Ricoh Aficio MP 6001 SP Security Target - Page 79

of

87

(1)

Usable characters and its types:

Upper-case letters: [A-Z] (26 letters)

Lower-case letters: [a-z] (26 letters)

Numbers: [0-9] (10 digits)

Symbols: SP (space) ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ (33 symbols)

(2)

Registrable password length:

- Normal users

No fewer than the Minimum Password Length specified by MFP administrator (8-32 characters) and no

more than 128 characters.

- MFP administrators and a supervisor

No fewer than the Minimum Password Length specified by MFP administrator (8-32 characters) and no

more than 32 characters.

(3)

Rule:

Passwords that are composed of a combination of characters based on the Password Complexity Setting

specified by MFP administrator can be registered. The MFP administrator specifies either Level 1 or

Level 2 for Password Complexity Setting.

FIA_UAU.1 (Timing of authentication)

The TOE displays a window on the Operation Panel when no users log in from the Operation Panel. This

window requires the users to enter their login user name and password. The TOE displays a window in a

Web browser when the Web Function of the TOE is accessed from a client computer. This window also

requires the users to enter their login user name and password. In both windows, the TOE authenticates users

with the login user name and password entered by them.

When receiving a request from a client computer for printing or storing user documents using Printer

Function, the TOE authenticates users with the login user name and password sent from a client computer

before printing and storing the user documents. When receiving a request from a client computer for sending

and storing user documents using LAN Fax, the TOE authenticates users with the login user name and

password sent from a client computer before sending and storing the user documents.

When receiving faxes from telephone line, the TOE does not have the function to authenticate users prior to

the function that stores the received data as received fax document. The TOE does not receive any

authentication information from telephone line, but executes the fax reception function using the received

data.

The TOE allows any users to refer Web Image Monitor Help regardless of the user authentication status

when users access to a Web browser from client computer.

The TOE allows the following operations regardless of the user authentication status: reference of the list of

user jobs, Web Image Monitor Help from a Web browser, system status, counter, and information of

inquiries, and execution of fax reception.

Table 39 shows the identified user by Identification and Authentication Function, and authentication

procedures.

Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

Section	Page
1 ST Introduction	7
1.1 ST Reference	7
1.2 TOE Reference	7
1.3 TOE Overview	9
1.3.1 TOE Type	9
1.3.2 TOE Usage	9
1.3.3 Major Security Features of TOE	11
1.4 TOE Description	11
1.4.1 Physical Boundary of TOE	11
1.4.2 Guidance Documents	14
1.4.3 Definition of Users	17
1.4.3.1. Direct User	19
1.4.3.2. Indirect User	19
1.4.4 Logical Boundary of TOE	20
1.4.4.1. Basic Functions	20
1.4.4.2. Security Functions	23
1.4.5 Protected Assets	24
1.4.5.1. User Data	24
1.4.5.2. TSF Data	25
1.4.5.3. Functions	25
1.5 Glossary	25
1.5.1 Glossary for This ST	25
2 Conformance Claim	28
2.1 CC Conformance Claim	28
2.2 PP Claims	28
2.3 Package Claims	28
2.4 Conformance Claim Rationale	29
2.4.1 Consistency Claim with TOE Type in PP	29
2.4.2 Consistency Claim with Security Problems and Security Objectives in PP	29
2.4.3 Consistency Claim with Security Requirements in PP	29
3 Security Problem Definitions	32
3.1 Threats	32
3.2 Organisational Security Policies	33
3.3 Assumptions	33
4 Security Objectives	35
4.1 Security Objectives for TOE	35
4.2 Security Objectives of Operational Environment	36
4.2.1 IT Environment	36
4.2.2 Non-IT Environment	37
	37
4.3 Security Objectives Rationale	38
4.3.1 Correspondence Table of Security Objectives	38
4.3.2 Security Objectives Descriptions	39
5 Extended Components Definition	43
5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP)	43
6 Security Requirements	45
6.1 Security Functional Requirements	45
6.1.1 Class FAU: Security audit	45
6.1.2 Class FCS: Cryptographic support	48
6.1.3 Class FDP: User data protection	49
6.1.4 Class FIA: Identification and authentication	53
6.1.5 Class FMT: Security management	56
6.1.6 Class FPT: Protection of the TSF	62
6.1.7 Class FTA: TOE access	62
6.1.8 Class FTP: Trusted path/channels	63
6.2 Security Assurance Requirements	63
6.3 Security Requirements Rationale	64
6.3.1 Tracing	64
6.3.2 Justification of Traceability	65
6.3.3 Dependency Analysis	71
6.3.4 Security Assurance Requirements Rationale	73

Ricoh Aficio MP 6001 SP Security Target - Page 79

FIA_UAU.1 Timing of authentication

Page 79 highlights