Konica Minolta 920 - Manual

    List of Figures Figure 2.1 Operating Environment of bizhub PRO 920 Series…..………………………………... 11  Figure 2.2 TOE Structure ................................................................................................................. 13 Figure 2.3 Processing Architecture of Basic Function ........

    List of Tables Table 2.1 Correspondence between User Functions and Basic Functions ....................................... 15 Table 5.1 Auditable Events .............................................................................................................. 34 Table 5.2 List of Management ...

    1. ST Introduction 1.1. ST Identification 1.1.1. ST Identification and Management Title ： Multi functional printer (digital copier) bizhub 920 / bizhub PRO 920 Security Target Version ： 6 Created on ： June 10, 2005 Created by ： Konica Minolta Business Technologies, Inc. 1.1.2. TOE Identification...

    2 ． TOE Description 2.1. TOE Type The TOE is software product with the digital MFP that is installed the network function.   2.2. Terminology No. Term Description 1 User BOX This is the directory to store the document data (Refer to No.2 below). 2 Document data This is the electronic data conver...

    Public telephone line network Internet Mail server Client PC Firewall Office FTP server Internal network External network bizhub PRO 920 bizhub PRO 920 control software Modem Image control program Controller control program TOE Client PC   Figure 2.1 Operating Environment of bizhub PRO 920 Serie...

    2.5. TOE Structure Figure 2.2 shows the structure of this TOE.   Scanning function FTP function Operation panel HDD １ Network card bizhub PRO 920 main unit Internal network Print controller PC data receiving function Control range of TOE Basic function Service for administrator (management funct...

    User BOX Client PC FTP server Mail server Input Output Paper document Paper document bizhub PRO 920 Readout function of document data PC-shared folder HDD1 temporary storage/DRAM temporary storage Deletion function of document data Scanning function PC data receiving function Deletion function D...

    2.8 Function not provided by the TOE The TOE does not prevent the deletion of document data, because the user owns its original data in his/her PC or on the paper. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved   18

    3. TOE Security Environment 3.1. Assumptions ASM.PLACE Installation condition for the TOE The TOE shall be installed in the area where only the product-related person can operate. ASM.NET Setting condition for the internal network The TOE shall be connected with the internal network that the dis...

    4. Security Objectives Policies 4.1. Security Objectives Policies for the TOE O.IA Identification and authentication when using The TOE identifies and authorizes the administrator, CE, or general user who owns the User BOX, who try to access the TOE. O.MANAGE Provision of the management function...

      5. IT Security Requirements 5.1. TOE Security Requirements 5.1.1. TOE Security Functional Requirements FIA_UID.2 User identification before any action Hierarchical to : FIA_UID.1 FIA_UID.2.1 The TSF shall require each user to identify itself before allowing any other TSF- mediated actions on b...

    FIA_UAU.2 User authentication before any action Hierarchical to : FIA_UAU.1 FIA_UAU.2.1 The TSF shall require each user to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that user. Refinement : “User” → Administrator, CE, and General user who owns the U...

      FIA_UAU.7 Protected authentication feedback Hierarchical to : No other components. FIA_UAU.7.1 The TSF shall provide only [assignment: list of feedback] to the user while the authentication is in progress. [assignment: list of feedback] - Dummy characters (*) for the number of password charact...

    FDP_ACC.1[1] Subset access control Hierarchical to : No other components. FDP_ACC.1.1 The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]. [assignment: list of subjects, objects, and o...

    FDP_ACF.1[1] Security attribute based access control   Hierarchical to : No other components. FDP_ACF.1.1 The TSF shall enforce the [assignment: access control SFP] to objects based on [assignment: security attributes, named groups of security attributes]. [assignment: security attributes, named...

    - None   FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. [assignment: rules, based on security attributes, that explicitly deny access of subjects to object...

    FDP_ACF.1.4   The TSF shall explicitly deny access of subjects to objects based on the [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects].   [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] - ...

    FAU_GEN.1.2 The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the funct...

      FAU_STG.4 Prevention of audit data loss Hierarchical to : FAU_STG.3 FAU_STG.4.1 The TSF shall [selection: ‘ignore auditable events’, ‘prevent auditable events, except those taken by the authorised user with special rights’, ‘overwrite the oldest stored audit records’] and [assignment: other ac...

    FAU_SAR.2 Restricted audit review Hierarchical to : No other components. FAU_SAR.2.1 The TSF shall prohibit all users read access to the audit records, except those users that have been granted explicit read-access. Dependencies : FAU_SAR.1 Audit review Copyright© 2005 KONICA MINOLTA BUSINESS TE...

    FMT_MTD.1[1] Management of TSF data Hierarchical to : No other components. FMT_MTD.1.1 The TSF shall restrict the ability to [selection: change_default, query, modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorised identified role...

    FMT_MTD.1[2] Management of TSF data Hierarchical to : No other components. FMT_MTD.1.1 The TSF shall restrict the ability to [selection: change_default, query, modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorised identified role...

      FMT_MTD.1[4] Management of TSF data Hierarchical to : No other components. FMT_MTD.1.1 The TSF shall restrict the ability to [selection: change_default, query, modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorised identified ro...

      FMT_MSA.1 Management of security attributes Hierarchical to : No other components. FMT_MSA.1.1 The TSF shall enforce the [assignment: access control SFP, information flow control SFP] to restrict the ability to [selection: change_default, query, modify, delete, [assignment: other operations]] ...

    FMT_MSA.3 Static attribute initialisation Hierarchical to : No other components. FMT_MSA.3.1 The TSF shall enforce the [assignment: access control SFP, information flow control SFP] to provide [selection: restrictive, permissive, other property] default values for security attributes that are us...

      FMT_SMR.1 Security roles Hierarchical to : No other components. FMT_SMR.1.1 The TSF shall maintain the roles [assignment: the authorised identified roles]. [assignment: the authorised identified roles] - Administrator - CE - Role of the general user who owns User BOX FMT_SMR.1.2 The TSF shall ...

    FPT_RVM.1 Non-bypassability of the TSP Hierarchical to : No other components. FPT_RVM.1.1 The TSF shall ensure that TSP enforcement functions are invoked and succeed before each function within the TSC is allowed to proceed. Dependencies : No dependencies Copyright© 2005 KONICA MINOLTA BUSINESS ...

    5.1.2. TOE Security Assurance Requirements This TOE asserts EAL3 that is a sufficient level as quality assurance for commercial office products. Table 5.3 summarizes the applied TOE security assurance requirements to EAL3. Table 5.3 List of TOE Security Assurance Requirements Assurance class Ass...

    5.2. Security Functional Requirements for the IT environment FIA_UID.2[E] User identification before any action Hierarchical to : FIA_UID.1 F ＩＡ _UID.2.1[E] The TSF shall require each user to identify itself before allowing any other TSF-mediated actions on behalf of that user. Refinement: “TSF”...

    6. TOE Summary Specification 6.1. TOE Security Function 6.1.1. Identification and Authentication Function The identification and authentication function provides the following a group of security functions. Function title Specification of security function TOE security functional requirement IA....

    6.3. Assurance Measures The developer shall develop according to the assurance requirements and the development rules regulated by the development organization. Table 6.1 shows the components and the related requirements of security assurance requirements that fulfill EAL3. Table 6.1 Assurance R...

    7. PP Claim There is no applicable PP in this ST. Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved   72

      8. Rationale 8.1. Security Objectives Policies Rationale Table 8.1 shows the correspondence relation of the security objectives policy to the threat and assumptions. Table 8.1 Correspondence between Threats, Assumptions, and Security Objectives Policies Threat/Assumption/ organizational securi...

    The following shows the rationale for Table 8.1. T.HDDACCESS ： Unauthorized access to the HDD TSF changes and manages the HDD lock password of HDD1 and HDD2 in the management function of O.MANAGE by the valid administrator identified in O.IA. Moreover TSF makes it possible to detect the trial of...

    Table 8.2 Correspondence between Security Objectives Policies and IT Security Functional Requirements                       Security objectives policy IT security functional requirement O ･ I A O ・ M A N A G E O ・ C E O ･ D A T A A C C E S S O ･ A U D I T O E ・ H D D FIA_UID.2 ✔           FIA_UA...

    FMT_MSA.1   ✔       FMT_MSA.3   ✔       FMT_SMR.1 ✔ ✔ ✔ ✔       FMT_MOF.1 ✔ ✔ ✔ ✔   ✔     FPT_RVM.1 ✔ ✔ ✔ ✔   ✔     FMT_SMF.1 ✔ ✔ ✔ ✔       FPT_STM.1         ✔     FDP_MTD.1   ✔         FIA_UID.2[E]           ✔   Security functional requirement for IT environment FIA.UAU.2[E]           ✔     The...

    targeted User BOX is maintained in FMT_SMR.1. Their functions are not bypassed with FPT_ RVM.1 and the state of operating are effectively ready in FMT_MOF.1. Therefore, O.IA can be realized by the correspondent security functional requirements. O.MANAGE ： Provision of the management function The...

    RVM.1 and the state of operating effectively is ready in FMT_MOF.1. Therefore, O.CE can be realized by the correspondent security functional requirements. O.DATAACCESS ： Access limit to the document data The access control to User BOX is realized using FDP_ACC.1[1] and FDP_ACF.1[1]. O.DATAACCESS...

      8.3. TOE Summary Specification Rationale 8.3.1. Conformity of Security Functional Requirements to TOE Summary Specification Table 8.4 shows the relationship of security functional requirements conformed to TOE summary specification. Table 8.4 Correspondence between IT Security Functions and Se...