Ricoh Aficio MP 2851 Security Target - Page 20

Page 20 of 81 Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion Protection Function, and MFP Control Software Verification Function. This section describes these functions. Audit Function This function is for checking the operational status of the TOE, and for recording events in the audit log, which is necessary for the detection of security breaches. Only the machine administrator is able to read and delete the recorded audit logs. The machine administrator can read the audit logs using the Web Service Function, and delete the audit logs using both the Operation Panel and the Web Service Function. Identification and Authentication Function This function is for those who attempt to use the TOE from the Operation Panel or a client computer. It prompts the users to enter their user IDs and authentication details for user identification and authentication. However, when printing or faxing from a client computer, this function sends the user's ID and authentication details to the TOE after the users enters their user ID and authentication details from printer or fax drivers, which are outside the TOE. The TOE then attempts to identify and authenticate the user with the received user ID and authentication information. The Identification and Authentication Function includes the following: - Account Lockout: If the number of consecutive unsuccessful attempts with the same particular user ID reaches the specified Number of Attempts before Lockout, this function temporarily prevents further login attempts from this user ID. - Authentication Feedback Area Protection: When a user enters their password, this function masks the password with protection characters as it appears in the authentication feedback area, in order to prevent the password being viewed by others. - Password Quality M aintenance: This forces users to register passwords that satisfy both the Minimum Password Length and Password Complexity Setting, which the user administrator sets in advance. Although this TOE has other Identification and Authentication Functions, this evaluation does not cover the functions other than those listed above. Document Data Access Control Function This function restricts operations on document data stored in the D-BOX to specified users only. Operations on document data include reading and deleting. Each of these operations is as follows: Reading document data: Read document data stored in the D-BOX. Deleting document data: Delete document data stored in the D-BOX. The TOE allows specified users, (file administrators, and general users) to perform operations on document data. File administrators are allowed to delete any document data. General users are allowed to perform only operations that are authorised by the permissions to process document data. The operation permissions in document data include read-only, edit, edit/delete, and full control. For editing permission, the same operation on document data is permitted as the read-only Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.