Ricoh Aficio MP 6001 SP Security Target - Page 78

Table 38: Unlocking Administrators for Each User Role

Get Ricoh Aficio MP 6001 SP PDF manuals and user guides View all Ricoh Aficio MP 6001 SP manuals
Add to My Manuals
Save this manual to your list of manuals

Page 78 highlights

Page 77 of 87 FIA_AFL.1 (Authentication failure handling) The TOE counts the number of failed identification and authentication attempts made under each login user name. When a user authenticates successfully, the TOE resets the number of available authentication attempts for that user to 0. When the number of failed consecutive attempts reaches the MFP administrator-specified Number of Attempts before Lockout, the TOE locks out that user. The MFP administrator specifies 1 to 5 as the Number of Attempts before Lockout. The TOE releases the lockout for the user who satisfies any of the following: (1) Lockout release by a time-based operation If a user fails to authenticate after making the number of attempts specified to initiate lockout, and the lockout time has elapsed, then lockout will be released. The MFP administrator specifies the lockout time (60 minutes by default). The elapsed time from the initiation of lockout is timed for each locked out user. (2) Lockout release by unlocking administrator The unlocking administrator specified for each user role releases the lockout. Table 38 shows the unlocking administrators for each user role. Table 38: Unlocking Administrators for Each User Role User Roles (Locked out Users) Normal user Supervisor MFP administrator Unlocking Administrators MFP administrator MFP administrator Supervisor (3) Lockout release by turning on/off the TOE If the administrators (MFP administrator and supervisor) are locked out, restarting the TOE releases the lockout for them. FIA_ATD.1 (User attribute definition) The TOE associates the normal user with a login user name of normal user and available function list, supervisor with a login user name of supervisor, and MFP administrator with a login user name of MFP administrator, as security attributes, and it maintains these associations. FIA_SOS.1 (Verification of secrets) The TOE provides a function for registering and changing the login passwords of normal users, MFP administrators, and supervisor. This function uses the characters described below in (1). It checks if the registering or changing password meets the conditions (2) and (3). If it does, the TOE registers the login password. If it does not, it does not register the login password and displays an error message. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
Page 77 of
87
FIA_AFL.1 (Authentication failure handling)
The TOE counts the number of failed identification and authentication attempts made under each login user
name. When a user authenticates successfully, the TOE resets the number of available authentication
attempts for that user to 0.
When the number of failed consecutive attempts reaches the MFP administrator-specified Number of
Attempts before Lockout, the TOE locks out that user.
The MFP administrator specifies 1 to 5 as the Number of Attempts before Lockout.
The TOE releases the lockout for the user who satisfies any of the following:
(1)
Lockout release by a time-based operation
If a user fails to authenticate after making the number of attempts specified to initiate lockout, and the
lockout time has elapsed, then lockout will be released. The MFP administrator specifies the lockout
time (60 minutes by default). The elapsed time from the initiation of lockout is timed for each locked out
user.
(2)
Lockout release by unlocking administrator
The unlocking administrator specified for each user role releases the lockout. Table 38 shows the
unlocking administrators for each user role.
Table 38: Unlocking Administrators for Each User Role
User Roles (Locked out Users)
Unlocking Administrators
Normal user
MFP administrator
Supervisor
MFP administrator
MFP administrator
Supervisor
(3)
Lockout release by turning on/off the TOE
If the administrators (MFP administrator and supervisor) are locked out, restarting the TOE releases the
lockout for them.
FIA_ATD.1 (User attribute definition)
The TOE associates the normal user with a login user name of normal user and available function list,
supervisor with a login user name of supervisor, and MFP administrator with a login user name of MFP
administrator, as security attributes, and it maintains these associations.
FIA_SOS.1 (Verification of secrets)
The TOE provides a function for registering and changing the login passwords of normal users, MFP
administrators, and supervisor. This function uses the characters described below in (1).
It checks if the registering or changing password meets the conditions (2) and (3). If it does, the TOE
registers the login password. If it does not, it does not register the login password and displays an error
message.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.