Ricoh Aficio MP 3350B Security Target - Page 59

O.I&A, User Identification and Authentication, O. DOC_ACC, Access Control to the Protected

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 59 highlights

manage security intrusions. For this, FPT_STM.1 provides the trusted time stamp. Page 59 of 83 O.I&A User Identification and Authentication The following are the rationale for the functional requirements that correspond to O.I&A in Table 23 being appropriate to satisfy O.I&A. a) Identify and authenticate users before users use the TOE. To accomplish O.I&A, identification and authentication shall be performed prior to the use of the TOE security functions by users. For this, FIA_UID.2 identifies users prior to their use of the TOE security functions, and FIA_UAU.2 authenticates the identified users. b) Allow the successfully identified and authenticated users to use the TOE. To accomplish O.I&A, if users succeed in authentication that is performed prior to the use of the TOE security functions by users, the users shall be allowed to use the functions for which they have the operation permissions. For this, FIA_ATD.1 and FIA_USB.1 bind the successfully identified and authenticated users with the subjects on behalf of that user. Additionally, they associate and maintain the subjects with the security attributes. c) Make it difficult to decode passwords. To accomplish O.I&A, the passwords for user authentication shall be protected from being viewed by others while users enter them, and from being easily guessed. For this, FIA_UAU.7 prevents the passwords from being viewed by others by displaying protection characters (*: asterisk or -: black dot) in place of each password character entered by users on the authentication feedback area, and FIA_SOS.1 activates the only passwords that make it difficult to be guessed by registering only passwords that satisfy the Minimum Password Length and the combination of letter types for passwords set by the User Administrator, and FIA_AFL.1 reduces the chances to guess passwords by locking out the users whose consecutive numbers of times of failure for user authentication from the Operation Panel, the web browser of client PC, from client PC when printing, and from client PC when faxing meet the Number of Attempts before Lockout, which is set by the Machine Administrator. O. DOC_ACC Access Control to the Protected Assets The following are the rationale for the functional requirements that correspond to O.DOC_ACC in Table 23 being appropriate to satisfy O.DOC_ACC. a) Specify the access control to the Document Data and perform. To accomplish O.DOC_ACC, each user shall be allowed to perform operations on Document Data according to the operation permissions for Document Data set for each type of subjects associated with the users, and each security attribute associated with the subject. For this, if the Administrator Role associated with Administrator process is the File Administrator, FDP_ACC.1 and FDP_ACF.1 allow the Administrator process to delete Document Data. For General Users, FDP_ACC.1 and FDP_ACF.1 allow the General User process to store Document Data, and when the General User IDs that are associated with General User process are registered for the Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 59 of 83
manage security intrusions.
For this, FPT_STM.1 provides the trusted time stamp.
O.I&A
User Identification and Authentication
The following are the rationale for the functional requirements that correspond to O.I&A in Table 23 being
appropriate to satisfy O.I&A.
a)
Identify and authenticate users before users use the TOE.
To accomplish O.I&A, identification and authentication shall be performed prior to the use of the TOE
security functions by users.
For this, FIA_UID.2 identifies users prior to their use of the TOE security functions, and FIA_UAU.2
authenticates the identified users.
b)
Allow the successfully identified and authenticated users to use the TOE.
To accomplish O.I&A, if users succeed in authentication that is performed prior to the use of the TOE
security functions by users, the users shall be allowed to use the functions for which they have the
operation permissions.
For this, FIA_ATD.1 and FIA_USB.1 bind the successfully identified and authenticated users with the
subjects on behalf of that user. Additionally, they associate and maintain the subjects with the security
attributes.
c)
Make it difficult to decode passwords.
To accomplish O.I&A, the passwords for user authentication shall be protected from being viewed by
others while users enter them, and from being easily guessed.
For this, FIA_UAU.7 prevents the passwords from being viewed by others by displaying protection
characters (*: asterisk or
-
: black dot) in place of each password character entered by users on the
authentication feedback area, and FIA_SOS.1 activates the only passwords that make it difficult to be
guessed by registering only passwords that satisfy the Minimum Password Length and the combination
of letter types for passwords set by the User Administrator, and FIA_AFL.1 reduces the chances to
guess passwords by locking out the users whose consecutive numbers of times of failure for user
authentication from the Operation Panel, the web browser of client PC, from client PC when printing,
and from client PC when faxing meet the Number of Attempts before Lockout, which is set by the
Machine Administrator.
O. DOC_ACC
Access Control to the Protected Assets
The following are the rationale for the functional requirements that correspond to O.DOC_ACC in Table 23
being appropriate to satisfy O.DOC_ACC.
a)
Specify the access control to the Document Data and perform.
To accomplish O.DOC_ACC, each user shall be allowed to perform operations on Document Data
according to the operation permissions for Document Data set for each type of subjects associated with
the users, and each security attribute associated with the subject.
For this, if the Administrator Role associated with Administrator process is the File Administrator,
FDP_ACC.1 and FDP_ACF.1 allow the Administrator process to delete Document Data. For General
Users, FDP_ACC.1 and FDP_ACF.1 allow the General User process to store Document Data, and
when the General User IDs that are associated with General User process are registered for the
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.