Konica Minolta 920 инструкция обслуживания

Multi functional printer (digital copier) bizhub 920 / bizhub PRO 920 Security T ar get V ersion : 6 June 10, 2005 Konica Minolta Business T echnologies, Inc. Copyright© 2005 KO NICA MINOL T A BUSINESS TEC HNOLOGIES, INC., All Rights Reserved[...]

Document Revision History V ersion Description Approved by Checked by Created by 1 - Initial version 01/21/2005 Masaru Ushio 01/21/2005 Kazuo Y asuda 01/21/2005 Jun Y okobori 2 - Modification for the matters ident ified to correct 03/30/2005 Masaru Ushio 03/30/2005 Kazuo Y asuda 03/30/2005 Jun Y okobori 3 - Modification for the matters ident ified [...]

T able of Contents 1. ST Introduction ........................................................... 7 1.1. ST Identification ........................................................................................................................ 7 1.1.1. ST Identification and Manag ement ...............................................................[...]

5.1.2. T OE Security Assurance Requirements ........................................................................... 56 5.2. Security Func tional Requirem ents for the IT environment ...................................................... 57 5.3. Security Func tion S trength.........................................................................[...]

List of Figures Figure 2.1 Operating En vironment of bizhub PRO 920 Series…..………………………………... 11 Figure 2.2 T OE S tructure ................................................................................................................. 13 Figure 2.3 Processing Architectur e of Basic Function ..............................[...]

List of T ables T a ble 2.1 Correspondence betw een User Functions and Basic F unctions ....................................... 15 T able 5.1 Aud ita ble Eve nts .............................................................................................................. 34 T able 5.2 List of Managem ent Requirements ..............................[...]

1. ST Introduction 1.1. ST Iden tification 1.1.1. ST Identification and Managem ent T itle ： Multi functional printer (digital copier) bizhub 920 / bizhub PRO 920 Security T arget Ve r s i o n ： 6 Created on ： June 10, 2005 Created by ： Konica Minolta Business T ech no logies, Inc. 1.1.2. T OE Identificati on and Managem ent T itle ： Japa[...]

Note ） The following references are used for Japanes e version. - Common Criteria for Information T echnology Security Evaluation Part 1 ： Introduction an d gene ral model August 1999 V ersion 2.1 CCIMB-99-03 1 - Common Criteria for Information T e chnology Security Evaluation Part 2 ： Security functional re quirements August 1999 V ersion 2.[...]

- Common Criteria CCIMB Interpretations-0407 - Common Criteria Addendum-0407 - ISO/IEC 15408, Information T ech nology – Security techniques – Eval uation criteria for IT security – Part1, 99/12 - ISO/IEC 15408, Information T ech nology – Security techniques – Eval uation criteria for IT security – Part2, 99/12 - ISO/IEC 15408, Informat[...]

2 ． T OE Description 2.1. TOE T ype The T OE is software product with the dig ital MFP that is installed the network funct ion. 2.2. T e rminolog y No. T erm Description 1 User BOX This is the directory t o store the docum ent data (Refer to No.2 below). 2 Document data This is the electron ic data converte d from the information such as c h arac[...]

Public telephone line network Internet Mail server Client PC Firewall Office FTP server Internal network External network bizhub PRO 920 bizhub PRO 920 control software Modem Image control program Controller control program TOE Client PC Figure 2.1 Operating Environm ent of bizhub PRO 920 Series The T OE has a function to send and receive th e docu[...]

- Administrator Administrator enrolled a t the or ganization that bizhub P RO 920 series is i nstalled, carries out the operati on and m anagement of biz hub PRO 920 s eries. He/She uses the functi on of the operation and managem ent that bizhub PRO 920 series provi des. - Responsible person Responsible person enrolled at the org anization tha t bi[...]

2.5. TOE Str u c t u re Figure 2.2 shows the s tructure of this TOE. Scanning function FTP function Operation panel HDD １ Network card bizhub PRO 920 main unit Internal network Print controlle r PC data receiving function Control range of TOE Basic function Service for admini st rator (management function) Service for CE ( CE function ) bizhub PR[...]

to FTP , scan to PC (SMB), HDD storage, HDD readout, document data deletion functions) and basic function (scanning, printing, del etion, BOX stor age, and BOX readout functions). The controller control program controls the basic funct ion such as Em ail, FTP , SMB （ *1 ） , and PC data receiving functions. （ *1 ） SMB function sends t he ima[...]

User BOX Client PC FTP server Mail server Input Output Paper document Paper document bizhub PRO 920 Readout function of document data PC-shared folder HDD1 temporary storag e/DRAM temporary storage Deletion functi on of document data Scanning function PC data receiving function Deletion function Docume nt data Document data HDD １ HDD2 temporary s[...]

The basic functi ons shown in Figure 2.3 are describe d below . (1) Scanning functi on By request from the operation panel by a general user , the inf ormation of pa per docum ent is read from the scanner , converted to the document data, and stored into the HDD1 temporary storag e o r DRAM temporary storage. (2) PC data receiving function By reque[...]

(8) SMB function The document data gotten by the scanning functi on, which is stored temporarily into the HDD1 temporary storage or D RAM temporary storage, is sent to the shared folder of PC that is connected with the internal network via the HDD2 tempo rary sto rage. (9) Deletion func tion The docum ent data in the User BOX, associate d with the [...]

2.8 Function not provide d by the TOE The T OE does not prevent the de letion of docum ent data, bec ause the user ow ns its original data in his/ her PC o r on the paper . Copyright© 2005 K ONICA MINOL T A BUSINESS TEC HNOLOGIES, INC., All Rights Reserved 18[...]

3. T OE Security Environment 3.1. Assumptions ASM.PLACE Installation condi tion for the TOE The T OE shall be installed in the ar ea where on ly the prod uct-related person ca n operate. ASM.NET Setting condi t ion for the internal ne tw ork The T OE shall be connected with the internal ne twork that the disc losure of doc ument data will not occur[...]

4. Security Objectives Policies 4.1. Security Objectives Po licies for the T OE O.IA Identification and authent ication when using The T OE identifies and authorizes the administr ator , CE, or general user who owns the User BOX, who try to access t he T OE. O.MANAGE Provision of the management func tion The TO E provides th e administrator wi th f[...]

OE.ADMIN Personal condition f or the administrator The responsible perso n sh al l select a person as the administrator who does n ot carry out an illegal act. OE.HDD Protection of the HDD The HDD1 and HDD2 for storing the document data shall prevent the un authorized access by means of the HDD lock password. OE.CE Assurance of the CE The responsib[...]

5. IT Security Requirements 5.1. TO E Security Requirements 5.1.1. T OE Security Funct ional Requirem ents FIA_UID.2 User identification befor e any action Hierarchical to : FIA_UID.1 FIA_UID.2.1 The TSF shall require e ach user to identif y itself before allowi ng any other TSF- mediated actions on be half of that user . Refinement : “User” ?[...]

FIA_UAU.2 User authentication befor e any action Hierarchical to : FIA_UAU.1 FIA_UAU.2.1 The TSF shall require e ach user to be su ccessfully a uthenticated befo re allowing any other TSF -m ediated actions on behalf of that user . Refinement : “User” → Administrator , CE, and General user w ho owns the User BOX Dependencies : FIA_UID.1 T imi[...]

FIA_UAU.7 Protected authentication feedback Hierarchical to : No ot her components. FIA_UAU.7.1 The TSF shall provide only [assi gnment: list of fe edback] to the user while the authentication is in progress. [assignment: list of fe edback] - Dummy characters (*) for the number of password characters e ntered by the operator Dependencies : FIA_UAU.[...]

FIA_AFL.1 Authentication failure handling Hierarchical to : No ot her components. FIA_AFL.1.1 The TSF shall detect when [assignm en t: number] unsuccessful authentica tion attempts occur relate d to [assignm ent: list of au thentication events]. [assignment: list of authentication events] - Unsuccessful auth entication to t he administrat or , CE, [...]

FIA_SOS.1[1] V erification of secrets Hierarchical to : No ot her components. FIA_SOS.1.1 The TSF shall provide a m echanism to ve rify that secrets m eet [assignment: a defined quality metric]. [assignment: a defi ned quality metric] - The qu ality metric of pass word is defined as bel ow . Length of passw ord: 8 to 64 characters T ypes of struc t[...]

FIA_SOS.1[2] V erification of secrets Hierarchical to : No ot her components. FIA_SOS.1.1 The TSF shall provide a m echanism to ve rify that secrets m eet [assignment: a defined quality metric]. [assignment: a defi ned quality metric] - The qu ality metric of pass word is defined as bel ow . Length of passw ord: 8 to 64 characters T ypes of struc t[...]

FDP_ACC.1[1] Subset access contro l Hierarchical to : No ot her components. FDP_ACC.1.1 The TSF shall enforc e the [assignm ent: access control S FP] on [assignment: list of subjects, objects, and operati ons among subjects and objec ts covered by th e SFP]. [assignment: l ist of subjects, ob jects, an d operations am ong subjects and objects cover[...]

FDP_ACC.1[2] Subset access contro l Hierarchical to : No ot her components. FDP_ACC.1.1 The TSF shall enforc e the [assignm ent: access control S FP] on [assignment: list of subjects, objects, and operati ons among subjects and objec ts covered by th e SFP]. [assignment: l ist of subjects, ob jects, an d operations am ong subjects and objects cover[...]

FDP_ACF .1[1] Security attr ibute based access control Hierarchical to : No ot her components. FDP_ACF .1.1 The TSF shall enforce the [assignm ent: access contr ol SFP] to objects base d on [assignment: s ecurity attributes, nam ed groups of securi ty attributes]. [assignment: s ecurity attributes, nam ed groups of securi ty attributes] - Security [...]

- None FDP_ACF .1.4 The TSF shall explicitly deny access of subjec ts to objects bas ed on the [assignment: rules, based on sec urity attributes, tha t explicitly deny access of subj ects to objects]. [assignment: r ules, based on security attrib utes, that expl icitly deny acc ess of subjects to objects] - None Dependencies : FDP_ACC.1 Subset acce[...]

FDP_ACF .1[2] Security attr ibute based access control Hierarchical to : No ot her components. FDP_ACF .1.1 The TSF shall enforce the [assignm ent: access contr ol SFP] to objects base d on [assignment: s ecurity attributes, nam ed groups of securi ty attributes]. [assignment: s ecurity attributes, nam ed groups of securi ty attributes] - Security [...]

FDP_ACF .1.4 The TSF shall explicitly deny access of subjec ts to objects bas ed on the [assignment: r ules, based on security attrib utes, that expl icitly deny acc ess of subjects to objects]. [assignment: r ules, based on security attrib utes, that expl icitly deny acc ess of subjects to objects] - None Dependencies : FDP_ACC.1 Subset access con[...]

F AU_ GEN.1 Audit da ta generation Hierarchical to : No other com ponents. F AU_ GEN.1.1 The TSF shall be able to generate an audi t record of the follow ing auditable events: a) Start-up and shut down of the audit functions; b) All auditable even ts for the [s election: m inimum, basic, det ailed, not specified] level of audit; and c) [assignment:[...]

F AU_ GEN.1.2 The TSF shall record within eac h audit record a t least the following information: a) Date and time of the event, type of event, subjec t identity, an d the outcom e (success or failure) of the e vent; and b) For each audit ev ent type, based on the auditable e vent definitions of the func tional components i ncluded in the PP/ST, [a[...]

F AU_STG .1 Pr otected audit trail storage Hierarchical to : No other com ponents. F AU_ STG .1.1 The TSF shall protect the st ored audit records from unauthorised dele tion. F AU_STG .1.2 The TSF shall be able to [sel ection: prevent, dete ct] modifications to the audit records. [selection: prevent, detect] - Prevent Dependencies : FAU_GEN.1 Audit[...]

F AU_STG .4 Prevention of audit data loss Hierarchical to : FAU_STG.3 F AU_ STG .4.1 The TSF shall [selection: ‘i g nore auditable events’, ‘p revent auditable events, except those t aken by the au thorised user w ith special ri ghts’, ‘overwrite the oldest stored audit rec ords’] and [assignm ent: other actions to be t aken in case of [...]

F AU_ SAR.1 Audit review Hierarchical to : No other com ponents. F AU_ SAR.1.1 The TSF shall provide [assi gnm ent: authorised users] with t he capability to read [assignment: list of audit inform ation] from the au dit records. [assignment: auth orised users] - Administrator [assignment: l ist of audit inf ormation] - Audit information s hown in ?[...]

F AU_SAR.2 Restricted au dit review Hierarchical to : No other com ponents. F AU_ SAR.2.1 The TSF shall prohibit all users read acce ss to the audit records , except those users that have been grante d explicit read-access. Dependencies : FAU_SAR.1 Audit review Copyright© 2005 K ONICA MINOL T A BUSINESS TEC HNOLOGIES, INC., All Rights Reserved 39[...]

FMT_MTD.1[1] Management of TSF data Hierarchical to : No other com ponents. FMT_MTD.1.1 The TSF shall restrict the a bility to [se lection: chan ge_default, query, modify, delete, clear, [assig nment: other operat ions]] the [assign ment: list of TSF data] to [assignm ent: the authoris ed identified roles]. [assignment: list of TSF data] - Administ[...]

FMT_MTD.1[2] Management of TSF data Hierarchical to : No other com ponents. FMT_MTD.1.1 The TSF shall restrict the a bility to [se lection: chan ge_default, query, modify, delete, clear, [assig nment: other operat ions]] the [assign ment: list of TSF data] to [assignm ent: the authoris ed identified roles]. [assignment: list of TSF data] - CE passw[...]

FMT_MTD.1[3] Management of TSF data Hierarchical to : No other com ponents. FMT_MTD.1.1 The TSF shall restrict the a bility to [se lection: chan ge_default, query, modify, delete, clear, [assig nment: other operat ions]] the [assign ment: list of TSF data] to [assignm ent: the authoris ed identified roles]. [assignment: list of TSF data] - User BOX[...]

FMT_MTD.1[4] Management of TSF data Hierarchical to : No other com ponents. FMT_MTD.1.1 The TSF shall restrict the a bility to [se lection: chan ge_default, query, modify, delete, clear, [assig nment: other operat ions]] the [assign ment: list of TSF data] to [assignm ent: the authoris ed identified roles]. [assignment: list of TSF data] - User BOX[...]

FMT_MTD.1[5] Management of TSF data Hierarchical to : No other com ponents. FMT_MTD.1.1 The TSF shall restrict the a bility to [se lection: chan ge_default, query, modify, delete, clear, [assig nment: other operat ions]] the [assign ment: list of TSF data] to [assignm ent: the authoris ed identified roles]. [assignment: list of TSF data] - Administ[...]

FMT_MSA.1 Management of security attributes Hierarchical to : No other com ponents. FMT_MSA.1.1 The TSF shall enforce the [assignm ent: access contr ol SFP, inform ation flow control SFP] to restrict the ability to [selection: change_default, query, modify, delete, [assignment: other op erati ons]] the security attri b utes [ass ignment: list of se[...]

FMT_MSA.3 Static attribute initialisatio n Hierarchical to : No other com ponents. FMT_MSA.3.1 The TSF shall enforce the [assignm ent: access contr ol SFP, inform ation flow control SFP] to provide [s election: restrictive, pe rmissive, other property] default values for security attributes that are used to enforce the SFP. [selection: restricti ve[...]

FMT_SMR.1 Security roles Hierarchical to : No other com ponents. FMT_SMR.1.1 The TSF shall maintain the r oles [assignment: the aut horised identifie d roles]. [assignment: t he authorised ide ntified roles] - Administrator - CE - Role of the genera l user who owns User BOX FMT_SMR.1.2 The TSF shall be able to ass ociate users with r oles. Dependen[...]

FMT_MOF .1 Management of s ecurity functions behaviour Hierarchical to : No other com ponents. FMT_MOF .1.1 The TSF shall restrict the a bility to [se lection: determ ine the beha viour of, disable, enabl e, modify the beh aviour of] the f unctions [assig nment: list of functions] to [assignm ent: the authorised i dentified roles] . [assignment: l [...]

FMT_SMF .1 Specification of management functions Hierarchical to : No other com ponents. FMT_SMF .1.1 The TSF shall be capab le of perform ing the followi ng security m anagement functions: [assignm ent: list o f security m anagement funct ions to be pro vided by the TSF]. [assignment: l ist of security m anagement functi ons to be prov ided by the[...]

Required function Required managem ent Management item FDP_SOS.1 Managem ent of the scale used for the validation of s ecret for IT environment There is no managem ent item since the scale used for the validat ion of secret for IT environm ent cannot be changed. Management of th e threshold value for unsuccessful authentica tion trial There is no m[...]

Required function Required managem ent Management item FMT_MTD.1[4] Management of th e group that has a role that may af fect TSF da ta with each ot her There is no managem ent item since the role of general us er who owns U ser BOX is fixed. FMT_MTD.1[5] Management of th e group that has a role that may af fect TSF da ta with each ot her There is [...]

FPT_R VM.1 Non-bypassability of the T SP Hierarchical to : No other com ponents. FPT_R VM.1.1 The TSF shall ensure that TSP enforcem ent functions are invoked a nd succeed before each functio n within the TSC is a llowed to procee d. Dependencies : No dependencies Copyright© 2005 K ONICA MINOL T A BUSINESS TEC HNOLOGIES, INC., All Rights Reserved [...]

This ST newly creates and uses the T OE s ecurity functional requirements (FDP_MTD.1 Management of adm inistrator data an d FDP_SOS.1 V erification of secrets of IT en vironment) without referring to CCPart 2. Th e administrator data means the control data of securit y function for IT environment t o which only the administrator can access. FDP_MTD[...]

FPT_STM.1 Reliable time stamps Hierarchical to : No other com ponents. FPT_STM.1.1 The TSF shall be able t o provide reliable time stam ps for its own use. . Dependencies : No dependencies Copyright© 2005 K ONICA MINOL T A BUSINESS TEC HNOLOGIES, INC., All Rights Reserved 54[...]

FDP_SOS.1 V erification of secrets of IT envir onment FDP_SOS.1 Verification of secrets of IT environm ent requ ires the TSF to verify that secrets of IT environment m eet defined qua lity m etrics. Management: FDP_SOS.1 The following act ions could be c onsidered for the management fun ctions in FMT. a) the managem ent of the metric use d to verif[...]

5.1.2. T OE Security Assurance Requirements This T OE asserts EAL3 that is a suff icient level as quality assuran ce for commercial of fice products. T able 5.3 summarizes t he applied T OE securit y assurance requirem ents to EAL3. T able 5.3 List of T OE Security Assurance Requirements Assurance class Assurance requirement ACM_CAP .3 Authent icat[...]

5.2. Security Functional Requirem ents for the IT environment FIA_UID.2[E] User identification befor e any action Hierarchical to : FIA_UID.1 F ＩＡ _UID.2.1[E] The TSF shall require each user to identif y its elf before allowing an y other TSF-med iated actions on beh alf of that user. Refinement: “TSF” → “HDD” Dependencies : No depend[...]

FIA_UAU.2[E] User authentication befor e any action Hierarchical to ： FIA_UAU.1 FIA_UAU.2.1[E] The TSF shall require each user to be su c cessfully authenticated bef ore allowing any other TSF-mediated acti ons on behalf of that user. Refinement: “TSF” → “HDD” Dependencies : FIA_UID.1 T iming of identificatio n Copyright© 2005 K ONICA [...]

5.3. Security Functio n Stre ngth The following three password mechanism s are tar g eted for the claim of TO E function strength, and the subsequence seven com ponents of T OE functions are targ eted for this ST . Password mechanism s and corresponding TOE function com ponents 1 User BOX password authenticatio n function FIA_UID.2, FIA_UAU.2, FIA_[...]

6. T OE Summary Specification 6.1. TO E Security Function 6.1.1. Identifica ti on and Authentication Function The identificatio n and authenticat ion function pro vid es the fo llowing a grou p of security func tions. Function title Specification of sec urity function TOE security functional requirement IA.ADM_ADD Registration of administrator IA.A[...]

changed in IA _P ASS. IA.ADM_AUTH identificates that he/she is the adm inistrator by the in dication of int erface for the identification and authentication of administrator , and authorizes that he/she is the va lid administrator usin g the entered password. When the administrator e nters the password, dummy characters (*) are displayed i n stead [...]

Administrator ： Administrator password, User BOX password General user who ow ns User BOX ： User BOX password of his/ her own User BOX For the password entered by the product-r elated persons, the permitted value is valida ted according to the followi ng rules. - CE and administrator pass words of 8 characters - User BOX password of 8 t o 64 ch[...]

- Reading out and printing o f docum ent data In case of unsuccessf ul identificati on and authentication, the interface for the identification and a uthentication is allowed to be valid after five seconds. 6.1.3. Audit Function The audit func tion provides the followin g a group of secu rity functions. Function title Specification of sec urity fun[...]

6.1.4. Managem ent Support Function The management f unction p rovides the f ollowing a grou p of security functi ons. Function title Specification of sec urity function T OE security functional requirement MNG .MODE Setting of security reinforcement mode MNG .MODE perm its only the a dministrator to execu te only the administrat or the check funct[...]

(year/month/ day/hour/m inute/second) of events occurrence, operat ional subjective identification, and the result of events . It is displayed in a form that t he administrator can refer . MNG .HDD HDD lock password function MNG .HDD permits only the administrator to execute the following operatio ns. ・ Change of HDD lock password For the HDD loc[...]

6.3. Assurance Measures The developer shall develop according to t he assu rance requirem ents and the developm ent rules regulated by t he developm ent or ganizati on. T able 6.1 shows the compone nts and the related requirements of security assurance requirem ents that fulfill EAL3. T able 6.1 Assurance Requirements and Related Documents for EAL3[...]

Distribution and operation ADO_DEL.1 bizhub 920/ bizhub PRO 920 Distrib ution Regulations (Japanese) bizhub 920/ bizh ub PRO 920 Installatio n Manu al (Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gui de Copier (Japanese) bizhub 920/ bizh ub PRO 920 User’s Guide POD Administrator’s Reference ( Japanese) bizhub 920/bizh ub PRO 920 User ’ s [...]

ADO_IGS.1 bizhub 920/ bizhub PRO 920 Int rodu ction and Operation Regulations (Japanese) bizhub 920/ bizh ub PRO 920 Installatio n Manu al (Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gui de Copier (Japanese) bizhub 920/ bizh ub PRO 920 User’s Guide POD Administrator’s Reference ( Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gu i de Netw[...]

Guidanc e document AGD_ADM.1 bizhub 920/ bizh ub PRO 920 Installatio n Manu al (Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gui de Copier (Japanese) bizhub 920/ bizh ub PRO 920 User’s Guide POD Administrator’s Reference ( Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gu i de Network Scanner (Japanese) bizhub 920/bizh ub PRO 920 User ’ s[...]

AGD_USR.1 bizhub 920/bizh ub PRO 920 User ’ s Gui de Copier (Japanese) bizhub 920/ bizh ub PRO 920 User’s Guide POD Administrator’s Reference ( Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gu i de Network Scanner (Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gui de Security (Japanese) IC203 User ’ s Guide (Jap anese) bizhub PRO 920 Us[...]

A V A_MSU.1 bizhub 920/ bizh ub PRO 920 Installatio n and Operation Regulations (Japanese) bizhub 920/ bizh ub PRO 920 Installatio n Manu al (Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gui de Copier (Japanese) bizhub 920/ bizh ub PRO 920 User’s Guide POD Administrator’s Reference ( Japanese) bizhub 920/bizh ub PRO 920 User ’ s Gu i de Ne[...]

7. PP Claim There is no applicab le PP in this ST . Copyright© 2005 K ONICA MINOL T A BUSINESS TEC HNOLOGIES, INC., All Rights Reserved 72[...]

8. Rationale 8.1. Security Objectives Policies Rationale T able 8.1 shows the corres pondence rela tion of the security objectives policy to the threat and assumptions. T able 8.1 Correspondence between Thre ats, Assu mptions, and Security Objectives Policies Threat/Assumption/ or ganizational security policy Security objectives policy T ･ H D D [...]

The following show s the rationale for T able 8.1. T . HDDACCESS ： Unauthorized access to the HDD TSF changes and manages th e HDD lo ck password of HDD1 and HDD2 in the manage ment function of O.MANAGE by the v alid administrator identified in O.IA. Moreover TSF makes it possible to det ect the trial of unauthorized use to the appl icable manage[...]

ASM.PLACE ： Installation condition for the TOE In OE.PLACE, T OE is ins talled in the are a where only t he product-related person can operate, therefore, the access to T OE is lim ited to only the product-related person. As above mentio ned, the ass umption - ASM.PLACE can b e realized by OE .PLACE of security objectives pol icy . ASM.NET ： Se[...]

8.2. Security Requirem ents Rationale 8.2.1. Security Func tional Require ments Rationa le 8.2.1.1. Reaso n for the adoption of security functiona l requirements FDP_MTD .1 and FDP_SOS.1 Requirement : The control of security function a nd the validation of se cret for IT environment are executed in TOE se curity functional re quirements TSF is nece[...]

T able 8.2 Corr espondence between Security Objectiv es Policies and IT Security Functional Requirements Security objectives policy IT security functional requirement O ･ I A O ・ M A N A G E O ・ C E O ･ D A T A A C C E S S O ･ A U D I T O E ・ H D D FIA_UID.2 ✔ FIA_UAU.2 ✔ FIA_UAU.7 ✔ FIA_AFL.1 ✔ FIA_SOS.1[1] ✔✔ FIA_SOS.1[2] [...]

FMT_MSA.1 ✔ FMT_MSA.3 ✔ FMT_SMR.1 ✔ ✔ ✔ ✔ FMT_MOF .1 ✔ ✔ ✔ ✔ ✔ FPT_R VM.1 ✔ ✔ ✔ ✔ ✔ FMT_SMF .1 ✔ ✔ ✔ ✔ FPT_STM.1 ✔ FDP_MTD.1 ✔ FIA_UID.2[E] ✔ Security functional requirement for IT environment FIA.UAU.2[E] ✔ The following show s the rationale for T able 8.2 Correspondence between Security Objectives P[...]

targete d User BOX is maintained in FM T_SMR.1. Their functions are not bypassed with FPT_ R VM.1 and the state of oper ating ar e ef fectively ready in FMT_MOF .1. Therefore, O.IA can be realized by the cor r espondent s ecurity functio nal requirem ents. O.MANAGE ： Provision of the management function The User BOX is created by registering the [...]

R VM.1 and the state of operati ng ef fectively is ready in FMT_MOF .1. Therefore, O.CE can be rea lized by the c orrespondent security func tional requirements. O.DA T AACCESS ： Access limit to the document data The access control to User BOX is reali zed using FDP_ACC.1[ 1] and FDP_ACF . 1[1]. O.DA T AACCESS permits the user recepti on function[...]

are successfully identified and authenticated . It prevents the HDD1 and HDD2 from the unauthorized access. Therefore, OE.HDD can be realized by the corre spondent security func tional requirements. 8.2.1.3. A dequateness for supportin g of security functional re quirem ents - FDP_MTD.1 and FDP_SOS.1 by assurance requirem ent FDP_MTD.1 execut es on[...]

9 FDP_ACC.1[2] None FDP_ACF .1 1 1 10 FDP_ACF .1[1] None FDP_ACC.1 FMT_MSA.3 8 11 FMT_MSA.3 is fulfilled with depend ent relation ship of FDP_ACF .1[2] that is access control for the identical obje ct. 1 1 FDP_ACF .1[2] None FDP_ACC.1 FMT_MSA.3 9 23 12 F AU_GEN.1 None FPT_STM.1 28 13 F AU_STG .1 None F AU_GEN.1 1 2 14 F AU_STG .4 F AU_STG .3 F AU_S[...]

27 FPT_R VM.1 None None 28 FPT_STM.1 None None 29 FDP_MTD.1 None FMT_SMR.1 FMT_SMF .1 26 25 30 FIA_UID.2[E] FIA_UID.1 No ne 31 FIA_UAU.2[E] FIA_UAU.1 FIA_UID.1[E] 30 As the mediate action of FIA_UID.1 is unnecessary , FIA_UID.2 is used. 8.2.3. T OE Security Funct ional Requirem ents Interaction Function that prov ides defense No TOE security functi[...]

22 FMT_MSA.1 FPT_R VM.1 FMT_MOF .1 23 FMT_MSA.3 FPT_R VM.1 FMT_MOF .1 24 FMT_MOF .1 FPT_R VM.1 25 FMT_SMF .1 None FMT_MOF .1 26 FMT_SMR.1 None FMT_MOF .1 27 FPT_R VM.1 FMT_MOF .1 28 FPT_STM.1 None None 29 FDP_MTD.1 FPT_R VM.1 FMT_MOF .1 < D e t o u r > F P T _ R V M . 1 When the management functi on an d CE functi on of the T O E is us e d, t[...]

assumed. And it assumes to be operated under the adequate sec urity condition i n terms of the physical and human. Therefore, in “5.3. Securi ty S t rength”, the security strength claims SOF-Basic that can adequat ely resist for attacking from the threat age nt with the att ack capabili ty of low level. The following shows the operat ional m ea[...]

8.3. T OE Summary Specificati on Rationale 8.3.1. Conform ity of Security Functional Requ irements to TOE Summary Specifica tion T able 8.4 sho ws the relationshi p of security function al requirements conform ed to T OE summary specification. T able 8.4 Corr espondence between IT Securi ty Functions and Security Functional Requirements IT security[...]

FMT_MTD.1[2] ✔ FMT_MTD.1[3] ✔ FMT_MTD.1[4] ✔ FMT_MTD.1[5] ✔ FMT_MSA.1 ✔ FMT_MSA.3 ✔ FMT_MOF .1 ✔ FMT_SMF .1 ✔ ✔ ✔ FMT_SMR.1 ✔ ✔ ✔ FPT_R VM.1 ✔✔✔✔✔✔✔✔✔ ✔ FPT_STM.1 ✔ FDP_MTD.1 ✔ The following show s the rationale for T able 8.4. FIA_UID.2 For administrator , the identification of administra tor is ex[...]

FIA_SOS.1[1] For the registrati on and the cha nge of User BO X password, whether t he password is w ithin the coverage of perm itted value alo ng the password rules is judged in MN G .ADM and IA.P ASS respect- ively . Therefore, FIA_SOS.1[1] is realized by implem enting MNG .ADM and IA.P ASS. FIA_SOS.1[2] For the registrati on of administrator pas[...]

FDP_ACF .1[2] MNG .ADM creates the User BOX accor ding to Access control policy 2. Therefore, FDP_ACF .1[2] is r ealized by implem enting MNG .ADM. F AU_ GEN.1 The audit information regarding the operation of security function is recorded in AUD.LOG . Therefore, F AU_ GEN.1 is real ized by implementing AUD.LOG . F AU_ STG .1 The function t o enable[...]

FMT_MTD.1[3] In MNG .ADM, the change of use BOX password is perm itted and executed by only the administrator . Therefore, FMT_MTD.1[3] is realized by implem enting MNG .ADM. FMT_MTD.1[4] In IA.P ASS, the change of User BOX password is permitted and executed by only the gen eral user who owns User BO X. Therefore, FMT_MTD.1[4] is realized by implem[...]

FMT_SMR.1 The maintenance of role is realized by realizing the registration of User BOX identifier and User BOX password, and the c hange of CE, ad ministrator , and User BOX passwords. The registration of administrator , the registration of general user w ho owns User BO X, and the chang e of administrato r , CE, User BOX passwords, are implemente[...]