Ricoh Aficio MP 3350B Security Target - Page 61

O.MEM.PROTECT, Prevention of Data Disclosure Stored in Memory, O.NET.PROTECT, Protection for Network

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 61 highlights

Page 61 of 83 - The User Administrator and General Users to query S/MIME User Information and destination information for Deliver to Folder, - Supervisor to query and set Lockout Flag for Administrators, and set Supervisor Authentication Information, and - Supervisor and the applicable Administrators to change Administrator Authentication Information. c) Specify management functions. To accomplish O.MANAGE, the Security Management Functions for the implemented TSF shall be performed. For this, FMT_SMF.1 specifies the required Security Management Functions for the security functional requirements. d) Authorised use of Security Management Functions To accomplish O.MANAGE, the authorised users shall be associated with the security management roles and the operation permissions for the Security Management Functions and be maintained since the use of the Security Management Functions depends on the authorised user roles. FMT_SMR.1 associates the authorised users with General User, one of four Administrator Roles (User Administrator, Machine Administrator, File Administrator and Network Administrator), or the Supervisor role, and maintains such associations. O.MEM.PROTECT Prevention of Data Disclosure Stored in Memory The following are the rationale for the functional requirements that correspond to O.MEM.PROTECT in Table 23 being appropriate to satisfy O.MEM.PROTECT. a) Generate the encryption keys and perform encryption operations adequately. To accomplish O.MEM.PROTECT, the format of the Document Data stored on HDD shall be made difficult so that the decoding is difficult unless the Document Data is read with the normal methods using the TOE. For this, FCS_CKM.1 generates the encryption keys at the key size of 256 bit with TRNG for the encryption key generation algorithm based on BSI-AIS31, and FCS_COP.1 encrypts Document Data when it is stored on HDD, and decrypts Document Data when it is read from HDD using the generated encryption keys with the encryption algorithm AES that corresponds to FIPS197. Additionally, FTP_TST.1 tests the validity of encryption keys and the performance of Ic Hdd that performs the encryption operation at the TOE start-up, and it prevents storing Document Data on HDD without being encrypted. O.NET.PROTECT Protection for Network Communication Data The following are the rationale for the functional requirements that correspond to O.NET.PROTECT in Table 23 being appropriate to satisfy O.NET.PROTECT. a) Protect the assets on communication path. To accomplish O.NET.PROTECT, Document Data or Print Data on the communication path shall be protected from leakage, and tampering shall be detected. For this, FTP_ITC.1 uses the IPSec protocol for Deliver to Folders on either an FTP server or SMB server from the TOE, protects Document Data on networks from leakage, and detects tampering. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 61 of 83
-
The User Administrator and General Users to query S/MIME User Information and
destination information for Deliver to Folder,
-
Supervisor to query and set Lockout Flag for Administrators, and set Supervisor
Authentication Information, and
-
Supervisor and the applicable Administrators to change Administrator Authentication
Information.
c)
Specify management functions.
To accomplish O.MANAGE, the Security Management Functions for the implemented TSF shall be
performed.
For this, FMT_SMF.1 specifies the required Security Management Functions for the security functional
requirements.
d)
Authorised use of Security Management Functions
To accomplish O.MANAGE, the authorised users shall be associated with the security management
roles and the operation permissions for the Security Management Functions and be maintained since the
use of the Security Management Functions depends on the authorised user roles.
FMT_SMR.1 associates the authorised users with General User, one of four Administrator Roles (User
Administrator, Machine Administrator, File Administrator and Network Administrator), or the
Supervisor role, and maintains such associations.
O.MEM.PROTECT
Prevention of Data Disclosure Stored in Memory
The following are the rationale for the functional requirements that correspond to O.MEM.PROTECT in
Table 23 being appropriate to satisfy O.MEM.PROTECT.
a)
Generate the encryption keys and perform encryption operations adequately.
To accomplish O.MEM.PROTECT, the format of the Document Data stored on HDD shall be made
difficult so that the decoding is difficult unless the Document Data is read with the normal methods
using the TOE.
For this, FCS_CKM.1 generates the encryption keys at the key size of 256 bit with TRNG for the
encryption key generation algorithm based on BSI-AIS31, and FCS_COP.1 encrypts Document Data
when it is stored on HDD, and decrypts Document Data when it is read from HDD using the generated
encryption keys with the encryption algorithm AES that corresponds to FIPS197. Additionally,
FTP_TST.1 tests the validity of encryption keys and the performance of Ic Hdd that performs the
encryption operation at the TOE start-up, and it prevents storing Document Data on HDD without being
encrypted.
O.NET.PROTECT
Protection for Network Communication Data
The following are the rationale for the functional requirements that correspond to O.NET.PROTECT in
Table 23 being appropriate to satisfy O.NET.PROTECT.
a)
Protect the assets on communication path.
To accomplish O.NET.PROTECT, Document Data or Print Data on the communication path shall be
protected from leakage, and tampering shall be detected.
For this, FTP_ITC.1 uses the IPSec protocol for Deliver to Folders on either an FTP server or SMB
server from the TOE, protects Document Data on networks from leakage, and detects tampering.
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.