Ricoh Aficio MP 2851 Security Target - Page 68

By the above, FIA_AFL.1 Authentication failure handling and FMT_SMF.1 Specification of Management - service manual

Get Ricoh Aficio MP 2851 PDF manuals and user guides View all Ricoh Aficio MP 2851 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 68 highlights

Page 68 of 81 (1) Auto Lockout Release If the user fails to authenticate after making the number of attempts specified to initiate lockout, and the lockout time has elapsed, then lockout will be released upon the first successful identification and authentication by the locked-out user. The machine administrator specifies the lockout time between 1 and 9999 minutes. If the machine administrator sets the lockout time to indefinite, lockout release will be performed only by manual lockout release. In this case, lockout release must be performed by manual lockout release. (2) Manual Lockout Release The unlocking administrators (specified for each user role, as shown in Table 27), have permission to release Lockout using the Web Service Function. If an administrator (any role) or a supervisor is locked out, as a special Lockout release operation, restarting the TOE releases Lockout. Table 27: Unlocking administrators for each user role User roles (locked out users) General users Administrators (all administrator roles) Supervisor Unlocking administrators User administrator Supervisor Machine administrator By the above, FIA_AFL.1 (Authentication failure handling) and FMT_SMF.1 (Specification of Management Functions) are satisfied. 7.1.2.3 Password Feedback Area Protection The TOE display s a string of masking characters (*: asterisks or : bullets) in place of each letter of a password entered from the Operation Panel or the Web browser of a client computer by a general user, administrator, or supervisor. From the above, FIA_UAU.7 (Protected authentication feedback) is satisfied. 7.1.2.4 Password Registration The TOE provides a function for registering and changing the passwords of general users, administrators, and supervisors from the Operation Panel or the Web Service Function. This function uses a string of masking characters described in (1). This function checks if the password to be registered or changed meets conditions (2) and (3). If it does, the password is registered. If it does not, the password is not registered and an error message appears. (1) Usable characters and its types: Upper-case letters: [A-Z] (26 letters) Lower-case letters: [a-z] (26 letters) Numbers: [0-9] (10 digits) Symbols: SP (space 33 symbols) (2) Registerable password length: General users Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
Page 68 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
(1)
Auto Lockout Release
If the user fails to authenticate after making the number of attempts specified to initiate lockout, and the
lockout time has elapsed, then lockout will be released upon the first successful identification and
authentication by the locked-out user. The machine administrator specifies the lockout time between 1
and 9999 minutes. If the machine administrator sets the lockout time to indefinite, lockout release will
be performed only by manual lockout release. In this case, lockout release must be performed by
manual lockout release.
(2)
Manual Lockout Release
The unlocking administrators (specified for each user role, as shown in Table 27), have permission to
release Lockout using the Web Service Function. If an administrator (any role) or a supervisor is locked
out, as a special Lockout release operation, restarting the TOE releases Lockout.
Table 27: Unlocking administrators for each user role
User roles (locked out users)
Unlocking administrators
General users
User administrator
Administrators (all administrator roles)
Supervisor
Supervisor
Machine administrator
By the above, FIA_AFL.1 (Authentication failure handling) and FMT_SMF.1 (Specification of Management
Functions) are satisfied.
7.1.2.3
Password Feedback Area Protection
The TOE display s a string of masking characters (*: asterisks or
?
: bullets) in place of each letter of a
password entered from the Operation Panel or the Web browser of a client computer by a general user,
administrator, or supervisor.
From the above, FIA_UAU.7 (Protected authentication feedback) is satisfied.
7.1.2.4
Password Registration
The TOE provides a function for registering and changing the passwords of general users, administrators,
and supervisors from the Operation Panel or the Web Service Function. This function uses a string of
masking characters described in (1).
This function checks if the password to be registered or changed meets conditions (2) and (3). If it does, the
password is registered. If it does not, the password is not registered and an error message appears.
(1) Usable characters and its types:
Upper-case letters: [A-Z] (26 letters)
Lower-case letters: [a-z] (26 letters)
Numbers: [0-9] (10 digits)
Symbols: SP (space) ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ (33 symbols)
(2) Registerable password length:
General users