Ricoh Mp 3351 User Guide

							  Page 41 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  Deleting document data A general user process has permission to delete document 
data if the general user ID associated with the general user 
process matches either the document file owner ID or a 
document file user ID in the document data ACL associated 
with the document data, and if the matched ID has permission 
for editing/deleting or full control permission.  
FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the following 
additional rules: [assignment: rules that explicitly grant subjects operations on objects 
shown in Table 10]. 
Table 10: Rules governing access explicitly Subject Operations on object Rules governing access Administrator 
process Deleting document data When the file administrator is included in administrator roles 
that are associated with administrator process, the 
administrator process has permission to delete all document 
data stored in the D-BOX.  
FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the [assignment: no 
rules, based on security attributes that explicitly deny access of subjects to objects]. 
 
FDP_IFC.1 Subset information flow control 
Hierarchical to: No other components. 
Dependencies: FDP_IFF.1 Simple security attributes. 
FDP_IFC.1.1 The TSF shall enforce the [assignment: telephone line information flow SFP] on 
[assignment: subjects, information, and an operation listed in Table 11]. 
Table 11: List of subjects, information and operation Subjects Information Operation - Fax process on Fax Unit 
- Fax reception process on Controller Board Data received from a telephone 
line Transferring (Note: Transferring means the Controller Board is receiving data through the Fax Unit from a telephone 
line.) 
 
FDP_IFF.1 Simple security attributes 
Hierarchical to: No other components. 
Dependencies: FDP_IFC.1 Subset information flow control 
FMT_MSA.3 Static attribute initialisation. 
FDP_IFF.1.1 The TSF shall enforce the [assignment: telephone line information flow SFP] based on the  
						

							  Page 42 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  following types of subject and information security attributes: [assignment: subjects or 
information and their corresponding security attributes shown in Table 12]. 
Table 12: Security attributes corresponding to subjects or information Type Subjects or information Security attributes Subject Fax process on Fax Unit No security attributes Subject Fax reception process on Controller Board No security attributes Information Data received from a telephone line Data type (Note: Data type means the type of data received from a telephone line and indicates whether this is 
fax or non-fax data.) 
FDP_IFF.1.2 The TSF shall permit an information flow between a controlled subject and controlled 
information via a controlled operation if the following rules hold: [assignment: after the 
type of received data from a telephone line is recognised as fax data, the fax process on 
the Fax Unit allows Fax Reception on the Controller Board to let data received from a 
telephone line pass]. 
FDP_IFF.1.3 The TSF shall enforce the [assignment: no additional information flow control SFP 
rules]. 
FDP_IFF.1.4 The TSF shall explicitly authorise an information flow based on the following rules: 
[assignment: no rules, based on security attributes that explicitly authorise information 
flows]. 
FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following rules: 
[assignment: no rules, based on security attributes that explicitly deny information 
flows]. 
6.1.4 Class FIA: Identification and authentication 
FIA_AFL.1 Authentication failure handling 
Hierarchical to: No other components. 
Dependencies: FIA_UAU.1 Timing of authentication. 
FIA_AFL.1.1 TSF shall detect when [selection: an administrator (refinement: the machine 
administrator) configurable positive integer within [assignment: 1 to 5]] unsuccessful 
authentication attempts occur related to [assignment: the consecutive numbers of times of 
authentication failure for each user in the authentication events shown in Table 13]. 
Table 13: List of authentication events Authentication events User authentication using the control panel  
						

							  Page 43 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  User authentication using TOE from client computer Web browser User authentication when printing from client computer User authentication when faxing from client computer  
FIA_AFL.1.2 When defined number of unsuccessful authentication attempts has been [selection: met], the 
TSF shall [assignment: Lockout the user, who has failed the authentication attempts, 
until one of the Lockout release actions, shown in Table 14, is taken]. 
Table 14: Lockout release actions Lockout release actions Details Auto Lockout Release If the user fails to authenticate after making the number of attempts 
specified for Lockout release, and the Lockout time (between 1 and 9999 
minutes) set in advance by the machine administrator has elapsed, then 
Lockout will be released upon the first successful identification and 
authentication by the locked-out user. The machine administrator can set 
the Lockout time to indefinite, and in this case, Lockout cannot be released 
by a time-based operation but can be released by an operation other than a 
time-based operation. Manual Lockout Release Regardless of the time specified for the Lockout release by the machine 
administrator, an unlocking administrator specified for any user role of a 
locked-out user can release a locked-out user. FMT_MTD.1 defines the 
relationship between locked-out user and unlocking administrator. 
There is also a special Lockout release: If an administrator (any role) or a 
supervisor is locked out, restarting the TOE has the same effect as the 
Lockout release operation performed by an unlocking administrator.  
FIA_ATD.1 User attribute definition 
Hierarchical to: No other components. 
Dependencies: No dependencies. 
FIA_ATD.1.1 The TSF shall maintain the following list of security attributes belonging to individual users: 
[assignment: general user IDs, document data default ACL, administrator IDs, 
administrator roles and supervisor ID]. 
 
FIA_SOS.1 Verification of secrets 
Hierarchical to: No other components. 
Dependencies: No dependencies. 
FIA_SOS.1.1 The TSF shall provide a mechanism to verify that secrets meet [assignment: following 
quality metrics]. 
(1) Usable characters and its types: 
Upper-case letters: [A-Z] (26 letters) 
Lower-case letters: [a-z] (26 letters)  
						

							  Page 44 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  Numbers: [0-9] (10 digits) 
Symbols: SP (spaces) !  # $ % &  ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ (33 symbols) 
(2) Registerable password length: 
For general users 
No fewer than the Minimum Password Length specified by the user administrator (8-32 
characters) and no more than 128 characters. 
For administrators and a supervisor 
No fewer than the Minimum Password Length specified by the user administrator (8-32 
characters) and no more than 32 characters. 
(3) Rule: 
Passwords that are composed of a combination of characters based on the Password 
Complexity Setting specified by the user administrator can be registered. The user 
administrator specifies either Level 1 or Level 2 for Password Complexity Setting. 
 
FIA_UAU.2 User authentication before any action 
Hierarchical to: FIA_UAU.1 Timing of authentication. 
Dependencies: FIA_UID.1 Timing of identification. 
FIA_UAU.2.1 The TSF shall require each user to be successfully authenticated before allowing any other 
TSF-mediated actions on behalf of that user. 
 
FIA_UAU.7 Protected authentication feedback 
Hierarchical to: No other components. 
Dependencies: FIA_UAU.1 Timing of authentication. 
FIA_UAU.7.1 The TSF shall provide only [assignment: displaying a dummy letter (*: asterisks, or ?: 
bullets) for one letter of passwords on authentication feedback] to the user while the 
authentication is in progress. 
 
FIA_UID.2 User identification before any action 
Hierarchical to: FIA_UID.1 Timing of identification. 
Dependencies: No dependencies. 
FIA_UID.2.1 The TSF shall require each user to be successfully identified before allowing any other 
TSF-mediated actions on behalf of that user. 
 
FIA_USB.1 User-subject binding 
Hierarchical to: No other components. 
Dependencies: FIA_ATD.1 User attribute definition. 
FIA_USB.1.1 The TSF shall associate the following user security attributes with subjects acting on the 
behalf of that user: [assignment: general user IDs, document data default ACL,  
						

							  Page 45 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  administrator IDs, administrator roles and supervisor ID]. 
 
FIA_USB.1.2 The TSF shall enforce the following rules on the initial association of user security attributes 
with subjects acting on the behalf of users: [assignment: rules for the initial association of 
attributes listed in Table 15]. 
Table 15: Rules for initial association of attributes Users Subjects Security attributes of users General user General user process General user ID, 
Document data default ACL Administrator Administrator process Administrator ID, 
Administrator roles Supervisor Supervisor process Supervisor ID  
FIA_USB.1.3 The TSF shall enforce the following rules governing changes to the user security attributes 
associated with subjects acting on the behalf of users: [assignment: administrators can add 
their own assigned administrator roles to other administrators, and can delete their own 
administrator roles. However, the administrator cannot delete the assigned 
administrator role if that role is assigned to no other administrators]. 
6.1.5 Class FMT: Security management 
FMT_MSA.1 Management of security attributes 
Hierarchical to: No other components. 
Dependencies: [FDP_ACC.1 Subset access control, or 
FDP_IFC.1 Subset information flow control] 
FMT_SMR.1 Security roles 
FMT_SMF.1 Specification of Management Functions 
FMT_MSA.1.1 The TSF shall enforce the [assignment: MFP access control SFP] to restrict the ability to 
[selection: query, modify, delete, [assignment: newly create, change, add]] the security 
attributes [assignment: security attributes in Table 16] to [assignment: users/roles in 
Table 16]. 
Table 16: Management roles of security attributes Security attributes Operations User roles General user IDs (a data 
item of general user 
information) Query, 
newly create, 
delete - User administrator  
						

							  Page 46 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Security attributes Operations User roles Query - General users Newly create - Administrators Query, 
change - Administrators who own the administrator IDs Administrator IDs 
Query - Supervisor Administrator roles Query, 
add, 
delete - Administrators who are assigned these administrator 
roles Supervisor ID Query, 
change - Supervisor Document data ACL Query, 
modify - File administrator 
- Document file owner 
- General users who have full control operation 
permissions for the relevant document data Document data default 
ACL (a data item of 
general user information) Query, 
modify - User administrator 
- The general user who creates the applicable 
document data  
FMT_MSA.3 Static attribute initialisation 
Hierarchical to: No other components. 
Dependencies: FMT_MSA.1 Management of security attributes 
FMT_SMR.1 Security roles 
FMT_MSA.3.1 The TSF shall enforce the [assignment: MFP access control SFP] to provide default values 
[selection: [assignment: specified as shown in Table 17] for security attributes that are used 
to enforce the SFP. 
FMT_MSA.3.2 The TSF shall allow the [assignment: no authorised identified roles] to specify alternative 
initial values to override the default values when an object or information is created. 
Table 17: Characteristics of static attribute initialisation Object Security attribute associated with object Default value and its characteristic at time of object creation Document data stored 
by general users Document data ACL A value set in advance as the document 
data default ACL for the applicable 
general user (document file owner). This 
value can be set arbitrarily by the user 
administrator or the general user, and it 
has neither a restrictive nor permissive 
property, only the specified property.  
FMT_MTD.1 Management of TSF data  
						

							  Page 47 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  Hierarchical to: No other components. 
Dependencies: FMT_SMR.1 Security roles 
FMT_SMF.1 Specification of Management Functions 
FMT_MTD.1.1 The TSF shall restrict the ability to [selection: query, modify, delete, [assignment: register, 
change, entirely delete, newly create]] the [assignment: list of TSF data management in 
Table 18] to [assignment: roles in Table 18]. 
Table 18: List of TSF data management TSF data Operations User roles Newly create, 
change, 
delete User administrator Authentication information of general 
users (a data item of general user 
information) 
Change Applicable general users of general user 
information Supervisor authentication information Change Supervisor Administrator authentication 
information Change Supervisor 
Applicable administrator of administrator 
authentication information Number of Attempts before Lockout Query, 
modify Machine administrator Setting for Lockout Release Timer Query, 
modify Machine administrator Lockout time Query, 
modify Machine administrator Query, 
modify Machine administrator Date and time of system clock 
Date setting, time setting (hour, minute, 
second) 
Query General users, 
user administrator, 
network administrator, 
file administrator, 
supervisor Minimum Password Length Query, 
modify User administrator Password Complexity Setting Query, 
modify User administrator HDD cryptographic key Query, 
newly create Machine administrator Audit logs Query, 
delete entirely Machine administrator Service mode lock setting Query, 
modify Machine administrator  
						

							  Page 48 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. TSF data Operations User roles Query General users, 
User administrator, 
Network administrator, 
File administrator, 
Supervisor Lockout Flag for general users Query, 
modify User administrator Lockout Flag for administrators Query, 
modify Supervisor Lockout Flag for supervisor Query, 
modify Machine administrator Query, 
newly create, 
delete, 
change User administrator 
Applicable general users of S/MIME user 
information S/MIME User Information (a data item 
of general user information) 
Query General users Destination Information for Deliver to 
Folder Query User administrator, 
General users  
 
FMT_SMF.1 Specification of Management Function 
Hierarchical to: No other components. 
Dependencies: No dependencies. 
FMT_SMF.1.1 The TSF shall be capable of performing the following Management Functions: [assignment: 
list of specifications of Management Functions described in Table 19]. 
Table 19: List of specifications of Management Functions Functional requirements Management requirements Management items FAU_GEN.1 None - FAU_SAR.1 a) Maintenance (deletion, modification, 
addition) of the group of users with read 
access right to the audit records. a) Management of the machine 
administrator from administrator roles. FAU_SAR.2 None - FAU_STG.1 None - FAU_STG.4 a) Maintenance (deletion, modification, 
addition) of actions to be taken in case 
of audit storage failure. None: Actions are fixed and not an object 
of management. FCS_CKM.1 None - FCS_COP.1 None - FDP_ACC.1 None -  
						

							  Page 49 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Functional requirements Management requirements Management items FDP_ACF.1 a) Managing the attributes used to make 
explicit access or denial based 
decisions. a) Management of the file administrator 
from administrator roles. FDP_IFC.1 None - FDP_IFF.1 a) Managing the attributes used to make 
explicit access based decisions. None: Attributes (data type) used to make 
explicit access-based decisions are fixed 
and there are no interfaces to change. FIA_AFL.1 a) Management of the threshold for 
unsuccessful authentication attempts. 
b) Management of actions to be taken in 
the event of an authentication failure. a) Security Management Function 
(management of machine control data): 
management of the Number of Attempts 
before Lockout by machine administrator. 
b) Management of unlocking 
administrators and Lockout release 
operations for locked-out users. FIA_ATD.1 a) If so indicated in the assignment, the 
authorised administrator might be able 
to define additional security attributes 
for users. None: No functions for defining additional 
security attributes for users. FIA_SOS.1 a) Management of the metric used to 
verify the secrets. Security Management Function 
(management of machine control data): 
The user administrator manages the 
following settings of the machine control 
data: 
- Minimum Password Length 
- Password Complexity Setting FIA_UAU.2 a) Management of the authentication 
data by an administrator, 
b) Management of the authentication 
data by the user associated with this 
data. - Security Management Function 
(management of general user 
information): management of 
authentication information of general 
users by the user administrator and 
management of own authentication 
information of general Users. 
- Security Management Function 
(management of administrator 
information): management of own 
administrator authentication information 
by administrators. 
- Security Management Function 
(management of administrator 
information): new registration of 
administrators by administrators. 
- Security Management Function 
(management of administrator 
information): management of 
administrator authentication information 
by supervisor.  
						

							  Page 50 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Functional requirements Management requirements Management items - Security Management Function 
(management of supervisor information): 
management of supervisor authentication 
information by supervisor. FIA_UAU.7 None - FIA_UID.2 a) Management of the user identities. - Security Management Function 
(management of general user 
information): management of general user 
IDs by the user administrator. 
- Security Management Function 
(management of administrator 
information): management of own 
administrator IDs by administrators. 
- Security Management Function 
(management of administrator 
information): new registration of 
administrators by administrators. 
- Security Management Function 
(management of supervisor information): 
management of supervisor ID by 
supervisor. FIA_USB.1 a) An authorised administrator can 
define default subject security attributes. 
b) An authorised administrator can 
change subject security attributes. a) None: Default subject security 
attributes cannot be defined. 
b) Administrators can add own assigned 
administrator roles to other administrators 
and delete administrator roles. FMT_MSA.1 a) Managing the group of roles that can 
interact with the security attributes; 
b) Management of rules by which 
security attributes inherit specified 
values. a) Management of administrator roles by 
administrators. 
b) None: No rules by which security 
attributes inherit specified values. FMT_MSA.3 a) Managing the group of roles that can 
specify initial values; 
b) Managing the permissive or 
restrictive setting of default values for a 
given access control SFP; 
c) Management of rules by which 
security attributes inherit specified 
values. a) None: No groups of roles that can 
specify the initial settings. 
b) Management of the document data 
default ACL. 
- Allows the user administrator to modify 
the document data default ACL for all 
general user information registered to the 
Address Book. 
- Allows general users to modify the 
document data default ACL of their own 
general user information. 
c) None: No rules by which security 
attributes inherit specified values.