Ricoh Aficio MP 6001 SP Security Target - Page 5

of

87

List of Figures

Figure 1 : Example of TOE Environment

.......................................................................................................

9

Figure 2 : Hardware Configuration of the TOE

............................................................................................

11

Figure 3 : Logical Scope of the TOE

............................................................................................................

19

List of Tables

Table 1 : Identification Information of TOE

...................................................................................................

6

Table 2 : Guidance for English Version-1

.....................................................................................................

13


.....................................................................................................

14


.....................................................................................................

15


.....................................................................................................

16

Table 6 : Definition of Users

.........................................................................................................................

18

Table 7 : List of Administrative Roles

..........................................................................................................

18

Table 8: Definition of User Data

...................................................................................................................

23

Table 9: Definition of TSF Data

....................................................................................................................

24

Table 10: Specific Terms Related to This ST

................................................................................................

24

Table 11: Rationale for Security Objectives

..................................................................................................

37

Table 12 : List of Auditable Events

...............................................................................................................

44

Table 13 : List of Cryptographic Key Generation

.........................................................................................

47

Table 14: List of Cryptographic Operation

...................................................................................................

48

Table 15: List of Subjects, Objects, and Operations among Subjects and Objects (a)

..................................

48

Table 16: List of Subjects, Objects, and Operations among Subjects and Objects (b)

..................................

48

Table 17: Subjects, Objects and Security Attributes (a)

................................................................................

49

Table 18: Rules on User Documents

.............................................................................................................

50

Table 19: Rules on User Jobs (a)

...................................................................................................................

51

Table 20: Rules That Explicitly Authorise Access (a)

...................................................................................

51

Table 21: Subjects, Objects and Security Attributes (b)

................................................................................

51

Table 22: Rules Governing the Operation for MFP Application (b)

.............................................................

52

Table 23: List of Authentication Events and Unsuccessful Authentication Attempts

...................................

52

Table 24: List of Actions for Authentication Failure

.....................................................................................

53

Table 25: List of Security Attributes for Each User That Shall Be Maintained

............................................

53

Table 26: Rules for Initial Association of Attributes

.....................................................................................

55

Table 27: User Roles for Security Attributes (a)

...........................................................................................

55

Table 28: User Roles for Security Attributes (b)

...........................................................................................

56

Table 29: Properties of Static Attribute Initialisation (a)

...............................................................................

57

Table 30: Authorised Identified Roles Allowed to Override Default Values

.................................................

58

Table 31: List of TSF Data

............................................................................................................................

59

Table 32: List of Specification of Management Functions

............................................................................

60

Table 33: TOE Security Assurance Requirements (EAL3+ALC_FLR.2)

.....................................................

62

Table 34: Relationship between Security Objectives and Functional Requirements

....................................

63

Table 35: Result of Dependency Analysis of TOE Security Functional Requirements

.................................

70

Table 36: Auditable Events and Audit Data

..................................................................................................

73

Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

Section	Page
1 ST Introduction	7
1.1 ST Reference	7
1.2 TOE Reference	7
1.3 TOE Overview	9
1.3.1 TOE Type	9
1.3.2 TOE Usage	9
1.3.3 Major Security Features of TOE	11
1.4 TOE Description	11
1.4.1 Physical Boundary of TOE	11
1.4.2 Guidance Documents	14
1.4.3 Definition of Users	17
1.4.3.1. Direct User	19
1.4.3.2. Indirect User	19
1.4.4 Logical Boundary of TOE	20
1.4.4.1. Basic Functions	20
1.4.4.2. Security Functions	23
1.4.5 Protected Assets	24
1.4.5.1. User Data	24
1.4.5.2. TSF Data	25
1.4.5.3. Functions	25
1.5 Glossary	25
1.5.1 Glossary for This ST	25
2 Conformance Claim	28
2.1 CC Conformance Claim	28
2.2 PP Claims	28
2.3 Package Claims	28
2.4 Conformance Claim Rationale	29
2.4.1 Consistency Claim with TOE Type in PP	29
2.4.2 Consistency Claim with Security Problems and Security Objectives in PP	29
2.4.3 Consistency Claim with Security Requirements in PP	29
3 Security Problem Definitions	32
3.1 Threats	32
3.2 Organisational Security Policies	33
3.3 Assumptions	33
4 Security Objectives	35
4.1 Security Objectives for TOE	35
4.2 Security Objectives of Operational Environment	36
4.2.1 IT Environment	36
4.2.2 Non-IT Environment	37
	37
4.3 Security Objectives Rationale	38
4.3.1 Correspondence Table of Security Objectives	38
4.3.2 Security Objectives Descriptions	39
5 Extended Components Definition	43
5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP)	43
6 Security Requirements	45
6.1 Security Functional Requirements	45
6.1.1 Class FAU: Security audit	45
6.1.2 Class FCS: Cryptographic support	48
6.1.3 Class FDP: User data protection	49
6.1.4 Class FIA: Identification and authentication	53
6.1.5 Class FMT: Security management	56
6.1.6 Class FPT: Protection of the TSF	62
6.1.7 Class FTA: TOE access	62
6.1.8 Class FTP: Trusted path/channels	63
6.2 Security Assurance Requirements	63
6.3 Security Requirements Rationale	64
6.3.1 Tracing	64
6.3.2 Justification of Traceability	65
6.3.3 Dependency Analysis	71
6.3.4 Security Assurance Requirements Rationale	73

Ricoh Aficio MP 6001 SP Security Target - Page 5

List of s, List of Tables

Page 5 highlights