Ricoh Aficio MP 2550B Security Target - Page 22

conditions of Minimum Password Length and Password Complexity Setting, which the User Administrator - driver download

Get Ricoh Aficio MP 2550B PDF manuals and user guides View all Ricoh Aficio MP 2550B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 22 highlights

Page 22 of 83 3. Delete the stored Document Data in D-BOX. 4. Download the stored Document Data in D-BOX. The Document Data stored using Scanner Function or Fax Function can be downloaded. 5. Subset of Management Functions. 6. Check the TOE status. 1.4.4.2 Security Functions Security functions include the Audit Function, Identification and Authentication Function, Document Data Access Control Function, Stored Data Protection Function, Network Communication Data Protection Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion Protection Function, and MFP Control Software Verification Function. This chapter describes these security functions. Audit Function The Audit Function is used to check the operation status of the TOE, or to record events, which are required to detect the security intrusion, to the audit log when the events occur. Only the Machine Administrator is allowed to read and delete the recorded audit logs. It is valid to read the audit logs using the Web Service Function, and to delete the audit logs using the Operation Panel or Web Service Function. Identification and Authentication Function The Identification and Authentication Function is used to make the users who attempt to use the TOE from the Operation Panel or client PC enter their user IDs and authentication information, specify and confirm the users. However, when printing or faxing from client PC, this function sends the user IDs and the authentication information to the TOE after users enter their user IDs and authentication information from printer or fax drivers, which are outside of the TOE. Then the TOE attempts to identify and authenticate the user with the received user ID and authentication information. Identification and Authentication Function includes the following: - Account Lockout: If the number of consecutive unsuccessful attempts with the same particular user ID meets the Number of Attempts before Lockout, this prevents this user ID from logging in temporarily. - Authentication Feedback Area Protection: When users enter their passwords, this displays the passwords on the authentication feedback area with the protection character in order not to be viewed by others. - Password Quality Maintenance: This allows the users to register only the passwords that satisfy the conditions of Minimum Password Length and Password Complexity Setting, which the User Administrator has set in advance. Although this TOE also has other Identification and Authentication Functions, this evaluation does not cover the Identification and Authentication Functions that are not listed above. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 22 of 83
3.
Delete the stored Document Data in D-BOX.
4.
Download the stored Document Data in D-BOX.
The Document Data stored using Scanner Function or Fax Function can be downloaded.
5.
Subset of Management Functions.
6.
Check the TOE status.
1.4.4.2
Security Functions
Security functions include the Audit Function, Identification and Authentication Function, Document Data
Access Control Function, Stored Data Protection Function, Network Communication Data Protection
Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion
Protection Function, and MFP Control Software Verification Function. This chapter describes these security
functions.
Audit Function
The Audit Function is used to check the operation status of the TOE, or to record events, which are required
to detect the security intrusion, to the audit log when the events occur. Only the Machine Administrator is
allowed to read and delete the recorded audit logs. It is valid to read the audit logs using the Web Service
Function, and to delete the audit logs using the Operation Panel or Web Service Function.
Identification and Authentication Function
The Identification and Authentication Function is used to make the users who attempt to use the TOE from
the Operation Panel or client PC enter their user IDs and authentication information, specify and confirm the
users. However, when printing or faxing from client PC, this function sends the user IDs and the
authentication information to the TOE after users enter their user IDs and authentication information from
printer or fax drivers, which are outside of the TOE. Then the TOE attempts to identify and authenticate the
user with the received user ID and authentication information.
Identification and Authentication Function includes the following:
-
Account Lockout: If the number of consecutive unsuccessful attempts with the same particular user ID
meets the Number of Attempts before Lockout, this prevents this user ID from logging in temporarily.
-
Authentication Feedback Area Protection: When users enter their passwords, this displays the
passwords on the authentication feedback area with the protection character in order not to be viewed by
others.
-
Password Quality Maintenance: This allows the users to register only the passwords that satisfy the
conditions of Minimum Password Length and Password Complexity Setting, which the User Administrator
has set in advance.
Although this TOE also has other Identification and Authentication Functions, this evaluation does not cover
the Identification and Authentication Functions that are not listed above.
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.