Ricoh Mp C3001 Instruction Manual

							    Page 50 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
  perform an operation on an object 
covered by the SFP. 
b) Basic: All requests to perform an 
operation on an object covered by the 
SFP. 
c) Detailed: The specific security 
attributes used in making an access 
check. - Start and end operation of 
storing document data. 
- Start and end operation of 
printing document data. 
- Start and end operation of 
downloading document data. 
- Start and end operation of 
faxing document data. 
- Start and end operation of 
sending document data by 
e-mail. 
- Start and end operation of 
delivering document data to 
folder. 
- Start and end operation of 
deleting document data. 
Those described above, 
storing, printing, 
downloading, faxing, sending 
by e-mail, delivering to folder, 
and deleting, are the job types 
of additional information that 
are required by the PP. 
FDP_ACF.1(b)  a) Minimal: Successful requests to 
perform an operation on an object 
covered by the SFP. 
b) Basic: All requests to perform an 
operation on an object covered by the 
SFP. 
c) Detailed: The specific security 
attributes used in making an access 
check. Original: Not recorded. 
FIA_UAU.1(a)  a) Minimal: Unsuccessful use of the 
authentication mechanism; 
b) Basic: All use of the authentication 
mechanism; 
c) Detailed: All TSF mediated actions 
performed before authentication of the 
user. b) Basic: Success and failure of 
login operation 
FIA_UAU.1(b)  a) Minimal: Unsuccessful use of the 
authentication mechanism; 
b) Basic: All use of the authentication 
mechanism; 
c) Detailed: All TSF mediated actions 
performed before authentication of the 
user. b) Basic: Success and failure of 
login operation 
FIA_UAU.2  a) Minimal: Unsuccessful use of the  b) Basic: Success and failure of  
						

							    Page 51 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
authentication mechanism; 
b) Basic: All use of the authentication 
mechanism. login operation 
FIA_UID.1(a)  a) Minimal: Unsuccessful use of the 
user identification mechanism, 
including the user identity provided; 
b) Basic: All use of the user 
identification mechanism, including 
the user identity provided. b) Basic: Success and failure of 
login operation. Also includes 
the user identification that is 
required by the PP as the 
additional information. 
FIA_UID.1(b)  a) Minimal: Unsuccessful use of the 
user identification mechanism, 
including the user identity provided; 
b) Basic: All use of the user 
identification mechanism, including 
the user identity provided. b) Basic: Success and failure of 
login operation. Also includes 
the user identification that is 
required by the PP as the 
additional information. 
FIA_UID.2  a) Minimal: Unsuccessful use of the 
user identification mechanism, 
including the user identity provided; 
b) Basic: All use of the user 
identification mechanism, including 
the user identity provided. b) Basic: Success and failure of 
login operation 
FMT_SMF.1  a) Minimal: Use of the management 
functions. a) Minimal: Record of 
management items in Table 30.
 
FMT_SMR.1  a) Minimal: modifications to the 
group of users that are part of a role; 
b) Detailed: every use of the rights of 
a role. No record due to no 
modification. 
FPT_STM.1  a) Minimal: changes to the time; 
b) Detailed: providing a timestamp. a) Minimal: Settings of 
Year-Month-Day and 
Hour-Minute 
FTA_SSL.3  a) Minimal: Termination of an 
interactive session by the session 
locking mechanism. a) Minimal: Termination of 
session by auto logout. 
FTP_ITC.1  a) Minimal: Failure of the trusted 
channel functions. 
b) Minimal: Identification of the 
initiator and target of failed trusted 
channel functions. 
c) Basic: All attempted uses of the 
trusted channel functions. 
d) Basic: Identification of the initiator 
and target of all trusted channel 
functions. a) Minimal: Failure of 
communication with trusted 
channel. 
FAU_GEN.2 User identity association 
Hierarchical to:  No other components.  
						

							    Page 52 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
Dependencies:    FAU_GEN.1 Audit data generation 
FIA_UID.1 Timing of identification 
FAU_GEN.2.1  For audit events resulting from actions of identified users, the TSF shall be able to associate 
each auditable event with the identity of the user that caused the event. 
FAU_STG.1  Protected audit trail storage 
Hierarchical to:  No other components. 
Dependencies:  FAU_GEN.1 Audit data generation 
FAU_STG.1.1  The TSF shall protect the stored audit records in the audit trail from unauthorised deletion. 
FAU_STG.1.2  The TSF shall be able to [selection: prevent] unauthorised modifications to the stored audit 
records in the audit trail. 
FAU_STG.4  Prevention of audit data loss 
Hierarchical to:  FAU_STG.3 Action in case of possible audit data loss 
Dependencies:  FAU_STG.1 Protected audit trail storage 
FAU_STG.4.1  The TSF shall [selection: overwrite the oldest stored audit records] and [assignment: no 
other actions to be taken in case of audit storage failure] if the audit trail is full. 
FAU_SAR.1 Audit review 
Hierarchical to:  No other components. 
Dependencies:  FAU_GEN.1 Audit data generation 
FAU_SAR.1.1  The TSF shall provide [assignment: the MFP administrators] with the capability to read 
[assignment: all of log items] from the audit records. 
FAU_SAR.1.2  The TSF shall provide the audit records in a manner suitable for the user to interpret the 
information. 
FAU_SAR.2 Restricted audit review 
Hierarchical to:  No other components. 
Dependencies:  FAU_SAR.1 Audit review 
FAU_SAR.2.1  The TSF shall prohibit all users read access to the audit records, except those users that have 
been granted explicit read-access. 
6.1.2  Class FCS: Cryptographic support 
FCS_CKM.1  Cryptographic key generation 
Hierarchical to:  No other components. 
Dependencies:  [FCS_CKM.2 Cryptographic key distribution, or   
FCS_COP.1 Cryptographic operation]   
FCS_CKM.4 Cryptographic key destruction 
FCS_CKM.1.1  The TSF shall generate cryptographic keys in accordance with a specified cryptographic key 
generation algorithm [assignment: cryptographic key generation algorithm in Table 13] and  
						

							    Page 53 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
specified cryptographic key sizes [assignment: cryptographic key sizes in Table 13] that 
meet the following: [assignment: standards in Table 13]. 
Table 13 : List of Cryptographic Key Generation 
Key Type Standard Cryptographic Key 
Generation Algorithm 
Cryptographic 
Key Size 
HDD cryptographic key  BSI-AIS31  TRNG  256 bits 
 
FCS_COP.1 Cryptographic operation 
Hierarchical to:  No other components. 
Dependencies:  [FDP_ITC.1 Import of user data without security attributes, or 
FDP_ITC.2 Import of user data with security attributes, or 
FCS_CKM.1 Cryptographic key generation]   
FCS_CKM.4 Cryptographic key destruction 
FCS_COP.1.1  The TSF shall perform [assignment: cryptographic operations shown in Table 14] in 
accordance with a specified cryptographic algorithm [assignment: cryptographic algorithm 
shown in Table 14] and cryptographic key sizes [assignment: cryptographic key sizes shown 
in Table 14] that meet the following: [assignment: standards shown in Table 14]. 
Table 14 : List of Cryptographic Operation 
Key Type Standard Cryptographic 
Algorithm 
Cryptographic 
Key Size 
Cryptographic Operation 
HDD 
cryptographic 
key FIPS197  AES  256 bits  - Encryption when writing the data 
on HDD 
- Decryption when reading the data 
from HDD 
6.1.3  Class FDP: User data protection 
FDP_ACC.1(a) Subset access control 
Hierarchical to:  No other components. 
Dependencies:  FDP_ACF.1 Security attribute based access control 
FDP_ACC.1.1(a)  The TSF shall enforce the [assignment: document access control SFP] on [assignment: list 
of subjects, objects, and operations among subjects and objects in Table 15].  
						

							    Page 54 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
Table 15 : List of Subjects, Objects, and Operations among Subjects and Objects (a) 
Subjects - Normal user process 
- MFP administrator process 
- Supervisor process 
- RC Gate process 
Objects - Document data 
- User jobs 
Operations - Read 
- Delete 
 
FDP_ACC.1(b)  Subset access control 
Hierarchical to:  No other components. 
Dependencies:  FDP_ACF.1 Security attribute based access control 
FDP_ACC.1.1(b)  The TSF shall enforce the [assignment: TOE function access control SFP] on [assignment: 
list of subjects, objects, and operations among subjects and objects in Table 16]. 
Table 16 : List of Subjects, Objects, and Operations among Subjects and Objects (b) 
Subjects - Normal user process 
- MFP administrator process 
- Supervisor process 
- RC Gate process 
Object - MFP application 
Operation - Execute 
 
FDP_ACF.1(a)  Security attribute based access control 
Hierarchical to:  No other components. 
Dependencies:  FDP_ACC.1 Subset access control 
FMT_MSA.3 Static attribute initialisation 
FDP_ACF.1.1(a)  The TSF shall enforce the [assignment: document access control SFP] to objects based on the 
following: [assignment: subjects or objects, and their corresponding security attributes 
shown in Table 17]. 
Table 17 : Subjects, Objects and Security Attributes (a) 
Category Subjects or Objects Security Attributes 
Subject  Normal user process  - Login user name of normal user 
- User role 
Subject  MFP administrator process  - User role  
						

							    Page 55 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
Subject  Supervisor process  - User role 
Subject  RC Gate process  - User role 
Object  Document data  - Document data attribute 
- Document user list 
Object  User job  - Login user name of normal user 
 
FDP_ACF.1.2(a)  The TSF shall enforce the following rules to determine if an operation among controlled 
subjects and controlled objects is allowed: [assignment: rules to control operations among 
subjects and objects shown in Table 18]. 
Table 18 : Rules to Control Operations on Document Data and User Jobs (a) 
Objects Document Data 
Attributes 
Operations Subjects Rules to control Operations 
Document 
data +PRT Delete Normal user 
process Not allowed. However, it is allowed for 
normal user process that created the 
document data. 
Document 
data +PRT Read Normal user 
process Not allowed. However, it is allowed for 
normal user process that created the 
document data. 
Document 
data +SCN Delete Normal user 
process Not allowed. However, it is allowed for 
normal user process that created the 
document data. 
Document 
data +SCN Read Normal user 
process Not allowed. However, it is allowed for 
normal user process that created the 
document data. 
Document 
data +FAXOUT Delete Normal user 
process Not allowed. However, it is allowed for 
normal user process that created the 
document data. 
Document 
data +FAXOUT Read  Normal user 
process Not allowed. However, it is allowed for 
normal user process that created the 
document data. 
Document 
data +FAXIN Delete Normal user 
process Not allowed. However, it is allowed for 
normal user process with login user 
name of normal user registered on 
document user list for document data. 
Document 
data +FAXIN Read Normal user 
process Not allowed. However, it is allowed for 
normal user process with login user 
name of normal user registered on 
document user list for document data. 
Document 
data +CPY Delete Normal user 
process Not allowed. However, it is allowed for 
normal user process that created the 
document data.  
						

							    Page 56 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
Document 
data +CPY Read Normal user 
process Not allowed. However, it is allowed for 
normal user process that created the 
document data. 
Document 
data +DSR Delete Normal user 
process Not allowed. However, it is allowed for 
normal user process with login user 
name of normal user registered on 
document user list for document data. 
Document 
data +DSR Read Normal user 
process Not allowed. However, it is allowed for 
normal user process with login user 
name of normal user registered on 
document user list for document data. 
User jobs  No setting of 
document data 
attribute Delete Normal user 
process Not allowed. However, it is allowed for 
normal user process with login user 
name of normal user, which is the 
security attribute of user jobs. 
 
FDP_ACF.1.3(a) The TSF shall explicitly authorise access of subjects to objects based on the following 
additional rules: [assignment: rules to control operations among subjects and objects 
shown in Table 19]. 
Table 19 : Additional Rules to Control Operations on Document Data and User Jobs (a) 
Objects Document Data 
Attributes 
Operations Subjects Rules to control Operations 
Document 
data +PRT Delete MFP 
administrator 
process Allows. 
Document 
data +FAXIN Delete MFP 
administrator 
process Allows. 
Document 
data +DSR Delete MFP 
administrator 
process Allows. 
User jobs  No setting of 
document data 
attribute Delete MFP 
administrator 
process Allows. 
 
FDP_ACF.1.4(a)  The TSF shall explicitly deny access of subjects to objects based on the following additional 
rules: [assignment: deny the operations on the document data and user jobs in case of 
supervisor process or RC Gate process]. 
FDP_ACF.1(b)  Security attribute-based access control 
Hierarchical to:  No other components. 
Dependencies:  FDP_ACC.1 Subset access control 
FMT_MSA.3 Static attribute initialisation  
						

							    Page 57 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
FDP_ACF.1.1(b)  The TSF shall enforce the [assignment: TOE function access control SFP] to objects based 
on the following: [assignment: subjects or objects, and their corresponding security 
attributes shown in Table 20]. 
Table 20 : Subjects, Objects and Security Attributes (b) 
Category Subjects or Objects Security Attributes 
Normal user process  - Login user name of normal user 
- Available function list 
- User role 
Supervisor process  - User role 
Subject 
RC Gate process  - User role 
Object  MFP application  - Function type 
 
FDP_ACF.1.2(b) The TSF shall enforce the following rules to determine if an operation among controlled 
subjects and controlled objects is allowed: [assignment: rule to control operations among 
objects and subjects shown in Table 21]. 
Table 21 : Rule to Control Operations on MFP Applications (b) 
Object Operation Subject Rule to control Operations 
MFP application  Execute  Normal user process  Allows  executing  MFP  application 
which MFP administrator allowed in 
available function list for normal user 
process. 
FDP_ACF.1.3(b) The TSF shall explicitly authorise access of subjects to objects based on the following 
additional rules: [assignment: rules that the Fax Reception Function operated using 
administrator permission is surely permitted]. 
FDP_ACF.1.4(b)  The TSF shall explicitly deny access of subjects to objects based on the following additional 
rules: [assignment: deny an operation on MFP application in case of supervisor process or 
RC Gate process]. 
FDP_RIP.1  Subset residual information protection 
Hierarchical to:  No other components. 
Dependencies: No dependencies. 
FDP_RIP.1.1  The TSF shall ensure that any previous information content of a resource is made unavailable 
upon the [selection: deallocation of the resource from] the following objects: [assignment: 
user documents].  
						

							    Page 58 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
6.1.4  Class FIA: Identification and authentication 
FIA_AFL.1 Authentication failure handling 
Hierarchical to:  No other components. 
Dependencies:  FIA_UAU.1 Timing of authentication 
FIA_AFL.1.1  The TSF shall detect when [selection: an administrator configurable positive integer within 
[assignment: 1 to 5]] unsuccessful authentication attempts occur related to [assignment: the 
authentication events of Basic Authentication shown in Table 22]. 
Table 22 : List of Authentication Events of Basic Authentication 
Authentication Events 
User authentication using the Operation Panel 
User authentication using the TOE from client computer Web 
browser 
User authentication when printing from the client computer 
User authentication when using LAN Fax from client computer 
FIA_AFL.1.2  When the defined number of unsuccessful authentication attempts has been [selection: met], 
the TSF shall [assignment: perform actions shown in Table 23]. 
Table 23 : List of Actions for Authentication Failure 
Unsuccessfully 
Authenticated Users 
Actions for Authentication Failure 
Normal user  The lockout for the normal user is released by the lockout time set by the MFP 
administrator, or release operation by the MFP administrator. 
Supervisor  The lockout for a supervisor is released by the lockout time set by the MFP 
administrator, release operation by the MFP administrator or the TOEs restart. 
MFP administrator  The lockout for the MFP administrator is released by the lockout time set by the 
MFP administrator, release operation by a supervisor or the TOEs restart. 
FIA_ATD.1 User attribute definition 
Hierarchical to:  No other components. 
Dependencies: No dependencies. 
FIA_ATD.1.1  The TSF shall maintain the following list of security attributes belonging to individual users: 
[assignment: the security attributes listed in Table 24 for each user in Table 24].  
						

							    Page 59 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
Table 24 : List of Security Attributes for Each User That Shall Be Maintained 
Users List of Security Attributes 
Normal user  - Login user name of normal user 
- User role 
- Available function list 
Supervisor  - User role 
MFP administrator  - Login user name of MFP administrator 
- User role 
RC Gate  - User role 
 
FIA_SOS.1  Verification of secrets 
Hierarchical to:  No other components. 
Dependencies: No dependencies. 
FIA_SOS.1.1  The TSF shall provide a mechanism to verify that secrets (refinement: secrets used in Basic 
Authentication) meet [assignment: the following quality metrics]. 
(1)  Usable character and types: 
Upper-case letters: [A-Z] (26 letters) 
Lower-case letters: [a-z] (26 letters) 
Numbers: [0-9] (ten digits) 
Symbols: SP (spaces) !  # $ % &  ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ (33 symbols) 
(2)  Registrable password length: 
For normal users: 
No fewer than the minimum character number specified by MFP administrator (8-32 characters) and no 
more than 128 characters. 
For MFP administrators and a supervisor: 
No fewer than the minimum character number specified by MFP administrator (8-32 characters) and no 
more than 32 characters. 
(3) Rule: 
Passwords that are composed of a combination of characters based on the password complexity setting 
specified by the MFP administrator can be registered. The MFP administrator specifies either Level 1 or 
Level 2 for password complexity setting. 
FIA_UAU.1(a)  Timing of authentication 
Hierarchical to:  No other components. 
Dependencies:  FIA_UID.1 Timing of identification 
FIA_UAU.1.1(a)  The TSF shall allow [assignment: the viewing of the list of user jobs, Web Image Monitor 
Help from a Web browser, system status, counter and information of inquiries, execution 
of fax reception, and repair request notification] on behalf of the user to be performed before 
the user is authenticated (refinement: authentication with Basic Authentication).