Ricoh MP 3350B Operations Instructions

Page 1 of 83 imagio MP 2550/3350 series, Aficio MP 2550/3350 series㩷Security TargetAuthors : RICOH COMPANY, LTD., Yoshihiko KAMEKURA, Yasushi FUNAKI,

Page 10 of 83 1.3 TOE Overview This chapter describes the TOE Type, TOE Usage and Major Security Features, and Environment for TOE Usage and Non-TOE C

Page 11 of 83 Internal Networks, or USB-connected client PCs. Figure 1 shows and describes an assumed environment for the usage of the TOE. Figure 1:

Page 12 of 83 SMB Server An SMB server is used to deliver the Document Data, which is stored in the TOE, to folders in an SMB server. SMTP Server An S

Page 13 of 83 Figure 2: Hardware Configuration of TOEOperation Panel Unit (hereafter called Operation Panel) The Operation Panel is an interface devic

Page 14 of 83 information about the status of fax communication and controls the fax communication according to the instruction from the MFP Control S

Page 15 of 83 When installing the TOE, the CE inserts an SD Card containing information to activate the Stored Data Protection Function into this SD C

Page 16 of 83 - Manuals for Administrators Security Reference 9025/9033/9025b /9033b MP 2550/3350/2550B/3350B LD425/LD433/LD425B /LD433B Aficio MP 25

Page 17 of 83 Aficio MP 2550/2550B/3350/3350B MP 2550/MP 2550B/MP 3350/MP 3350B Operating Instructions About This Machine - MP 2550/MP 2550B/MP 3350/M

Page 18 of 83 1.4.3.2 Administrator An Administrator is a user who is registered on the TOE as an Administrator. There are one to four Administrators

Page 19 of 83 Figure 3: Logical Scope of TOE1.4.4.1 Basic Functions Basic functions include Copy Function, Printer Function, Fax Function, Scanner Fun

Page 2 of 83 Update History Version Date Authors Details 1.05 2010-02-08 Yoshihiko KAMEKURA, Yasushi FUNAKI, Fumi TAKITA Released documents Copyrigh

Page 20 of 83 Figure 4: Operation Panel (for North America) In addition, General Users, Administrators, and a Supervisor can use the functions corresp

Page 21 of 83 is operated from a client PC. Document Data stored in D-BOX for faxing can be printed and deleted using the "Document Server Functi

Page 22 of 83 3. Delete the stored Document Data in D-BOX. 4. Download the stored Document Data in D-BOX. The Document Data stored using Scanner Fun

Page 23 of 83 Document Data Access Control Function The Document Data Access Control Function is used to allow only the specific users to perform the

Page 24 of 83 And the Network Administrator decides the communication protocol to use according to the environment where the TOE is placed and the int

Page 25 of 83 Information. - General Users are allowed to change their own General User Information that is registered for Address Book, with the exc

Page 26 of 83 2. Import from Networks/USB Convert Print Data that the TOE receives from networks or USB into a format that the TOE can handle, and ge

Page 27 of 83 2 Conformance Claims This chapter describes the conformance claim. 2.1 CC Conformance Claim The CC conformance claim of this ST and TOE

Page 28 of 83 3 Security Problem Definition This chapter describes the Threats, Organisational Security Policies and Assumptions.3.1 Threats The assum

Page 29 of 83 P.SOFTWARE (Checking Integrity of Software) Measures are provided for verifying the integrity of MFP Control Software, which is inst

Page 3 of 83 Table of Contents 1 ST Introduction ...

Page 30 of 83 4 Security Objectives This chapter describes the Security Objectives for TOE, Security Objectives for Operational Environmentand Securit

Page 31 of 83 O.LINE_PROTECT (Prevention of Intrusion from Telephone Line) The TOE shall prevent unauthorised access to the TOE from a telephone line

Page 32 of 83 organisational security policies and assumptions. And the security objectives do not correspond to the assumptions (as the shaded region

Page 33 of 83 A.SUPERVISOR (Supervisor's Assumption) A.SUPERVISOR presupposes that the Supervisor has adequate knowledge to operate the TOE

Page 34 of 83 T.SALVAGE (Salvaging Memory) To counter this threat, the TOE converts the format of Document Data by O.MEM.PROTECT that makes it di

Page 35 of 83 5 Extended Components Definition In this ST and TOE, there are no extended components, i.e., the new security requirements and security

Page 36 of 83 6 Security Requirements This chapter describes the Security Functional Requirements, Security Assurance Requirements, and Security Requi

Page 37 of 83 Functional Requirements Actions which should be auditableAuditable events of TOE of the activity.㩷b) Basic: The object attribute(s), an

Page 38 of 83 Functional Requirements Actions which should be auditableAuditable events of TOE FIA_SOS.1 a) Minimal: Rejection by the TSF of any test

Page 39 of 83 Functional Requirements Actions which should be auditableAuditable events of TOE 3. Deleting authentication information of General User

Page 4 of 83 3.3 Assumptions... 294 Secu

Page 40 of 83 FAU_GEN.1.2 The TSF shall record within each audit record at least the following information:㩷a) Date and time of the event, type of ev

Page 41 of 83 6.1.2 Class FCS: Cryptographic support FCS_CKM.1 Cryptographic key generation Hierarchical to: No other components. Dependencies: [FC

Page 42 of 83 6.1.3 Class FDP: User data protection FDP_ACC.1 Subset access controlHierarchical to: No other components. Dependencies: FDP_ACF.1 S

Page 43 of 83 Table 10: Rules Governing AccessSubject Operations on objects Rules governing access Storing Document Data General Users can store th

Page 44 of 83 Hierarchical to: No other components. Dependencies: FDP_IFF.1 Simple security attributes. FDP_IFC.1.1 The TSF shall enforce the [assi

Page 45 of 83 FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following rules: [assignment: no rules, based on security at

Page 46 of 83 Manual Lockout Release Regardless of the value set for the Lockout release time by the Machine Administrator, the Unlocking Administra

Page 47 of 83 Dependencies: FIA_UID.1 Timing of identification. FIA_UAU.2.1 The TSF shall require each user to be successfully authenticated before

Page 48 of 83 associated with subjects acting on the behalf of users: [assignment: Administrators can add their own assigned Administrator Roles to ot

Page 49 of 83 Security attributes Operations User roles General User Information) Document Data 㩷FMT_MSA.3 Static attribute initialisationHierarchic

Page 5 of 83 7.1.2.3 Password Feedback Area Protection...70 7.1.2.4 Password Registration

Page 50 of 83 TSF data Operations User roles Change Applicable General Users of General User Information Supervisor Authentication Information Chang

Page 51 of 83 TSF data Operations User roles Query, newly create, delete, changeUser Administrator Applicable General User of S/MIME User Information

Page 52 of 83 Functional requirements Management requirements Management items Administrator. b) Management of the Unlocking Administrators and Locko

Page 53 of 83 Functional requirements Management requirements Management items (Management of Administrator Information): management of own Administr

Page 54 of 83 Functional requirements Management requirements Management items and second). FPT_TST.1 a) Management of the conditions under which TSF

Page 55 of 83 6.1.7 Class FTP: Trusted path/channels FTP_ITC.1 Inter-TSF trusted channel Hierarchical to: No other components.㩷Dependencies: No dep

Page 56 of 83 6.2 Security Assurance Requirements The evaluation assurance level of this TOE is EAL3. The assurance components of the TOE are shown in

Page 57 of 83 6.3 Security Requirements Rationale This chapter describes the rationale for the security requirements. As described below, if all secu

Page 58 of 83 FIA_UID.2 X FIA_USB.1 X FMT_MSA.1 X FMT_MSA.3 X FMT_MTD.1 X FMT_SMF.1 X FMT_SMR.1 X FPT_STM.1 X FPT_TST.1 XXFTP_ITC.1 X FTP_TR

Page 59 of 83 manage security intrusions. For this, FPT_STM.1 provides the trusted time stamp. O.I&A User Identification and Authentication The f

Page 6 of 83 List of Figures Figure 1: Environment for Usage of TOE...

Page 60 of 83 Document Data ACL of each Document Data, then FDP_ACC.1 and FDP_ACF.1 allow the General User process to perform operations on Document D

Page 61 of 83 - The User Administrator and General Users to query S/MIME User Information and destination information for Deliver to Folder, - Super

Page 62 of 83 FTP_TRP.1 also protects Document Data on networks from leakage and detects the tampering by using a trusted path, which is described lat

Page 63 of 83 TOE Security Functional Requirements Dependenciesclaimed by CC Dependenciessatisfied in ST Dependencies not satisfied in ST FCS_COP.1] F

Page 64 of 83 In this TOE, HDD encryption keys are stored in the area that cannot be accessed from outside Ic Hdd. In addition, after the Administrato

Page 65 of 83 7 TOE Summary Specification This chapter describes the summary specification of the security functions of this TOE. 7.1 TOE Security Fu

Page 66 of 83 SF.AUDIT SF.I&A SF.DOC_ACCSF.SEC_MNG SF.CE_OPE_LOCK SF.CIPHER SF.NET_PROT SF.FAX_LINE SF.GENUINE FDP_ACF.1 X FDP_IFC.1 X FDP_IFF.1

Page 67 of 83 7.1.1.1 Audit logs generation The TOE generates the audit logs when auditable events occur, and appends them to the audit log files. Au

Page 68 of 83 Communication with trusted IT product Communication IP address Communication with remote user-Deleting the entire audit log --: No appl

Page 69 of 83 7.1.2 SF.I&A User Identification and Authentication Function The TOE identifies and authenticates users prior to the use of the

Page 7 of 83 Table 33: List of Administrator for Machine Control Data ... 75Ta

Page 70 of 83 meets the Number of Attempts before Lockout, the TOE Lockouts the user and the Lockout Flag for that user is set to "Active".

Page 71 of 83 password meets those conditions, it registers the password. If the password does not meet those conditions, it does not register passwor

Page 72 of 83 Document Data. Table 29 shows the value of the Document Data ACL when storing Document Data. Table 29: Initial Value for Document Data A

Page 73 of 83 - Document File Owners - General Users with full control authorisation Delete the Document File Users - File Administrator - Document F

Page 74 of 83 Operations on Administrator InformationAuthorised operators Authentication Information Add and query Administrator Roles The Administrat

Page 75 of 83 Operations on General User Information Authorised operators Data Default ACL, S/MIME User Information) Query General User Information r

Page 76 of 83 Machine control data items Range of values Operations Authorised setter OperationinterfacesLength (digits) modify Panel Password Comp

Page 77 of 83 The HDD encryption keys are generated by the Machine Administrator. If the login user is the Machine Administrator, the TOE provides the

Page 78 of 83 7.1.7.3 Sending by E-mail from TOE When sending Document Data by e-mail from the TOE to client PC, the TOE attaches the Document Data t

Page 79 of 83 8 Appendix 8.1 Terminology Description Table 35 shows the definitions of specific terms for clearly understanding of this ST. Table 35:

Page 8 of 83 1 ST Introduction This chapter describes the ST Reference, TOE Reference, TOE Overview and TOE Description. 1.1 ST Reference The followin

Page 80 of 83 Terms Definitions Back Up/Restore Address Book To back up the Address Book to SD cards or to restore the backup copy of the Address Book

Page 81 of 83 Terms Definitions Lockout A function that prohibits the access for the specific user IDs to the TOE. Lockout Flag A data that is assig

Page 82 of 83 Terms Definitions Machine Administration One of the Administrator Roles that manages machines and plays the role of performing the audi

Page 83 of 83 - CC Version 3.1 Revision 2 Evaluation Criteria: "English version" Common Criteria for Information Technology Security Evalua

Page 9 of 83 Table 1: List of TOE Series Name Series Details Ricoh imagio MP 2550/3350 series Ricoh imagio MP 2550SP Ricoh imagio MP 2550SPF Ricoh i