Ricoh Aficio MP C3002 Security Target

Ricoh Aficio MP C3002 Manual

Get Ricoh Aficio MP C3002 PDF manuals and user guides View all Ricoh Aficio MP C3002 manuals
Add to My Manuals
Save this manual to your list of manuals

Ricoh Aficio MP C3002 manual content summary:

  • Ricoh Aficio MP C3002 | Security Target - Page 1
    of Aficio MP C3002/C3502 series Security Target are reprinted with written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey 08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices, Operational Environment A, Copyright © 2009 IEEE. All rights reserved. This document
  • Ricoh Aficio MP C3002 | Security Target - Page 2
    Page 1 of 93 Version 1.00 Date 2012-05-28 Revision History Author RICOH COMPANY, LTD. Detail Publication version. Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C3002 | Security Target - Page 3
    TOE 11 1.4.2 Guidance Documents 14 1.4.3 Definition of Users ...17 1.4.3.1. Direct User ...18 1.4.3.2. Indirect User ...19 1.4.4 Logical Boundary with TOE Type in PP 31 2.4.2 Consistency Claim with Security Problems and Security Objectives in PP......... 31 2.4.3 Consistency Claim with Security
  • Ricoh Aficio MP C3002 | Security Target - Page 4
    6 Security Requirements...48 6.1 Security Functional Requirements 48 6.1.1 Class FAU: Security audit 48 6.1.2 Class FCS: Cryptographic support 52 6.1.3 Class FDP: User data protection 53 6.1.4 Class FIA: Identification and authentication 57 6.1.5 Class FMT: Security management 61 6.1.6 Class
  • Ricoh Aficio MP C3002 | Security Target - Page 5
    4 of 93 7.3 Document Access Control Function 84 7.4 Use-of-Feature Restriction Function 87 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 88 7.7 Stored Data Protection Function 88 7.8 Security Management Function 89 7.9 Software Verification Function 93 7.10 Fax Line
  • Ricoh Aficio MP C3002 | Security Target - Page 6
    of Users ...18 Table 7 : List of Administrative Roles ...18 Table 8 : Definition of User Data ...25 Table 9 : Definition of TSF Data...25 Table 10 : to Control Operations on Document Data and User Jobs (a 54 Table 19 : Additional Rules to Control Operations on Document Data and User Jobs (a 55
  • Ricoh Aficio MP C3002 | Security Target - Page 7
    Page 6 of 93 Table 36 : Unlocking Administrators for Each User Role 84 Table 37 : Stored Documents Access Control Rules for Normal Users 85 Table 38 : Encrypted Communications Provided by the TOE 87 Table 39 : List of Cryptographic Operations for Stored Data Protection 88 Table 40 : Management
  • Ricoh Aficio MP C3002 | Security Target - Page 8
    and/or sales companies, their components are identical. MFP Product Names TOE Versions Table 1 : Identification Information of TOE Ricoh Aficio MP C3002, Ricoh Aficio MP C3002G, Ricoh Aficio MP C3502, Ricoh Aficio MP C3502G, Savin MP C3002, Savin MP C3002G, Savin MP C3502, Savin MP C3502G, Lanier
  • Ricoh Aficio MP C3002 | Security Target - Page 9
    animation Scanner Printer PCL PCL Font Data Erase Onb GWFCU3.5-4(WW) Engine OpePanel LANG0 LANG1 Ic Key Ic Ctlr 1.00 01.09 1.05.1 1.07 1.06 1.01x 01.00.04 0.16:04 1.04 1.03 1.03 Hardware 01020700 03 Keywords : Digital MFP, Documents, Copy, Print, Scanner, Network, Office, Fax Page 8 of 93 1.3
  • Ricoh Aficio MP C3002 | Security Target - Page 10
    as the TOE. The MFP is connected to the office LAN, and users can perform the following operations from the Operation Panel of the MFP: - Various settings for the MFP, - Copy, fax, storage, and network transmission of paper documents, - Print, fax, network transmission, and deletion of the stored
  • Ricoh Aficio MP C3002 | Security Target - Page 11
    transmission of the stored documents in the TOE to its folders. SMTP Server A server used by the TOE for e-mail transmission. External Authentication Server A server that identifies and authenticates the TOE user with Windows authentication (Kerberos authentication method). This server is only used
  • Ricoh Aficio MP C3002 | Security Target - Page 12
    Data Protection Function - Security Management Function - Software Verification Function - Fax Line Separation Function 1.4 TOE Description This section describes Physical Boundary of TOE, Guidance Documents, Definition of Users, Logical Boundary of TOE, and Protected Assets. 1.4.1 Physical Boundary
  • Ricoh Aficio MP C3002 | Security Target - Page 13
    which is used as a working area for image processing such as compressing/decompressing the image data. It can also be used to temporarily read and write internal information. - NVRAM A non-volatile memory medium in which TSF data for configuring MFP operations is stored. - Ic Key A security chip
  • Ricoh Aficio MP C3002 | Security Target - Page 14
    Support, Scanner, Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, PCL read paper documents, Printer Engine that is an output device to print and eject paper documents instructions documents, login user names and login passwords of normal users. Copyright (c) 2012 RICOH COMPANY
  • Ricoh Aficio MP C3002 | Security Target - Page 15
    printing Aficio MP C3002/C3502/C4502/C4502A/C5502/C5502A User Guide D143-7004 - MP C3002/C3502/C4502/C4502A/C5502/C5502A Aficio MP C3002/C3502/C4502/C4502A/C5502/C5502A Read This First D143-7008 - Notes for Security Guide D143-7348 - Errata D143-7046 - SOFTWARE LICENSE AGREEMENT D645-7901 - Manuals
  • Ricoh Aficio MP C3002 | Security Target - Page 16
    Manuals MP C3002G/MP C3502G/MP C4502G/MP C4502AG/MP C5502G/MP C5502AG Aficio MP C3002G/MP C3502G/MP C4502G/MP C4502AG/MP C5502G/MP C5502AG D143-7453 - Printer/Scanner Drivers and Utilities RICOH Aficio MP C3002/MP C3002G/MP C3502/MP C3502G LANIER MP C3002/MP C3002G/MP C3502/MP C3502G SAVIN MP C3002
  • Ricoh Aficio MP C3002 | Security Target - Page 17
    Guide D143-7347 - SOFTWARE LICENSE AGREEMENT D645-7901 - Safety Information A232-8561A - Manuals MP C3002/MP C3502/MP C4502/MP C4502A/MP C5502/MP C5502A Aficio MP C3002/MP C3502/MP C4502/MP C4502A/MP C5502/MP C5502A A D143-7447 - Printer/Scanner Drivers and Utilities RICOH Aficio MP C3002/MP
  • Ricoh Aficio MP C3002 | Security Target - Page 18
    Guide D143-7348 - Errata D143-7046 - SOFTWARE LICENSE AGREEMENT D645-7901 - Manuals MP C3002/MP C3502/MP C4502/MP C4502A/MP C5502/MP C5502A Aficio MP C3002/MP C3502/MP C4502/MP C4502A/MP C5502/MP C5502A D143-7444 - Printer/Scanner Drivers and Utilities RICOH Aficio MP C3002/MP C3502 Gestetner MP
  • Ricoh Aficio MP C3002 | Security Target - Page 19
    operations, which include issuing login names to normal users. An IT device connected to networks. RC Gate performs the @Remote Service Function of the TOE via RC Gate communication interface. Copy Function, Fax Function, Scanner Function, Printer Function, Document Server Function, and Management
  • Ricoh Aficio MP C3002 | Security Target - Page 20
    Page 19 of 93 1.4.3.2. Indirect User Responsible manager of MFP The responsible manager of MFP is a person who is responsible for selection of the TOE administrators in the organisation where the
  • Ricoh Aficio MP C3002 | Security Target - Page 21
    stored on the HDD as a Document Server document. Printer Function The Printer Function of TOE is to print or store the documents the TOE receives from the printer driver installed on the client computer. It also allows users to print and delete the stored documents from the Operation Panel or a Web
  • Ricoh Aficio MP C3002 | Security Target - Page 22
    by users from the printer driver. The printing methods include direct print, Document Server storage, locked print, stored print, hold print, and sample print. For direct print, documents received by the TOE will be printed. The documents will not be stored in the TOE. For Document Server storage
  • Ricoh Aficio MP C3002 | Security Target - Page 23
    Panel, users can store, print and delete Document Server documents. Also, users can print and delete fax documents. From a Web browser, users can print and delete Document Server documents, fax, print, download, and delete fax transmission documents. Also, users can send scanner documents to
  • Ricoh Aficio MP C3002 | Security Target - Page 24
    use the Printer or Fax Function from the printer or fax driver will be required to enter his or her login user name and login password received from the printer or fax drivers, so that he or she can be verified as a normal user. A person who attempts to use the @Remote Service Function from the RC
  • Ricoh Aficio MP C3002 | Security Target - Page 25
    Function, Printer Function, Scanner Function, Document Server Function and Fax Function by the authorised TOE users who are authenticated by Identification and address. If the LAN-Fax Transmission Function of Fax Function is used, the protection function can be enabled using the fax driver
  • Ricoh Aficio MP C3002 | Security Target - Page 26
    persons and reading by users without viewing permissions. In this ST, "confidential data", listed below, is referred to as "TSF confidential data". Login password, audit log, and HDD cryptographic key. 1.4.5.3. Functions The MFP applications (Copy Function, Document Server Function, Printer
  • Ricoh Aficio MP C3002 | Security Target - Page 27
    of this ST, Table 10 provides the definitions of specific terms. Table 10 : Specific Terms Related to This ST Terms MFP Control Software FCU Control Software Login user name Login password Lockout Auto logout Minimum Character No. Password Complexity Setting Basic Authentication Definitions
  • Ricoh Aficio MP C3002 | Security Target - Page 28
    Function, Scanner Function, Document Server Function, and Fax Data Storage Function. Documents stored in the TOE after being printed with Document Server printing or stored print from the client computer. One of the security attributes of document data. A list of the login user names of the normal
  • Ricoh Aficio MP C3002 | Security Target - Page 29
    the TOE. A list of the normal users who are authorised to read and delete received fax documents. A function that sends documents from the MFP via networks to a shared folder in an SMB Server by using SMB protocol or that sends documents to a shared folder in an FTP Server by using FTP protocol. The
  • Ricoh Aficio MP C3002 | Security Target - Page 30
    . Page 29 of 93 One of Fax Functions. A function that transmits fax data and stores the documents using the fax driver on client computer. Sometimes referred to as "PC FAX". General term for remote diagnosis maintenance services for the TOE. Also called @Remote Service. Information for the TOE to
  • Ricoh Aficio MP C3002 | Security Target - Page 31
    and TOE conform to is EAL3+ALC_FLR.2. The selected SFR Packages from the PP are: 2600.1-PRT conformant 2600.1-SCN conformant 2600.1-CPY conformant 2600.1-FAX conformant 2600.1-DSR conformant Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C3002 | Security Target - Page 32
    print device, and have the interface to connect telephone line. The HCDs combine these devices and equip one or more functions of Copy Function, Scanner Function, Printer Function or Fax Function. The Document Server do not affect any security problems and security objectives defined in
  • Ricoh Aficio MP C3002 | Security Target - Page 33
    above, the security problems and security objectives in by the PP. 2600.1-PRT, 2600.1-SCN, 2600.1-CPY, 2600.1-FAX, 2600.1-DSR, and 2600.1-SMI are selected from the SFR Package external authentication server can be used. According to PP APPLICATION NOTE 35, the authentications of users are assumed
  • Ricoh Aficio MP C3002 | Security Target - Page 34
    Page 33 of 93 Ownership of Received Fax Documents For the ownership of the received fax documents, the TOE has the characteristic that the ownership of the document is assigned to the intended user. This is according to PP APPLICATION NOTE 93. Augmentation of FCS_CKM.1 and FCS_COP.1 This TOE claims
  • Ricoh Aficio MP C3002 | Security Target - Page 35
    data and user jobs (document access control SFP, FDP_ACC.1(a) and FDP_ACF.1(a)), and as a result, the TSF restrictively allows the MFP administrator to access the TOE functions. Therefore, the requirements described in FDP_ACF.1.3(b) in the PP are satisfied at the same time. The fax reception
  • Ricoh Aficio MP C3002 | Security Target - Page 36
    93 3 Security Problem Definitions This login user name, or by persons with a login user name but without an access permission to the document. T.FUNC.ALT User job alteration User jobs under the TOE management may be altered by persons without a login user name, or by persons with a login user
  • Ricoh Aficio MP C3002 | Security Target - Page 37
    restricted or monitored area that provides protection from physical access by unauthorised persons. A.USER.TRAINING User training The responsible manager of MFP trains users according to the guidance document and users are aware of the security policies and procedures of their organisation and are
  • Ricoh Aficio MP C3002 | Security Target - Page 38
    of their organisation, are competent to correctly configure and operate the TOE in accordance with the guidance document following those policies and procedures. A.ADMIN.TRUST Trusted administrator The responsible manager of MFP selects administrators who do not use their privileged access rights
  • Ricoh Aficio MP C3002 | Security Target - Page 39
    name, or by persons with a login user name but without an access permission to the document. O.DOC.NO_ALT Protection of document alteration The TOE shall protect documents from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access
  • Ricoh Aficio MP C3002 | Security Target - Page 40
    identification and authentication The TOE shall require identification and authentication of users and shall ensure that users are authorised in accordance with security policies before allowing them to use the TOE. O.INTERFACE.MANAGED Management of external interfaces by TOE The TOE shall
  • Ricoh Aficio MP C3002 | Security Target - Page 41
    manager of MFP shall train users according to the guidance document and ensure that users are aware of the security policies and procedures of their organisation and have the competence to follow those policies and procedures. OE.ADMIN.TRAINED Administrator training The responsible manager
  • Ricoh Aficio MP C3002 | Security Target - Page 42
    OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTEC T OE.ADMIN.TRAINED OE.ADMIN.TRUSTED OE.USER.TRAINED T.DOC.DIS X X X T.DOC.ALT X X X T.FUNC.ALT X X X T.PROT.ALT X X X T.CONF.DIS X X X T.CONF.ALT X XX
  • Ricoh Aficio MP C3002 | Security Target - Page 43
    being allowed to use the TOE. By O.DOC.NO_ALT, the TOE protects the documents from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the document. T.DOC.ALT is countered by these objectives. T.FUNC.ALT T.FUNC.ALT is
  • Ricoh Aficio MP C3002 | Security Target - Page 44
    to use the TOE. By O.CONF.NO_DIS, the TOE protects the TSF confidential data from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to the TSF confidential data. T.CONF.DIS is countered by these objectives. T.CONF.ALT
  • Ricoh Aficio MP C3002 | Security Target - Page 45
    a restricted or monitored environment according to the guidance documents and is protected from the physical access by the unauthorised persons. A.ACCESS.MANAGED is upheld by this objective. A.ADMIN.TRAINING A.ADMIN.TRAINING is upheld by OE.ADMIN.TRAINED. Copyright (c) 2012 RICOH COMPANY, LTD. All
  • Ricoh Aficio MP C3002 | Security Target - Page 46
    privileges in accordance with the guidance documents. A.ADMIN.TRUST is upheld by this objective. A.USER.TRAINING A.USER.TRAINING is upheld by OE.USER.TRAINED. By OE.USER.TRAINED, the responsible manager of MFP instructs the users in accordance with the guidance documents to make them aware of the
  • Ricoh Aficio MP C3002 | Security Target - Page 47
    Page 46 of 93 5 Extended Components Definition This section describes Extended Components Definition. 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP) Family behaviour This family defines requirements for the TSF to restrict direct forwarding of information from one external
  • Ricoh Aficio MP C3002 | Security Target - Page 48
    Profile or too unwieldy for refinement in a Security Target. Therefore, the authors decided to define an extended component to address this functionality. This extended component protects both user data and TSF data, and it could therefore be placed in either the FDP or the FPT class. Since its
  • Ricoh Aficio MP C3002 | Security Target - Page 49
    included in the PP/ST, [assignment: types of job for FDP_ACF.1(a), all login user names that attempted the user identification for FIA_UID.1, communication direction of Web Function, communication IP address of the communication used for Web Function and folder transmission, recipient's e-mail
  • Ricoh Aficio MP C3002 | Security Target - Page 50
    : - Start and end operation of storing document data. - Start and end operation of printing document data. - Start and end operation of downloading document data. - Start and end operation of faxing document data. - Start and end operation of sending document data as attachments by e-mail. - Start
  • Ricoh Aficio MP C3002 | Security Target - Page 51
    Detailed: providing a timestamp. b) Basic: Success and failure of login operation b) Basic: Success and failure of login operation b) Basic: Success and failure of login operation b) Basic: Success and failure of login operation. Also includes the user identification that is required by the PP as
  • Ricoh Aficio MP C3002 | Security Target - Page 52
    Minimal: Failure of communication with trusted channel. FAU_GEN.2 User identity association Hierarchical to: No other components. Dependencies The TSF shall provide [assignment: the MFP administrators] with the capability to read [assignment: all of log items] from the audit records. FAU_SAR.1.2 The
  • Ricoh Aficio MP C3002 | Security Target - Page 53
    : FAU_SAR.1 Audit review FAU_SAR.2.1 The TSF shall prohibit all users read access to the audit records, except those users that have been granted explicit read-access. 6.1.2 Class FCS: Cryptographic support FCS_CKM.1 Cryptographic key generation Hierarchical to: No other components. Dependencies
  • Ricoh Aficio MP C3002 | Security Target - Page 54
    , and Operations among Subjects and Objects (a) Subjects Objects Operations - Normal user process - MFP administrator process - Supervisor process - RC Gate process - Document data - User jobs - Read - Delete FDP_ACC.1(b) Subset access control Hierarchical to: No other components. Dependencies
  • Ricoh Aficio MP C3002 | Security Target - Page 55
    process Supervisor process RC Gate process Document data Object User job Security Attributes - Login user name of normal user - User role - User role - User role - User role - Document data attribute - Document user list - Login user name of normal user FDP_ACF.1.2(a) The TSF shall enforce the
  • Ricoh Aficio MP C3002 | Security Target - Page 56
    +DSR Read User jobs No setting of document data attribute Delete Normal user process Normal user process Normal user process Normal user process Normal user process Normal user process Normal user process Page 55 of 93 Not allowed. However, it is allowed for normal user process with login user
  • Ricoh Aficio MP C3002 | Security Target - Page 57
    on the document data and user jobs in Login user name of normal user - Available function list - User role - User role - User user process. FDP_ACF.1.3(b) The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: rules that the Fax
  • Ricoh Aficio MP C3002 | Security Target - Page 58
    the following objects: [assignment: user documents]. 6.1.4 Class FIA: Identification and User authentication using the Operation Panel User authentication using the TOE from client computer Web browser User authentication when printing from the client computer User authentication when using LAN Fax
  • Ricoh Aficio MP C3002 | Security Target - Page 59
    Login user name of normal user - User role - Available function list - User role - Login user name of MFP administrator - User role - User ten digits) Symbols: SP (spaces 33 symbols) (2) Registrable password length: For normal users: No fewer than the minimum character number specified by MFP
  • Ricoh Aficio MP C3002 | Security Target - Page 60
    of inquiries, execution of fax reception, and repair request notification] on behalf of the user to be performed before the user is authenticated (refinement: and authentication of normal user with external authentication server). FIA_UAU.1.2(b) The TSF shall require each user to be successfully
  • Ricoh Aficio MP C3002 | Security Target - Page 61
    identification of normal user with external authentication server). FIA_UID.1.2(b) The TSF shall require each user to be successfully User Security Attributes - Login user name of normal user - User role - Available function list - User role - Login user name of MFP administrator - User role - User
  • Ricoh Aficio MP C3002 | Security Target - Page 62
    Attributes (a) Security Attributes Login user name of normal user for Basic Authentication Login user name of normal user for External Authentication Login user name of supervisor Login user name of MFP administrator Document data attribute Document user list [when document data attributes are
  • Ricoh Aficio MP C3002 | Security Target - Page 63
    , applicable normal user who stored the document data MFP administrator User Roles for Security Attributes (b) Security Attributes Login user name of normal user for Basic Authentication Login user name of normal user for External Authentication Available function list Function type User
  • Ricoh Aficio MP C3002 | Security Target - Page 64
    to Override Default Values Objects Document data Document data [when document data attribute is (+DSR)] Document data [when document data attributes are (+PRT), (+SCN), (+CPY), (+FAXIN), and (+FAXOUT)] User job Security Attributes Document data attribute Document user list Document user list
  • Ricoh Aficio MP C3002 | Security Target - Page 65
    Table 29 : List of TSF Data Page 64 of 93 TSF Data Login password of normal user for Basic Authentication Operations Newly create, modify Modify Login password of supervisor Login password of MFP administrator Modify Modify Newly create Modify Number of Attempts before Lockout for Basic
  • Ricoh Aficio MP C3002 | Security Target - Page 66
    login user name by MFP administrator Query of login user name of MFP administrator by supervisor New creation and modification of login password of normal user of document user list by MFP administrator Query and modification of document user list by the normal user who stored the document Query
  • Ricoh Aficio MP C3002 | Security Target - Page 67
    used Query and modification of date and time by MFP administrator Query of date and time by supervisor Query of date and time by normal user Query and deletion of audit logs by MFP administrator New creation of HDD encryption key by MFP administrator New creation, query, modification and deletion of
  • Ricoh Aficio MP C3002 | Security Target - Page 68
    assignment: the audit log data file]]. The TSF shall provide authorised users with the capability to verify the integrity of [selection: [assignment: logout, completion of document data reception from the printer driver, completion of document data reception from the fax driver, and termination of
  • Ricoh Aficio MP C3002 | Security Target - Page 69
    ALC_FLR.2) Assurance Classes ADV: Development AGD: Guidance documents ALC: Life-cycle support ASE: Security Target evaluation ATE: Tests AVA: Architectural design Operational user guidance Preparative objectives Derived security requirements Security problem definition TOE summary specification
  • Ricoh Aficio MP C3002 | Security Target - Page 70
    Security Objectives and Functional Requirements O.DOC.NO_DIS O.DOC.NO_ALT O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DIS O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FAU_SAR
  • Ricoh Aficio MP C3002 | Security Target - Page 71
    disclosure O.DOC.NO_DIS is the security objective to prevent the documents from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to the document. To fulfil this security objective, it is required to implement the
  • Ricoh Aficio MP C3002 | Security Target - Page 72
    FMT_MSA.1(a) specifies the available operations (newly create, query, modify and delete) on the login user name, and available operations (query and modify) on the document user list, and a specified user is thus restricted to perform each operation. FMT_MSA.3(a) surely sets the restrictive value to
  • Ricoh Aficio MP C3002 | Security Target - Page 73
    user jobs from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the user manage the minimum character number for Basic Authentication, password complexity setting for Basic Authentication, Number of Attempts before
  • Ricoh Aficio MP C3002 | Security Target - Page 74
    (1) Management of the TSF confidential data. FMT_MTD.1 allows the MFP administrator and applicable normal user to operate the login password of normal user. A supervisor is allowed to operate the login password of supervisor. The supervisor and applicable MFP administrator are allowed to operate the
  • Ricoh Aficio MP C3002 | Security Target - Page 75
    after the completion of document data reception from the printer driver or fax driver. The TOE terminates the session with RC Gate after completing the communication with RC Gate. (5) Management of the security attributes. According to FMT_MSA.1(b), the login user name and available function
  • Ricoh Aficio MP C3002 | Security Target - Page 76
    attempt to use the TOE from the Operation Panel or client computer on the network, and FIA_UAU.1(a) and FIA_UAU.1(b) authenticate the identified users. FIA_UID.2 identifies the persons who attempt to use the TOE from the interface for RC Gate communication, and FIA_UAU.2 authenticates the persons
  • Ricoh Aficio MP C3002 | Security Target - Page 77
    encrypts the data to be stored in the HDD, and decrypts the data to be read from the HDD. (3) Manage the TSF data. FMT_MTD.1 allows the MFP administrator to Function. (5) Specification of the roles. FMT_SMR.1 maintains the users who have the privileges. By satisfying FCS_CKM.1, FCS_COP.1, FMT_MTD.1,
  • Ricoh Aficio MP C3002 | Security Target - Page 78
    Page 77 of 93 6.3.3 Dependency Analysis Table 33 shows the result of dependency analysis in this ST for the TOE security functional requirements. Table 33 : Results of Dependency Analysis of TOE Security Functional Requirements TOE Security Functional Requirements FAU_GEN.1 FAU_GEN.2 FAU_STG.1
  • Ricoh Aficio MP C3002 | Security Target - Page 79
    FIA_USB.1 FPT_FDI_EXP.1 FMT_MSA.1(a) FMT_MSA.1(b) FMT_MSA.3(a) FMT_MSA.3(b) FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTA_SSL.3 FTP_ITC.1 FIA_ATD.1 FMT_SMF.1 FMT_SMR.1 [FDP_ACC.1(a) or FDP_IFC.1] FMT_SMR.1 FMT_SMF.1 [FDP_ACC.1(b) or FDP_IFC.1] FMT_SMR.1 FMT_SMF.1 FMT_MSA.1(a) FMT_SMR.1
  • Ricoh Aficio MP C3002 | Security Target - Page 80
    to appropriately remediate the flaw discovered after the start of TOE operation according to flow reporting procedure (ALC_FLR.2). Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is appropriate for this TOE. Copyright (c) 2012 RICOH COMPANY, LTD. All
  • Ricoh Aficio MP C3002 | Security Target - Page 81
    the recorded audit log in a legible fashion for users to audit (audit log review). The recorded audit in a text format when the MFP administrator instructs the TOE to read the audit logs. FAU_STG.4 The TOE writes login operations (except login operations from RC Gate) Success and failure of login
  • Ricoh Aficio MP C3002 | Security Target - Page 82
    of attachments Printing via networks LAN Fax via networks Storing document data Reading document data (print, download, fax transmission, e- by the user or TOE Audit event outcome (success or failure) Communication directions (IN/OUT) Communicating IP address Communicating e-mail address for e-mail
  • Ricoh Aficio MP C3002 | Security Target - Page 83
    until the entry of the login user name and login password is complete. When the TOE is used from the printer driver or fax driver, the TOE receives the login user name and login password entered from each driver by a user. When the entered login user name is the login user name of MFP administrator
  • Ricoh Aficio MP C3002 | Security Target - Page 84
    receiving the print data from the printer driver. The TOE logs out immediately after receiving the transmission information from the fax driver. The TOE terminates a session with RC Gate immediately after the communication with RC Gate is complete. FIA_UAU.7 Regarding login passwords entered by
  • Ricoh Aficio MP C3002 | Security Target - Page 85
    Administrators for Each User Role Page 84 of 93 User Roles (Locked out Users) Normal user Supervisor MFP administrator Unlocking Administrators MFP administrator MFP administrator Supervisor FIA_SOS.1 Login passwords for users can be registered only if these passwords meet the following
  • Ricoh Aficio MP C3002 | Security Target - Page 86
    Users Document Server Function Document Server Function Printer Function Operation Panel Scanner Function Types of Stored Documents displayed in the List Document Server documents Fax transmission documents Printer documents Scanner documents Operations displayed on the Menu Print Delete Print
  • Ricoh Aficio MP C3002 | Security Target - Page 87
    use Scanner Function) Fax transmission Download Print Delete (Fax transmission is authorised for normal users who are privileged to use Fax Function) Print Delete Print Download Delete (Operations above are authorised only if normal users are privileged to use Document Server Function) (2) Access
  • Ricoh Aficio MP C3002 | Security Target - Page 88
    FDP_ACF.1(b) The TOE verifies the role for an authorised TOE user who attempts to start operating Copy Function, Printer Function, Scanner Function, Document Server Function, and Fax Function. If the role is that of normal user, the user can operate only functions that are included in the available
  • Ricoh Aficio MP C3002 | Security Target - Page 89
    if any existing residual data is discovered. If the user deletes document data, the TOE applies the method specified by the Operations Writing data to HDD Reading data from HDD Cryptographic Operations TOE generates a cryptographic key. If a login user is the MFP administrator, the screen to
  • Ricoh Aficio MP C3002 | Security Target - Page 90
    Authentication is applied (*1) Login user name of supervisor Login user name of MFP administrator Document data attributes Document user list Stored document types are Document Server document, scanner document, fax document and printer document (with stored print) Operation Interface Operation
  • Ricoh Aficio MP C3002 | Security Target - Page 91
    of 93 Document user list Stored document type is fax received document(*2) Default values of the document user list Operation Panel, Web browser Operation Panel, Web browser Available function list Operation Panel, Web browser Function types User roles Login passwords of normal users when Basic
  • Ricoh Aficio MP C3002 | Security Target - Page 92
    creates, modifies, and deletes the login user name of the normal user that is registered on the TOE. (*2): If the MFP administrator modifies Stored Reception File User, and if the stored document type of the document user list of document data is received fax document, the list will be modified to
  • Ricoh Aficio MP C3002 | Security Target - Page 93
    Function, Document Server Function and Fax Data Storage Function. Documents printed using Document Server printing or stored print from the client computer. Default values of a document user list assigned to each user. Login user name of a normal user who stored the document data. Login user name
  • Ricoh Aficio MP C3002 | Security Target - Page 94
    Function, Scanner Function, Document Server Function and Fax Function) Function type Page 93 of 93 The values specified for each function type is as follows: For Copy Function, values to identify Copy Function. For Document Server Function, values to identify Document Server Function. For Printer
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
Aficio MP C3002/C3502 series
Security Target
Author : RICOH COMPANY, LTD.
Date
: 2012-05-28
Version : 1.00
Portions of Aficio MP C3002/C3502 series Security Target are reprinted with
written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey
08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices,
Operational Environment A, Copyright © 2009 IEEE. All rights reserved.
This document is a translation of the evaluated and certified security target
written in Japanese.