Ricoh Aficio MP 6001 SP Security Target - Page 30

Copyright c 2011 RICOH COMPANY, LTD. All rights reserved.

Get Ricoh Aficio MP 6001 SP PDF manuals and user guides View all Ricoh Aficio MP 6001 SP manuals
Add to My Manuals
Save this manual to your list of manuals

Page 30 highlights

Page 29 of 87 This TOE claims the data protection against the non-volatile memory medium that is not allowed to be attached nor removed by administrator, and FCS_CKM.1 and FCS_COP.1 are added. While FDP_ACC.1(a) and FDP_ACF.1(a) in the PP require access control to D.DOC, this ST specifies that only user documents, which are included in the D.DOC equivalent document, shall be subject to access control, and it is not required that access control to the deleted documents, temporary documents and their fragments be implemented. Because the TOE does not provide any function to access those documents and fragments, and because the TOE's Residual Data Overwrite Function makes them unavailable before they are read by users, it is not necessary to provide access control to those documents and fragments. Therefore, FDP_ACC.1(a) and FDP_ACF.1(a) in this ST satisfy the requirements demanded in the PP. While FDP_ACF.1.1(a) and FDP_ACF.1.2(a) in the PP require the access control SFP to the document data that is defined for each SFR package in the PP, this ST instantiates the abstract security attributes in the PP and describes the security attributes that are actually used for this TOE as access control to the user documents and user jobs. This is not deviated from the PP. FDP_ACF.1.2(a) in ST, operations to user documents vary depending on the type of documents and each TOE function (application type). For this TOE, however, the access control process to user with permission is always the same even when operated from the Operation Panel, printer driver, Web browser or fax driver. This is not deviated from the PP but instantiated. For FDP_ACF.1.4(a), a rule that rejects the operations of user documents and user jobs by supervisor is added. Supervisor is not identified in the PP and is the special user for this TOE. The PP only allows the specified users to operate the user documents and user jobs, and this is not deviated from the PP. While FDP_ACF.1.3(b) in the PP allows the user with administrator permission to operate the TOE function, this ST only allows the Fax Reception Function which is the one of this TOE functions. The TOE allows the MFP administrator to delete the user documents and user jobs (common access control SFP, FDP_ACC.1(a) and FDP_ACF.1(a)), and as a result, the TSF restrictively allows the MFP administrator to access to the TOE functions. Therefore, the requirement for FDP_ACF.1.3(b) in the PP is satisfied at the same time. The fax reception process, which is accessed when receiving from telephone line, is regarded as the user with administrator permission. Therefore, FDP_ACF.1.3(b) in this ST satisfies FDP_ACF.1.3(b) in the PP. The TOE is 2600.1-PRT, 2600.1-SCN, 2600.1-CPY, 2600.1-FAX, 2600.1-DSR, and 2600.1-SMI conformant. 2600.1-NVS is not selected because this TOE does not have any non-volatile memory medium that can be detachable. This TOE, in accordance with the PP, extends the functional requirement Part 2 due to the addition of the restricted forwarding of data to external interfaces (FPT_FDI_EXP). For conforming to the PP, some sections in this document are literally translated to make it easier for readers to understand when translating English into Japanese. However, this translation is not beyond the requirements of the PP conformance. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
Page 29 of
87
This TOE claims the data protection against the non-volatile memory medium that is not allowed to be
attached nor removed by administrator, and FCS_CKM.1 and FCS_COP.1 are added.
While FDP_ACC.1(a) and FDP_ACF.1(a) in the PP require access control to D.DOC, this ST specifies that
only user documents, which are included in the D.DOC equivalent document, shall be subject to access
control, and it is not required that access control to the deleted documents, temporary documents and their
fragments be implemented. Because the TOE does not provide any function to access those documents and
fragments, and because the TOE's Residual Data Overwrite Function makes them unavailable before they are
read by users, it is not necessary to provide access control to those documents and fragments. Therefore,
FDP_ACC.1(a) and FDP_ACF.1(a) in this ST satisfy the requirements demanded in the PP.
While FDP_ACF.1.1(a) and FDP_ACF.1.2(a) in the PP require the access control SFP to the document data
that is defined for each SFR package in the PP, this ST instantiates the abstract security attributes in the PP
and describes the security attributes that are actually used for this TOE as access control to the user
documents and user jobs. This is not deviated from the PP.
FDP_ACF.1.2(a) in ST, operations to user documents vary depending on the type of documents and each
TOE function (application type). For this TOE, however, the access control process to user with permission
is always the same even when operated from the Operation Panel, printer driver, Web browser or fax driver.
This is not deviated from the PP but instantiated.
For FDP_ACF.1.4(a), a rule that rejects the operations of user documents and user jobs by supervisor is
added. Supervisor is not identified in the PP and is the special user for this TOE.
The PP only allows the specified users to operate the user documents and user jobs, and this is not deviated
from the PP.
While FDP_ACF.1.3(b) in the PP allows the user with administrator permission to operate the TOE function,
this ST only allows the Fax Reception Function which is the one of this TOE functions. The TOE allows the
MFP administrator to delete the user documents and user jobs (common access control SFP, FDP_ACC.1(a)
and FDP_ACF.1(a)), and as a result, the TSF restrictively allows the MFP administrator to access to the TOE
functions. Therefore, the requirement for FDP_ACF.1.3(b) in the PP is satisfied at the same time. The fax
reception process, which is accessed when receiving from telephone line, is regarded as the user with
administrator permission. Therefore, FDP_ACF.1.3(b) in this ST satisfies FDP_ACF.1.3(b) in the PP.
The TOE is 2600.1-PRT, 2600.1-SCN, 2600.1-CPY, 2600.1-FAX, 2600.1-DSR, and 2600.1-SMI
conformant.
2600.1-NVS is not selected because this TOE does not have any non-volatile memory medium that can be
detachable.
This TOE, in accordance with the PP, extends the functional requirement Part 2 due to the addition of the
restricted forwarding of data to external interfaces (FPT_FDI_EXP).
For conforming to the PP, some sections in this document are literally translated to make it easier for readers
to understand when translating English into Japanese. However, this translation is not beyond the
requirements of the PP conformance.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.