-7803 - MP 4002/4002SP/5002/5002SP Aficio MP 4002/4002SP/5002/5002SP Read This First D129-7814 - Notes for Security Guide D143-7348 - Manuals MP
  • Ricoh Aficio MP 4002 | Security Target - Page 19
    operations, which include issuing login names to normal users. An IT device connected to networks. RC Gate performs the @Remote Service Function of the TOE via RC Gate communication interface. Copy Function, Fax Function, Scanner Function, Printer Function, Document Server Function, and Management
  • Ricoh Aficio MP 4002 | Security Target - Page 20
    Page 19 of 93 The responsible manager of MFP is a person who is responsible for selection of the TOE administrators in the organisation where the TOE
  • Ricoh Aficio MP 4002 | Security Target - Page 21
    to scan paper documents and copy scanned image data from the Operation Panel. Magnification and other editorial jobs can be applied to the copy image. It can also be stored on the HDD as a Document Server document. Printer Function The Printer Function of TOE is to print or store the documents the
  • Ricoh Aficio MP 4002 | Security Target - Page 22
    not be stored in the TOE. For Document Server storage, the received documents will be stored on the HDD as Document Server documents. For locked print, stored print, hold print, and sample print, the received documents will be stored on the HDD as printer documents. A dedicated password, which is
  • Ricoh Aficio MP 4002 | Security Target - Page 23
    can store, print and delete Document Server documents. Also, users can print and delete fax documents. From a Web browser, users can print and delete Document Server documents, fax, print, download, and delete fax transmission documents. Also, users can send scanner documents to folders, send them
  • Ricoh Aficio MP 4002 | Security Target - Page 24
    TOE only when confirmed as the authorised Fax Function from the printer or fax driver will be required to enter his or her login user name and login password received from the printer or fax drivers, so that he or she can be verified as a normal user. A person who attempts to use the @Remote Service
  • Ricoh Aficio MP 4002 | Security Target - Page 25
    Scanner Function, Document Server Function and Fax Function by address. If the LAN-Fax Transmission Function of Fax Function is used, the protection function can be enabled using the fax driver documents, temporary documents and their fragments on the HDD. Stored Data Protection Function The Stored
  • Ricoh Aficio MP 4002 | Security Target - Page 26
    to as "TSF confidential data". Login password, audit log, and HDD cryptographic key. 1.4.5.3. Functions The MFP applications (Copy Function, Document Server Function, Printer Function, Scanner Function, and Fax Function) that are for management of the document data of user data are classified
  • Ricoh Aficio MP 4002 | Security Target - Page 27
    component installed in the TOE. This component is stored in FlashROM and SD Card. The components that identify the TOE include System/Copy, Network Support, Scanner, Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, PCL Font, LANG0, LANG1 and Data Erase Onb. A software
  • Ricoh Aficio MP 4002 | Security Target - Page 28
    Copy Function, Scanner Function, Document Server Function, and Fax Data Storage Function. Documents stored in the TOE after being printed with Document Server printing or stored print from the client computer. One of the security attributes of document data. A list of the login user names of the
  • Ricoh Aficio MP 4002 | Security Target - Page 29
    Reception File User Folder transmission Destination folder E-mail transmission E-mail transmission of attachments E-mail transmission of the URL S/MIME user information Definitions One of the stored document types. Documents stored in the TOE when Document Server storage is selected as the printing
  • Ricoh Aficio MP 4002 | Security Target - Page 30
    the action of IPSec of the TOE. Page 29 of 93 One of Fax Functions. A function that transmits fax data and stores the documents using the fax driver on client computer. Sometimes referred to as "PC FAX". General term for remote diagnosis maintenance services for the TOE. Also called @Remote
  • Ricoh Aficio MP 4002 | Security Target - Page 31
    Page 30 of 93 2 Conformance Claim This section describes Conformance Claim. 2.1 CC Conformance Claim The CC from the PP are: 2600.1-PRT conformant 2600.1-SCN conformant 2600.1-CPY conformant 2600.1-FAX conformant 2600.1-DSR conformant Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP 4002 | Security Target - Page 32
    HCDs consist of the scanner device and print device, and have the interface to connect telephone line. The HCDs combine these devices and equip one or more functions of Copy Function, Scanner Function, Printer Function or Fax Function. The Document Server Function is also available when installing
  • Ricoh Aficio MP 4002 | Security Target - Page 33
    problems and security objectives in this ST are consistent with those in the PP. 2.4.3 Consistency Claim with Security Requirements in PP The SFRs for this TOE consist of the Common Security Functional Requirements, 2600.1-PRT, 2600.1-SCN, 2600.1-CPY, 2600.1-FAX authentication server can change
  • Ricoh Aficio MP 4002 | Security Target - Page 34
    Page 33 of 93 Ownership of Received Fax Documents For the ownership of the received fax documents, the TOE has the characteristic that the ownership of the document is assigned to the intended user. This is according to PP APPLICATION NOTE 93. Augmentation of FCS_CKM.1 and FCS_COP.1 This TOE claims
  • Ricoh Aficio MP 4002 | Security Target - Page 35
    Page 34 of 93 The TOE allows the MFP administrator to delete document data and user jobs (document access control SFP, FDP_ACC.1(a) and FDP_ACF.1(a)), and as a result, the TSF restrictively allows the MFP administrator to access the TOE functions. Therefore, the requirements described
  • Ricoh Aficio MP 4002 | Security Target - Page 36
    Page 35 of 93 3 Security Problem Definitions This section describes Threats, document. T.DOC.ALT Document alteration Documents under the TOE management may be altered by persons without a login user name, or by persons with a login user name but without an access permission to the document
  • Ricoh Aficio MP 4002 | Security Target - Page 37
    organisational security policies are taken: Page 36 of 93 P.USER. TOE and its IT environment. P.STORAGE.ENCRYPTION Encryption of storage devices The data stored on the HDD inside the TOE of MFP trains users according to the guidance document and users are aware of the security policies
  • Ricoh Aficio MP 4002 | Security Target - Page 38
    Page 37 of 93 A.ADMIN.TRAINING Administrator training Administrators are aware of the security policies and procedures of their organisation, are competent to correctly configure and operate the TOE in accordance with the guidance document following those policies and procedures. A.ADMIN.TRUST
  • Ricoh Aficio MP 4002 | Security Target - Page 39
    Page 38 of 93 4 Security Objectives This section describes login user name but without an access permission to the document. O.DOC.NO_ALT Protection of document alteration The TOE shall protect documents from unauthorised alteration by persons without a login user name, or by persons with a login
  • Ricoh Aficio MP 4002 | Security Target - Page 40
    Page 39 of 93 O.USER.AUTHORIZED User identification and authentication The TOE and prevent its unauthorised disclosure or alteration. O.STORAGE.ENCRYPTED Encryption of storage devices The TOE shall ensure that the data is encrypted first and then stored on the HDD. O.RCGATE.COMM.PROTECT
  • Ricoh Aficio MP 4002 | Security Target - Page 41
    Page 40 of 93 OE.INTERFACE.MANAGED Management of external interfaces in IT competence, and time to follow the guidance document; and correctly configure and operate the TOE according to those policies and procedures. OE.ADMIN.TRUSTED Trusted administrator The responsible manager of MFP
  • Ricoh Aficio MP 4002 | Security Target - Page 42
    Page 41 of 93 4.3 Security Objectives Rationale This section describes the rationale for OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT OE.ADMIN.TRAINED OE.ADMIN.TRUSTED OE.USER.TRAINED T.DOC.DIS X XX T.DOC.ALT X
  • Ricoh Aficio MP 4002 | Security Target - Page 43
    Page 42 of 93 4.3.2 Security Objectives Descriptions The following describes DOC.NO_ALT, the TOE protects the documents from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the document. T.DOC.ALT is countered by
  • Ricoh Aficio MP 4002 | Security Target - Page 44
    Page 43 of 93 data from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the TSF protected data. T.PROT.ALT is countered by these objectives. T.CONF.DIS T.CONF.DIS is countered
  • Ricoh Aficio MP 4002 | Security Target - Page 45
    Page on the HDD shall be those encrypted data. P.STORAGE.ENCRYPTION is enforced by this objective. P.RCGATE.COMM. documents and is protected from the physical access by the unauthorised persons. A.ACCESS.MANAGED is upheld by this objective. A.ADMIN.TRAINING A.ADMIN.TRAINING is upheld by OE.ADMIN
  • Ricoh Aficio MP 4002 | Security Target - Page 46
    privileges in accordance with the guidance documents. A.ADMIN.TRUST is upheld by this objective. A.USER.TRAINING A.USER.TRAINING is upheld by OE.USER.TRAINED. By OE.USER.TRAINED, the responsible manager of MFP instructs the users in accordance with the guidance documents to make them aware of the
  • Ricoh Aficio MP 4002 | Security Target - Page 47
    5 Extended Components Definition This section describes Extended Components Definition. Page 46 of 93 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP) Family behaviour This family defines requirements for the TSF to restrict direct forwarding of
  • Ricoh Aficio MP 4002 | Security Target - Page 48
    Page 47 of 93 are firewall systems but also other systems that require a unwieldy for refinement in a Security Target. Therefore, the authors decided to define an extended component to address this functionality. This extended component protects both user data and TSF data, and it could therefore be
  • Ricoh Aficio MP 4002 | Security Target - Page 49
    Page 48 of 93 6 Security Requirements This section describes Security Functional Requirements, types of job for FDP_ACF.1(a), all login user names that attempted the user identification for FIA_UID.1, communication direction of Web Function, communication IP address of the communication used for Web
  • Ricoh Aficio MP 4002 | Security Target - Page 50
    Table 12 : List of Auditable Events Page 49 of 93 Functional Requirements FDP_ACF.1(a) FDP_ACF.1(b) of sending document data to folder. - Start and end operation of deleting document data. Those described above, "storing, printing, downloading, faxing, sending attachments by e-mail, sending to
  • Ricoh Aficio MP 4002 | Security Target - Page 51
    Page 50 of 93 FIA_UAU.1(a) FIA_UAU.1(b) FIA_UAU.2 FIA_UID.1(a) FIA_UID.1(b) FIA_UID.2 FMT_SMF : changes to the time; b) Detailed: providing a timestamp. b) Basic: Success and failure of login operation b) Basic: Success and failure of login operation b) Basic: Success and failure of login operation
  • Ricoh Aficio MP 4002 | Security Target - Page 52
    Page 51 of 93 FTA_SSL.3 FTP_ITC.1 a) Minimal: Termination of an interactive session by of possible audit data loss Dependencies: FAU_STG.1 Protected audit trail storage FAU_STG.4.1 The TSF shall [selection: overwrite the oldest stored audit records] and [assignment: no other actions to be taken
  • Ricoh Aficio MP 4002 | Security Target - Page 53
    Page 52 of 93 FAU_SAR.2 Restricted audit review Hierarchical to: No other components. Dependencies those users that have been granted explicit read-access. 6.1.2 Class FCS: Cryptographic support FCS_CKM.1 Cryptographic key generation Hierarchical to: No other components. Dependencies: [FCS_CKM.2
  • Ricoh Aficio MP 4002 | Security Target - Page 54
    from HDD Page 53 of 93 6.1.3 Class FDP: User data protection FDP_ACC.1(a) Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control FDP_ACC.1.1(a) The TSF shall enforce the [assignment: document access control SFP] on [assignment:
  • Ricoh Aficio MP 4002 | Security Target - Page 55
    Page 54 of 93 FDP_ACF.1.1(a) The TSF shall enforce the [assignment: document access control SFP] to objects based on the following User role - User role - User role - User role - Document data attribute - Document user list - Login user name of normal user FDP_ACF.1.2(a) The TSF shall enforce the
  • Ricoh Aficio MP 4002 | Security Target - Page 56
    user process Normal user process Normal user process Normal user process Page 55 of 93 Not allowed. However, it is allowed for normal user process with login user name of normal user registered on document user list for document data. Not allowed. However, it is allowed for normal user process
  • Ricoh Aficio MP 4002 | Security Target - Page 57
    document data attribute Delete MFP administrator process Allows. Page 56 of 93 FDP_ACF.1.4(a) The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [assignment: deny the operations on the document Attributes - Login user name of the Fax Reception
  • Ricoh Aficio MP 4002 | Security Target - Page 58
    Page 57 of 93 resource from] the following objects: [assignment: user documents]. 6.1.4 Class FIA: Identification and authentication FIA_AFL.1 Authentication Web browser User authentication when printing from the client computer User authentication when using LAN Fax from client computer When the
  • Ricoh Aficio MP 4002 | Security Target - Page 59
    Page 58 Security Attributes - Login user name of normal user - User role - Available function list - User role - Login user name of MFP : [0-9] (ten digits) Symbols: SP (spaces 33 symbols) (2) Registrable password length: For normal users: No fewer than the minimum character number specified
  • Ricoh Aficio MP 4002 | Security Target - Page 60
    Page 59 of 93 FIA_UAU.1(a) Web browser, system status, counter and information of inquiries, execution of fax reception, and repair request notification] on behalf of the user to be authentication of normal user with external authentication server). FIA_UAU.1.2(b) The TSF shall require each user
  • Ricoh Aficio MP 4002 | Security Target - Page 61
    Page system status, counter and information of inquiries, execution of fax reception, and repair request notification] on behalf of the user with external authentication server). FIA_UID.1.2(b) The TSF of that user: [assignment: login user name of normal user, login user name of MFP administrator,
  • Ricoh Aficio MP 4002 | Security Target - Page 62
    Page 61 of 93 FIA_USB.1.3 The TSF shall enforce the following rules governing changes to the user security Login user name of normal user for External Authentication Login user name of supervisor Login user name of MFP administrator Document data attribute Document user list [when document
  • Ricoh Aficio MP 4002 | Security Target - Page 63
    Page 62 of 93 Document user list [when document data attribute is (+DSR)] Document user list [when document data attribute is (+FAXIN)] Query, modify Query, modify MFP administrator, applicable normal user who stored the document user who owns the applicable login user name MFP administrator MFP
  • Ricoh Aficio MP 4002 | Security Target - Page 64
    Page 63 of 93 Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles FMT_MSA.3.1(a) The TSF shall enforce the [assignment: document access control SFP] to provide [selection: restrictive] default stored the applicable document data No authorised identified roles Login
  • Ricoh Aficio MP 4002 | Security Target - Page 65
    Table 29 : List of TSF Data Page 64 of 93 TSF Data Login password of normal user for Basic Authentication Operations Newly create, modify Modify Login password of supervisor Login password of MFP administrator Modify Modify Newly create Modify Number of Attempts before Lockout for Basic
  • Ricoh Aficio MP 4002 | Security Target - Page 66
    Basic Authentication is used Modification of login password of supervisor by supervisor Modification of login password of MFP administrator by supervisor New creation of login password of MFP administrator by MFP administrator Modification of own login password by MFP administrator Query of minimum
  • Ricoh Aficio MP 4002 | Security Target - Page 67
    Page 66 of 93 Query of own available function list by normal user when the Basic Query of destination information for folder transmission by normal user Query and modification of Stored Reception File User by MFP administrator Query of user authentication method by MFP administrator Query and
  • Ricoh Aficio MP 4002 | Security Target - Page 68
    an interactive session after a [assignment: elapsed time of auto logout, completion of document data reception from the printer driver, completion of document data reception from the fax driver, and termination of communication with RC Gate]. 6.1.8 Class FTP: Trusted path/channels FTP_ITC
  • Ricoh Aficio MP 4002 | Security Target - Page 69
    added to the set of components defined in evaluation assurance level 3 (EAL3). Table 31 : TOE Security Assurance Requirements (EAL3+ALC_FLR.2) Assurance Classes ADV: Development AGD: Guidance documents ALC: Life-cycle support Derived security requirements Security problem definition TOE summary
  • Ricoh Aficio MP 4002 | Security Target - Page 70
    Page 69 of 93 6.3.1 Tracing Table 32 shows the relationship between the TOE security O.CONF.NO_DIS O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FAU_SAR.1 FAU_SAR.2 FCS_CKM.1
  • Ricoh Aficio MP 4002 | Security Target - Page 71
    disclosure O.DOC.NO_DIS is the security objective to prevent the documents from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to the document. To fulfil this security objective, it is required to implement the
  • Ricoh Aficio MP 4002 | Security Target - Page 72
    Page 71 of 93 (2) Prevent reading the deleted documents, temporary documents and their fragments. Deleted documents, temporary documents and their fragments are prevented from being read by FDP_RIP.1. (3) Use trusted channels for sending or receiving document data. The document data sent and
  • Ricoh Aficio MP 4002 | Security Target - Page 73
    Page 72 of 93 O.FUNC.NO_ALT Protection of user job alteration O.FUNC.NO_ALT is the security objective to prevent the user jobs from unauthorised alteration by persons without a login user name, or by persons with a login trusted channels for sending or receiving user password Stored Reception File
  • Ricoh Aficio MP 4002 | Security Target - Page 74
    Page 73 of normal user to operate the login password of normal user. A supervisor is allowed to operate the login password of supervisor. The supervisor the users who have the privileges. (4) Use trusted channels for sending or receiving TSF confidential data. The TSF confidential data sent and
  • Ricoh Aficio MP 4002 | Security Target - Page 75
    difficult to guess the password. For the External Authentication document data reception from the printer driver or fax driver. The TOE terminates the session with RC Gate after completing the communication with RC Gate. (5) Management of the security attributes. According to FMT_MSA.1(b), the login
  • Ricoh Aficio MP 4002 | Security Target - Page 76
    Page 75 of 93 The function for 2600.1-SMI (F.SMI), selected SFR Package from the PP, is used in conjunction with the function whose access control
  • Ricoh Aficio MP 4002 | Security Target - Page 77
    Page 76 of 93 (2) Protect the audit log. FAU_STG.1 protects the audit logs from the alteration, and FAU_STG.4 deletes the audit logs that have the oldest time stamp, and records the new audit logs if auditable events occur and the audit log files encrypts the data to be stored in the HDD, and
  • Ricoh Aficio MP 4002 | Security Target - Page 78
    Page 77 of 93 6.3.3 Dependency Analysis Table 33 shows the result of dependency analysis in this ST for the TOE security functional requirements. Table 33 : Results
  • Ricoh Aficio MP 4002 | Security Target - Page 79
    .1(b) FMT_SMR.1 FMT_SMR.1 FMT_SMF.1 None FIA_UID.1 None None None None None None None None None None None None None None None None None Page 78 of 93 The following explains the rationale for acceptability in all cases where a dependency is not satisfied: Rationale for Removing Dependencies on
  • Ricoh Aficio MP 4002 | Security Target - Page 80
    Page 79 of 93 In order to securely operate the TOE continuously, it is important to appropriately remediate the flaw discovered after the start of TOE operation according to flow reporting procedure (ALC_FLR.2). Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+
  • Ricoh Aficio MP 4002 | Security Target - Page 81
    Page audit logs in a text format when the MFP administrator instructs the TOE to read the audit logs. FAU_STG.4 The log when there is insufficient space in the audit log files to append the newest audit log. Table 34 : login operations (except login operations from RC Gate) Success and failure of login
  • Ricoh Aficio MP 4002 | Security Target - Page 82
    attachments Printing via networks LAN Fax via networks Storing document data Reading document data (print, download, fax types Subject identity Outcome (*2) Communication directions Communicating IP address Communicating e-mail address Lockout operation type Setting Values of Audit Log Items
  • Ricoh Aficio MP 4002 | Security Target - Page 83
    only persons who are confirmed as authorised users are login user name and login password is complete. When the TOE is used from the printer driver or fax driver, the TOE receives the login user name and login password entered from each driver by a user. When the entered login user name is the login
  • Ricoh Aficio MP 4002 | Security Target - Page 84
    Page 83 of 93 When the entered login user name is not the login user name of the MFP administrator or supervisor, the entered login user name and login password are sent to an external authentication server for confirmation. When the sent login user name and login password are identified and
  • Ricoh Aficio MP 4002 | Security Target - Page 85
    for Each User Role Page 84 of 93 User Roles (Locked out Users) Normal user Supervisor MFP administrator Unlocking Administrators MFP administrator MFP administrator Supervisor FIA_SOS.1 Login passwords for users can be registered only if these passwords meet the following conditions
  • Ricoh Aficio MP 4002 | Security Target - Page 86
    displays a list of the stored documents whose operations are authorised and the menu for the authorised operations (printing, downloading to the client computers, sending by fax, sending by e-mail as attachments, sending to folders, deleting, and deleting all files). When the MFP administrator logs
  • Ricoh Aficio MP 4002 | Security Target - Page 87
    Fax Function Page 86 of 93 Fax transmission documents Fax reception documents Document Server documents Scanner documents Fax transmission documents Printer documents Fax reception documents Fax transmission E-mail transmission of attachments Folder transmission Print Delete Print Delete Print
  • Ricoh Aficio MP 4002 | Security Target - Page 88
    data will not be deleted and remain stored in the TOE. 7.4 Use-of-Feature Restriction Function The Use-of-Feature Restriction Function is to authorise TOE users to use Copy Function, Printer Function, Scanner Function, Document Server Function and Fax Function in accordance with the roles of the
  • Ricoh Aficio MP 4002 | Security Target - Page 89
    Page 88 of 93 7.6 Residual Data Overwrite Function The Residual Data Overwrite Function is to overwrite specific patterns on the HDD and disable the reusing of the residual data included in the deleted documents, temporary documents image data of the document data is stored. Also, when a login user
  • Ricoh Aficio MP 4002 | Security Target - Page 90
    Page 89 of 93 If the MFP administrator gives instructions default Login user name of supervisor Login user name of MFP administrator Document data attributes Document user list Stored document types are Document Server document, scanner document, fax document and printer document (with stored print
  • Ricoh Aficio MP 4002 | Security Target - Page 91
    Page 90 of 93 Document user list Stored document type is fax received document(*2) Default values of the document user list Operation Panel, Web browser Operation Panel, Web browser Available function list Operation Panel, Web browser Function types User roles Login passwords of normal users
  • Ricoh Aficio MP 4002 | Security Target - Page 92
    authentication server is not changed even though the MFP administrator newly creates, modifies, and deletes the login user name of the normal user that is registered on the TOE. (*2): If the MFP administrator modifies Stored Reception File User, and if the stored document type of the document user
  • Ricoh Aficio MP 4002 | Security Target - Page 93
    Function, Document Server Function and Fax Data Storage Function. Documents printed using Document Server printing or stored print from the client computer. Default values of a document user list assigned to each user. Login user name of a normal user who stored the document data. Login user name
  • Ricoh Aficio MP 4002 | Security Target - Page 94
    Document Server Function and Fax Function) Function type Page 93 of 93 The values specified for each function type is as follows: For Copy Function, values to identify Copy Function. For Document Server Function, values to identify Document Server of the audit log data files. The TOE outputs the
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
Aficio MP 4002/5002 series
Security Target
Author : RICOH COMPANY, LTD.
Date
: 2012-04-11
Version : 1.00
Portions of Aficio MP 4002/5002 series Security Target are reprinted with
written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey
08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices,
Operational Environment A, Copyright © 2009 IEEE. All rights reserved.
This document is a translation of the evaluated and certified security target
written in Japanese.