Ricoh Aficio MP 3350B Security Target - Page 45

Page 45 of 83 FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following rules: [assignment: no rules, based on security attributes, that explicitly deny information flows]. 6.1.4 Class FIA: Identification and authentication FIA_AFL.1 Authentication failure handling Hierarchical to: No other components. Dependencies: FIA_UAU.1 Timing of authentication. FIA_AFL.1.1 TSF shall detect when [selection: an Administrator (refinement: the Machine Administrator) configurable positive integer within [assignment: 1 to 5]] unsuccessful authentication attempts occur related to [assignment: the consecutive numbers of times of authentication failure for each user in the authentication events shown in Table 14]. Table 14: List of Authentication Events Authentication events User authentication using the Control Panel User authentication using the TOE from web browser of client PC User authentication when printing from client PC User authentication when faxing from client PC FIA_AFL.1.2 When defined number of unsuccessful authentication attempts has been [selection: met], the TSF shall [assignment: Lockout the user, who has failed the authentication attempts, until one of the Lockout release actions, shown in Table 15, is taken]. Table 15: Lockout Release Actions Lockout release actions Auto Lockout Release Details If the unsuccessful authentication attempts have met the defined number, and the Lockout time set in advance (by the Machine Administrator between 1 and 9999 minutes) has elapsed, then Lockout is released by the first identification and authentication by the Locked out User. Although the Machine Administrator can also set the Lockout time to an indefinite, in this case, Lockout cannot be released by the Lockout release operation of elapse of time but can only by other Lockout release operations. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.