Ricoh Mp C3001 Instruction Manual
Have a look at the manual Ricoh Mp C3001 Instruction Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 127 Ricoh manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Aficio MP C3001/C3501 series
Security Target
Author : RICOH COMPANY, LTD.
Date : 2011-07-18
Version : 1.00
Portions of Aficio MP C3001/C3501 series Security Target are reprinted with
written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey
08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices,
Operational Environment A, Copyright © 2009 IEEE. All rights reserved.
This document is a translation of the evaluated and certified security target
written in Japanese.
Page 1 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Revision History Version Date Author Detail 1.00 2011-07-18 RICOH COMPANY, LTD. Publication version.
Page 2 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Table of Contents 1 ST Introduction ................................................................................................................... 7 1.1 ST Reference................................................................................................................ 7 1.2 TOE Reference............................................................................................................. 7 1.3 TOE Overview .............................................................................................................. 8 1.3.1 TOE Type ..................................................................................................................... 8 1.3.2 TOE Usage ................................................................................................................... 8 1.3.3 Major Security Features of TOE .............................................................................. 10 1.4 TOE Description ......................................................................................................... 11 1.4.1 Physical Boundary of TOE ........................................................................................11 1.4.2 Guidance Documents ................................................................................................ 14 1.4.3 Definition of Users .................................................................................................... 18 1.4.3.1. Direct User ......................................................................................................... 19 1.4.3.2. Indirect User ...................................................................................................... 20 1.4.4 Logical Boundary of TOE ......................................................................................... 21 1.4.4.1. Basic Functions .................................................................................................. 21 1.4.4.2. Security Functions ............................................................................................. 24 1.4.5 Protected Assets ........................................................................................................ 26 1.4.5.1. User Data ........................................................................................................... 26 1.4.5.2. TSF Data ............................................................................................................ 27 1.4.5.3. Functions ............................................................................................................ 27 1.5 Glossary...................................................................................................................... 27 1.5.1 Glossary for This ST ................................................................................................. 27 2 Conformance Claim ........................................................................................................... 31 2.1 CC Conformance Claim.............................................................................................. 31 2.2 PP Claims ................................................................................................................... 31 2.3 Package Claims .......................................................................................................... 31 2.4 Conformance Claim Rationale.................................................................................... 32 2.4.1 Consistency Claim with TOE Type in PP................................................................ 32 2.4.2 Consistency Claim with Security Problems and Security Objectives in PP ......... 32 2.4.3 Consistency Claim with Security Requirements in PP .......................................... 33 3 Security Problem Definitions ............................................................................................ 36
Page 3 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 3.1 Threats....................................................................................................................... 36 3.2 Organisational Security Policies ................................................................................ 37 3.3 Assumptions ............................................................................................................... 37 4 Security Objectives............................................................................................................39 4.1 Security Objectives for TOE....................................................................................... 39 4.2 Security Objectives of Operational Environment ....................................................... 40 4.2.1 IT Environment ......................................................................................................... 40 4.2.2 Non-IT Environment................................................................................................. 41 4.3 Security Objectives Rationale..................................................................................... 42 4.3.1 Correspondence Table of Security Objectives ......................................................... 42 4.3.2 Security Objectives Descriptions ............................................................................. 43 5 Extended Components Definition...................................................................................... 47 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP)....................... 47 6 Security Requirements ...................................................................................................... 49 6.1 Security Functional Requirements ............................................................................. 49 6.1.1 Class FAU: Security audit ........................................................................................ 49 6.1.2 Class FCS: Cryptographic support .......................................................................... 52 6.1.3 Class FDP: User data protection ............................................................................. 53 6.1.4 Class FIA: Identification and authentication ......................................................... 58 6.1.5 Class FMT: Security management........................................................................... 61 6.1.6 Class FPT: Protection of the TSF ............................................................................. 67 6.1.7 Class FTA: TOE access ............................................................................................. 68 6.1.8 Class FTP: Trusted path/channels ........................................................................... 68 6.2 Security Assurance Requirements.............................................................................. 68 6.3 Security Requirements Rationale............................................................................... 69 6.3.1 Tracing ....................................................................................................................... 69 6.3.2 Justification of Traceability ...................................................................................... 71 6.3.3 Dependency Analysis ................................................................................................ 77 6.3.4 Security Assurance Requirements Rationale .......................................................... 79 7 TOE Summary Specification ............................................................................................. 80 7.1 Audit Function ........................................................................................................... 80 7.2 Identification and Authentication Function ............................................................... 82
Page 4 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 7.3 Document Access Control Function............................................................................ 84 7.4 Use-of-Feature Restriction Function .......................................................................... 86 7.5 Network Protection Function ..................................................................................... 87 7.6 Residual Data Overwrite Function............................................................................. 87 7.7 Stored Data Protection Function................................................................................ 88 7.8 Security Management Function ................................................................................. 88 7.9 Software Verification Function................................................................................... 93 7.10 Fax Line Separation Function .................................................................................... 93
Page 5 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. List of Figures Figure 1 : Example of TOE Environment........................................................................................................ 9 Figure 2 : Hardware Configuration of the TOE............................................................................................. 12 Figure 3 : Logical Scope of the TOE............................................................................................................. 21 List of Tables Table 1 : Identification Information of TOE.................................................................................................... 7 Table 2 : Guidance for English Version-1...................................................................................................... 14 Table 3 : Guidance for English Version-2...................................................................................................... 15 Table 4 : Guidance for English Version-3...................................................................................................... 17 Table 5 : Guidance for English Version-4...................................................................................................... 17 Table 6 : Definition of Users ......................................................................................................................... 19 Table 7 : List of Administrative Roles ........................................................................................................... 19 Table 8 : Definition of User Data .................................................................................................................. 26 Table 9 : Definition of TSF Data ................................................................................................................... 27 Table 10 : Specific Terms Related to This ST ............................................................................................... 27 Table 11 : Rationale for Security Objectives ................................................................................................. 42 Table 12 : List of Auditable Events ............................................................................................................... 49 Table 13 : List of Cryptographic Key Generation ......................................................................................... 53 Table 14 : List of Cryptographic Operation................................................................................................... 53 Table 15 : List of Subjects, Objects, and Operations among Subjects and Objects (a) ................................. 54 Table 16 : List of Subjects, Objects, and Operations among Subjects and Objects (b) ................................. 54 Table 17 : Subjects, Objects and Security Attributes (a) ............................................................................... 54 Table 18 : Rules to Control Operations on Document Data and User Jobs (a).............................................. 55 Table 19 : Additional Rules to Control Operations on Document Data and User Jobs (a) ............................ 56 Table 20 : Subjects, Objects and Security Attributes (b) ............................................................................... 57 Table 21 : Rule to Control Operations on MFP Applications (b) ..................................................................57 Table 22 : List of Authentication Events of Basic Authentication ................................................................. 58 Table 23 : List of Actions for Authentication Failure .................................................................................... 58 Table 24 : List of Security Attributes for Each User That Shall Be Maintained ............................................ 59 Table 25 : Rules for Initial Association of Attributes .................................................................................... 61 Table 26 : User Roles for Security Attributes (a)........................................................................................... 62 Table 27 : User Roles for Security Attributes (b) .......................................................................................... 63 Table 28 : Authorised Identified Roles Allowed to Override Default Values ................................................ 64 Table 29 : List of TSF Data ........................................................................................................................... 65 Table 30 : List of Specification of Management Functions ........................................................................... 66 Table 31 : TOE Security Assurance Requirements (EAL3+ALC_FLR.2) .................................................... 69 Table 32 : Relationship between Security Objectives and Functional Requirements .................................... 70 Table 33 : Results of Dependency Analysis of TOE Security Functional Requirements .............................. 77 Table 34 : List of Audit Events ...................................................................................................................... 80 Table 35 : List of Audit Log Items ................................................................................................................ 81
Page 6 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Table 36 : Unlocking Administrators for Each User Role ............................................................................. 83 Table 37 : Stored Documents Access Control Rules for Normal Users......................................................... 85 Table 38 : Encrypted Communications Provided by the TOE ....................................................................... 87 Table 39 : List of Cryptographic Operations for Stored Data Protection ...................................................... 88 Table 40 : Management of TSF Data............................................................................................................. 89 Table 41 : List of Static Initialisation for Security Attributes of Document Access Control SFP ................. 92
Page 7 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 1 ST Introduction This section describes ST Reference, TOE Reference, TOE Overview and TOE Description. 1.1 ST Reference The following are the identification information of this ST. Title : Aficio MP C3001/C3501 series Security Target Version : 1.00 Date : 2011-07-18 Author : RICOH COMPANY, LTD. 1.2 TOE Reference This TOE is identified by the following: digital multi function product (hereafter MFP) and Fax Controller Unit (hereafter FCU), all of which constitute the TOE. The MFP is identified by its product name and version. Although the MFP product names vary depending on sales areas and/or sales companies, the components are identical. MFP versions consist of software and hardware versions. The FCU is identified by its name and version. Table 1 shows the identification information of the TOE. Table 1 : Identification Information of TOE Names Versions MFPs Software System/Copy 1.03 Network Support 10.54 Scanner 01.05 Printer 1.02 Fax 02.00.00 RemoteFax 01.00.00 Web Support 1.05 Web Uapl 1.01 NetworkDocBox 1.01 animation 1.00 PCL 1.02 OptionPCLFont 1.02 Ricoh Aficio MP C3001, Ricoh Aficio MP C3501, Ricoh Aficio MP C3001G, Ricoh Aficio MP C3501G, Gestetner MP C3001, Gestetner MP C3501, Lanier MP C3001, Lanier MP C3501, Lanier LD630C, Lanier LD635C, Lanier LD630CG, Lanier LD635CG, nashuatec MP C3001, nashuatec MP C3501, Rex-Rotary MP C3001, Rex-Rotary MP C3501, Engine 1.03:04
Page 8 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Names Versions OpePanel 1.04 LANG0 1.04 LANG1 1.04 Data Erase Std 1.01x Hardware Ic Key 01020700 infotec MP C3001, infotec MP C3501, Savin C9130, Savin C9135, Savin C9130G, Savin C9135G Ic Ctlr 03 Options FCU name Fax Option Type C5501 GWFCU3-21(WW) 03.00.00 Keywords : Digital MFP, Documents, Copy, Print, Scanner, Network, Office, Fax 1.3 TOE Overview This section defines TOE Type, TOE Usage and Major Security Features of TOE. 1.3.1 TOE Type This TOE is a digital multi function product (hereafter MFP), which is an IT device that inputs, stores, and outputs documents. 1.3.2 TOE Usage The operational environment of the TOE is illustrated below and the usage of the TOE is outlined in this section.
Page 9 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Figure 1 : Example of TOE Environment The TOE is used by connecting to the local area network (hereafter LAN) and telephone lines, as shown in Figure 1. Users can operate the TOE from the Operation Panel of the TOE or through LAN communications. Below, explanations are provided for the MFP, which is the TOE itself, and hardware and software other than the TOE. MFP A machinery that is defined as the TOE. The MFP is connected to the office LAN, and users can perform the following operations from the Operation Panel of the MFP: - Various settings for the MFP, - Copy, fax, storage, and network transmission of paper documents, - Print, fax, network transmission, and deletion of the stored documents. Also, the TOE receives information via telephone lines and can store it as a document. LAN Network used in the TOE environment.