CRP-C0266-01 Certification Report Kazumasa Fujie, Chairman Information-technology Promotion Agency, Japan Target of Evaluation Application
CRP-C0266-01 5 3. Security Policy This chapter describes security function policies and organisational security policies. The TOE imports the paper
CRP-C0266-01 6 Identifier Threat T.TRANSIT Attackers may illegally obtain, leak or tamper with document data or print data sent or received by the TO
CRP-C0266-01 7 usage and access document data, is countered by the user identification and authentication and the access control of protected assets.
CRP-C0266-01 8 Table 3-2 Relation between Operational Authorities for the Document Data and the Operation Permission (Document File Owner) Operational
CRP-C0266-01 9 (file administrators) such as management of the document data ACL, management of administrator information, etc.) Whatever the content
CRP-C0266-01 10 According to the roles, users are allowed for the Security Management Function. Users, their roles, and the Security Management Funct
CRP-C0266-01 11 5) Management Function of Machine Control Data > Administrator (File Administrator) + Query the date and time of system clock +
CRP-C0266-01 12 The TOE generates a 256 bit encryption key by using a generation algorithm for the encryption key which conforms to BSI-AIS 31. The T
CRP-C0266-01 13 fax data, transfers the received data from fax process of the fax unit to fax reception process of the controller board. Also, record
CRP-C0266-01 14 4. Assumptions and Clarification of Scope In this chapter, it describes the assumptions and the operational environment to operate t
CRP-C0266-01 2 Evaluation Criteria, etc.: This TOE is evaluated in accordance with the following criteria prescribed in the "IT Security Evaluati
CRP-C0266-01 15 4.2 Environment Assumptions This TOE is installed in general offices and connected to the internal networks, and it is used by client
CRP-C0266-01 16 TOE and SMB server. However, the reliability of hardware shown in this configuration and the working software is outside the scope of
CRP-C0266-01 17 Basic Function Explanation Protected Assets ProtectionFax Function (Reception) Receive fax data from the connected telephone lines, p
CRP-C0266-01 18 Basic Function Explanation Protected Assets ProtectionTransmission from Computer) The case of receiving via USB print data from a cli
CRP-C0266-01 19 Basic Function Explanation Protected Assets ProtectionAfter decrypting the document data (only for the Scanner Function) stored in th
CRP-C0266-01 20 Basic Function Explanation Protected Assets ProtectionWeb Service Function Remotely operate the TOE by authorised TOE users (general
CRP-C0266-01 21 5. Architectural Information This chapter explains the purpose and the relation on a scope of the TOE and the main component. 5.1 T
CRP-C0266-01 22 (4) Network Unit The Network Unit is an interface board for connection to an Ethernet (100BASE-TX/10BASE-T) network. (5) Controller B
CRP-C0266-01 23 However, the TOE must not modify the following environments and settings: - Store and restore an address book data to the SD card. -
CRP-C0266-01 24 6. Documentations The identification of documents attached to the TOE is listed below. The document attached to this TOE has the fol
CRP-C0266-01 3 Notice: This document is the English translation version of the Certification Report published by the Certification Body of Japan Inf
CRP-C0266-01 25 Document Name Number of part Manuals for Users C2828/C3333/C4040/C5050 MP C2800/MP C3300/MP C4000/MP C5000 LD528C/LD533C/LD540C/LD550C
CRP-C0266-01 26 Table 6-3 [English version - 3] Product attachment document for Asia Document Name Number of part MP C2800/C3300/C4000/C5000 MP C2800/
CRP-C0266-01 27 7. Evaluation conducted by Evaluation Facility and results 7.1 Evaluation Approach Evaluation was conducted by using the evaluation
CRP-C0266-01 28 Figure 7-1 Developer Testing Configurations The TOEs for the evaluation are Ricoh Aficio MP C2800, Ricoh Aficio MP C3300 and Ricoh A
CRP-C0266-01 29 Table 7-1 explains non-TOE configuration items in the developer testing. Table 7-1 Developer Testing Configuration Items Configurati
CRP-C0266-01 30 items of the TOE" are developed by the developer and are used after confirming that they are normally operated. Table 7-2 Tools
CRP-C0266-01 31 evaluator: 1) Evaluator Independent Testing Environment Figure 7-2 shows the evaluator independent testing configuration executed by
CRP-C0266-01 32 IPSec, S/MIME), execute supplemental tests to ensure these functions always work effectively. <Sampling Testing> To take these
CRP-C0266-01 33 <Tools for the independent testing > The independent testing used the tools of Table 7-2 in the developer testing. <Content
CRP-C0266-01 34 Number Category name of testing item Number of testing item 16 Password entry 9 17 Confirming the firm validity 3 18 Encryption o
CRP-C0266-01 4 Table of Contents 1. Executive Summary... 1 1.1 Product O
CRP-C0266-01 35 b. Evaluator Penetration testing Outline The evaluators executed the following evaluator penetration testing to identify possibly exp
CRP-C0266-01 36 No. Overview of Penetration Testing Anticipated VulnerabilityT8 Ensured access via URL is denied, even if URLs for protected assets a
CRP-C0266-01 37 8. Certification The certification body conducted the following certification based on each materials submitted by the Evaluation Fac
CRP-C0266-01 38 11. Glossary The abbreviations relating to CC used in this report are listed below. CC Common Criteria for Information Technology Se
CRP-C0266-01 39 The definition of terms used in this report is listed below. Address Book A database containing general user information for each gene
CRP-C0266-01 40 Internet Fax A function that reads a fax original then converts the scanned image to an e-mail format for sending as data over the Int
CRP-C0266-01 41 Print Settings Print Settings for printed output, including paper size, printing magnification, and custom information (such as duplex
CRP-C0266-01 42 12. Bibliography [1] IT Security Evaluation and Certification Scheme, May 2007, Information-technology Promotion Agency, Japan CCS-
CRP-C0266-01 5 8.2 Recommendations... 37 9. Annexes ...
CRP-C0266-01 1 1. Executive Summary This Certification Report describes the content of certification result in relation to IT Security Evaluation of
CRP-C0266-01 2 Functions from unauthorised persons by limiting the usage of the Security Management Functions. For these security functionalities, th
CRP-C0266-01 3 They shall not perform the illegal acts to abuse their own privileges, leak or tamper the document data as protected assets, and to dea
CRP-C0266-01 4 2. Identification of TOE The TOE is identified as follows: Name of TOE Following MFP with FCU (Fax Option Type C5000). MFP: Rico
Komentáře k této Příručce