Ricoh Aficio MP C3002 Security Target - Page 75

By satisfying FDP_ACC.1b, FDP_ACF.1b, FIA_UID.1a, FIA_UID.1b, FIA_UID.2, FIA_UAU.1a - default password

Page 75 highlights

Page 74 of 93 security policies of the authentication failure handling and verification of secrets need to be augmented. To fulfil this security objective, it is required to implement the following countermeasures. (1) Identify and authenticate the users prior to the TOE use. FIA_UID.1(a) and FIA_UAU.1(a) identify and authenticate the persons who attempt to use the TOE from the Operation Panel or client computer on the network by the Basic Authentication. FIA_UID.1(b) and FIA_UAU.1(b) identify and authenticate the persons by the Basic Authentication if the person who attempts to use the TOE from the Operation Panel or client computer on the network is the MFP administrator or supervisor, and if the person is the normal user, the External Authentication is used for the identification and authentication. FIA_UID.2 identifies the person who attempts to use the TOE from the interface for RC Gate communication, and FIA_UAU.2 authenticates RC Gate. (2) Allow the successfully identified and authenticated user to use the TOE. FIA_ATD.1 and FIA_USB.1 manage the access procedures to the protected assets of the users who are defined in advance, and associate the users who are successfully identified and authenticated with the access procedures. FDP_ACC.1(b) and FDP_ACF.1(b) allow the applicable normal user to use the MFP application according to the operation permission granted to the successfully identified and authenticated normal user. (3) Complicate decoding of login password. FIA_UAU.7 displays dummy letters as authentication feedback on the Operation Panel and prevents the login password from disclosure. FIA_SOS.1 accepts only passwords that satisfy the minimum character number and password character combination specified for the Basic Authentication by the MFP administrator, and makes it difficult to guess the password. For the External Authentication, this depends on the settings for the External Authentication. FIA_AFL.1 does not allow the user who is unsuccessfully authenticated by the Basic Authentication for certain times to access to the TOE for certain period. For the External Authentication, this depends on the settings for the External Authentication. (4) Terminate login automatically. FTA_SSL.3 automatically logs out of the Operation Panel or a Web browser after no operation is performed from the Operation Panel or a Web browser for certain period and the auto logout time elapses. It also logs out the status of document data reception after the completion of document data reception from the printer driver or fax driver. The TOE terminates the session with RC Gate after completing the communication with RC Gate. (5) Management of the security attributes. According to FMT_MSA.1(b), the login user name and available function list of normal user are managed by the MFP administrator, and users are not allowed to operate the function type. FMT_MSA.3(b) sets the restrictive default value to the function type. By satisfying FDP_ACC.1(b), FDP_ACF.1(b), FIA_UID.1(a), FIA_UID.1(b), FIA_UID.2, FIA_UAU.1(a), FIA_UAU.1(b), FIA_UAU.2, FIA_ATD.1, FIA_USB.1, FIA_UAU.7, FIA_AFL.1, FIA_SOS.1, FTA_SSL.3, FMT_MSA.1(b) and FMT_MSA.3(b), which are the security functional requirements for these countermeasures, O.USER.AUTHORIZED is fulfilled. Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94

Page 74 of
93
Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
security policies of the authentication failure handling and verification of secrets need to be augmented. To
fulfil this security objective, it is required to implement the following countermeasures.
(1)
Identify and authenticate the users prior to the TOE use.
FIA_UID.1(a) and FIA_UAU.1(a) identify and authenticate the persons who attempt to use the TOE
from the Operation Panel or client computer on the network by the Basic Authentication.
FIA_UID.1(b) and FIA_UAU.1(b) identify and authenticate the persons by the Basic Authentication if
the person who attempts to use the TOE from the Operation Panel or client computer on the network is
the MFP administrator or supervisor, and if the person is the normal user, the External Authentication is
used for the identification and authentication.
FIA_UID.2 identifies the person who attempts to use the TOE from the interface for RC Gate
communication, and FIA_UAU.2 authenticates RC Gate.
(2)
Allow the successfully identified and authenticated user to use the TOE.
FIA_ATD.1 and FIA_USB.1 manage the access procedures to the protected assets of the users who are
defined in advance, and associate the users who are successfully identified and authenticated with the
access procedures.
FDP_ACC.1(b) and FDP_ACF.1(b) allow the applicable normal user to use the MFP application
according to the operation permission granted to the successfully identified and authenticated normal
user.
(3)
Complicate decoding of login password.
FIA_UAU.7 displays dummy letters as authentication feedback on the Operation Panel and prevents the
login password from disclosure.
FIA_SOS.1 accepts only passwords that satisfy the minimum character number and password character
combination specified for the Basic Authentication by the MFP administrator, and makes it difficult to
guess the password. For the External Authentication, this depends on the settings for the External
Authentication.
FIA_AFL.1 does not allow the user who is unsuccessfully authenticated by the Basic Authentication for
certain times to access to the TOE for certain period. For the External Authentication, this depends on
the settings for the External Authentication.
(4)
Terminate login automatically.
FTA_SSL.3 automatically logs out of the Operation Panel or a Web browser after no operation is
performed from the Operation Panel or a Web browser for certain period and the auto logout time
elapses. It also logs out the status of document data reception after the completion of document data
reception from the printer driver or fax driver. The TOE terminates the session with RC Gate after
completing the communication with RC Gate.
(5)
Management of the security attributes.
According to FMT_MSA.1(b), the login user name and available function list of normal user are
managed by the MFP administrator, and users are not allowed to operate the function type.
FMT_MSA.3(b) sets the restrictive default value to the function type.
By satisfying FDP_ACC.1(b), FDP_ACF.1(b), FIA_UID.1(a), FIA_UID.1(b), FIA_UID.2, FIA_UAU.1(a),
FIA_UAU.1(b), FIA_UAU.2, FIA_ATD.1, FIA_USB.1, FIA_UAU.7, FIA_AFL.1, FIA_SOS.1, FTA_SSL.3,
FMT_MSA.1(b) and FMT_MSA.3(b), which are the security functional requirements for these
countermeasures, O.USER.AUTHORIZED is fulfilled.