RICOH MP C3504/C3004 Security Target
RICOH MP C3504/C3004Security TargetAuthor : RICOH COMPANY, LTD.Date: 2016-09-28Version : 1.00Portions of RICOH MP C3504/C3004 Security Target are reprinted withwritten permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey08855, from U.S. Government Approved Protection Profile - U.S.Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std2600.2 -2009), Copyright 2010 IEEE. All rights reserved.This document is a translation of the evaluated and certified security targetwritten in Japanese.Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 1 of 82Revision HistoryVersion1.00Date2016-09-28AuthorRICOH COMPANY, LTD.DetailPublication version.Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 2 of 82Table of Contents1ST Introduction . 71.1ST Reference . 71.2TOE Reference . 71.3TOE Overview . 71.3.1TOE Type . 71.3.2TOE Usage. 81.3.3Major Security Features of TOE . 91.4TOE Description. 101.4.1Physical Boundary of TOE . 101.4.2Guidance Documents . 131.4.3Definition of Users . 141.4.3.1.Direct User . 141.4.3.2.Indirect User . 151.4.41.4.4.1.Basic Functions . 161.4.4.2.Security Functions . 181.4.51.53Protected Assets . 201.4.5.1.User Data . 201.4.5.2.TSF Data . 201.4.5.3.Functions . 21Glossary. 211.5.12Logical Boundary of TOE . 15Glossary for This ST . 21Conformance Claim . 252.1CC Conformance Claim. 252.2PP Claims . 252.3Package Claims . 252.4Conformance Claim Rationale . 262.4.1Consistency Claim with TOE Type in PP. 262.4.2Consistency Claim with Security Problems and Security Objectives in PP . 262.4.3Consistency Claim with Security Requirements in PP . 27Security Problem Definitions . 29Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 3 of 8243.1Threats . 293.2Organisational Security Policies . 303.3Assumptions . 30Security Objectives. 324.1Security Objectives for TOE. 324.2Security Objectives of Operational Environment . 334.2.1IT Environment . 334.2.2Non-IT Environment. 344.354.3.1Correspondence Table of Security Objectives . 354.3.2Security Objectives Descriptions . 36Extended Components Definition . 405.16Restricted forwarding of data to external interfaces (FPT FDI EXP) . 40Security Requirements. 426.17Security Objectives Rationale . 35Security Functional Requirements . 426.1.1Class FAU: Security audit . 426.1.2Class FCS: Cryptographic support . 456.1.3Class FDP: User data protection . 466.1.4Class FIA: Identification and authentication . 506.1.5Class FMT: Security management. 536.1.6Class FPT: Protection of the TSF . 586.1.7Class FTA: TOE access . 596.1.8Class FTP: Trusted path/channels. 596.2Security Assurance Requirements . 596.3Security Requirements Rationale . 606.3.1Tracing . 606.3.2Justification of Traceability . 626.3.3Dependency Analysis . 676.3.4Security Assurance Requirements Rationale. 69TOE Summary Specification. 707.1Audit Function . 707.2Identification and Authentication Function . 72Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 4 of 827.3Document Access Control Function . 747.4Use-of-Feature Restriction Function . 767.5Network Protection Function. 767.6Residual Data Overwrite Function . 777.7Stored Data Protection Function . 787.8Security Management Function . 787.9Software Verification Function . 827.10Fax Line Separation Function . 82Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 5 of 82List of FiguresFigure 1 : Example of TOE Environment . 8Figure 2 : Hardware Configuration of the TOE . 10Figure 3 : Logical Scope of the TOE . 15List of TablesTable 1 : Definition of Users . 14Table 2 : List of Administrative Roles . 14Table 3 : Definition of User Data . 20Table 4 : Definition of TSF Data . 20Table 5 : Specific Terms Related to This ST . 21Table 6 : Rationale for Security Objectives . 35Table 7 : List of Auditable Events . 43Table 8 : List of Cryptographic Key Generation . 45Table 9 : List of Cryptographic Operation . 46Table 10 : List of Subjects, Objects, and Operations among Subjects and Objects (a) . 46Table 11 : List of Subjects, Objects, and Operations among Subjects and Objects (b) . 47Table 12 : Subjects, Objects and Security Attributes (a) . 47Table 13 : Rules to Control Operations on Document Data and User Jobs (a) . 47Table 14 : Additional Rules to Control Operations on Document Data and User Jobs (a). 49Table 15 : Subjects, Objects and Security Attributes (b) . 49Table 16 : Rule to Control Operations on MFP Applications (b) . 50Table 17 : List of Authentication Events . 50Table 18 : List of Actions for Authentication Failure . 51Table 19 : List of Security Attributes for Each User That Shall Be Maintained . 51Table 20 : Rules for Initial Association of Attributes . 53Table 21 : User Roles for Security Attributes (a) . 53Table 22 : User Roles for Security Attributes (b) . 54Table 23 : Authorised Identified Roles Allowed to Override Default Values . 55Table 24 : List of TSF Data . 56Table 25 : List of Specification of Management Functions. 57Table 26 : TOE Security Assurance Requirements (EAL2 ALC FLR.2) . 59Table 27 : Relationship between Security Objectives and Functional Requirements . 61Table 28 : Results of Dependency Analysis of TOE Security Functional Requirements . 68Table 29 : List of Audit Events. 70Table 30 : List of Audit Log Items . 71Table 31 : Unlocking Administrators for Each User Role . 73Table 32 : Stored Documents Access Control Rules for Normal Users . 75Table 33 : Encrypted Communications Provided by the TOE . 77Table 34 : List of Cryptographic Operations for Stored Data Protection . 78Table 35 : Management of TSF Data . 78Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 6 of 82Table 36 : List of Static Initialisation for Security Attributes of Document Access Control SFP . 81Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 7 of 821 ST IntroductionThis section describes ST Reference, TOE Reference, TOE Overview and TOE Description.1.1ST ReferenceThe following are the identification information of this ST.Title: RICOH MP C3504/C3004 Security TargetVersion: 1.00Date: 2016-09-28Author: RICOH COMPANY, LTD.1.2TOE ReferenceThe identification information of the TOE is shown below.TOE Names: RICOH MP C3504/C3004Version: J-1.00TOE Type: Digital multifunction product (hereafter "MFP")Target MFP: MFP equipped with either an Auto Document Feeder (ADF) (Auto Reverse DocumentFeeder), Auto Document Feeder (ADF) (one-pass duplex scanning ADF), or exposureglass cover.- RICOH MP C3504 SP, RICOH MP C3004 SPAbove MFP with Fax Unit Type M19.- RICOH MP C3504 SPF, RICOH MP C3004 SPFMake clear to the sales representative that you purchase the MFP as CC-certified product.1.3TOE OverviewThis section defines TOE Type, TOE Usage and Major Security Features of TOE.1.3.1TOE TypeThis TOE is an MFP, which is an IT device that inputs, stores, and outputs documents.Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 8 of 821.3.2TOE UsageThe operational environment of the TOE is illustrated below and the usage of the TOE is outlined in thissection.Figure 1 : Example of TOE EnvironmentThe TOE is used by connecting to the local area network (hereafter "LAN") and telephone lines, as shown inFigure 1. Users can operate the TOE from the Operation Panel of the TOE or through LAN communications.Below, explanations are provided for the MFP, which is the TOE itself, and hardware and software otherthan the TOE.MFPA machinery that is defined as the TOE. The MFP is connected to the office LAN, and users can perform thefollowing operations from the Operation Panel of the MFP:-Various settings for the MFP,-Copy, fax, storage, and network transmission of paper documents,-Print, fax, network transmission, and deletion of the stored documents.Also, the TOE receives information via telephone lines and can store it as a document.Copyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 9 of 82LANNetwork used in the TOE environment.Client computerA computer that performs as a client of the TOE if it is connected to the LAN, and users can remotelyoperate the MFP from the client computer. The possible remote operations from the client computer are asfollows:-Various settings for the MFP using a Web browser installed on the client computer,-Operation of stored documents using a Web browser installed on the client computer,-Storage and/or printing of documents using the printer driver installed on the client computer,-Storage and/or faxing of documents using the fax driver installed on the client computer.Telephone lineA public line for the TOE to communicate with external faxes.FirewallA device to prevent the office environment from network attacks via the Internet.FTP ServerA server used by the TOE for folder transmission of the stored documents in the TOE to its folders.SMB ServerA server used by the TOE for folder transmission of the stored documents in the TOE to its folders.SMTP ServerA server used by the TOE for e-mail transmission.1.3.3Major Security Features of TOEThe TOE stores documents in it, and sends and receives documents to and from the IT devices connected tothe LAN. To ensure provision of confidentiality and integrity for those documents, the TOE has thefollowing security features:-Audit Function-Identification and Authentication Function-Document Access Control Function-Use-of-Feature Restriction Function-Network Protection Function-Residual Data Overwrite Function-Stored Data Protection FunctionCopyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 10 of 82-Security Management Function-Software Verification Function-Fax Line Separation Function1.4TOE DescriptionThis section describes Physical Boundary of TOE, Guidance Documents, Definition of Users, LogicalBoundary of TOE, and Protected Assets.1.4.1Physical Boundary of TOEThe physical boundary of the TOE is the MFP, which consists of the following hardware components(shown in Figure 2): Operation Panel Unit, Engine Unit, Fax Controller Unit, Controller Board, HDD, Ic Ctlr,Network Unit, USB Slot (Controller Board), SD Card Slot (Controller Board), SD Card Slot (OperationPanel Unit), USB Memory Slot, USB Slot (Operation Panel Unit), and miniUSB Slot.Figure 2 : Hardware Configuration of the TOECopyright (c) 2016 RICOH COMPANY, LTD. All rights reserved.
Page 11 of 82Controller BoardThe Controller Board is a device that contains Processors, RAM, NVRAM, Ic Key, and FlashROM. TheController Board sends and receives information to and from the units and devices that constitute the MFP,and this information is used to control the MFP. The information to control the MFP is processed by theMFP Control Software
- RICOH MP C3504 SP, RICOH MP C3004 SP Above MFP with Fax Unit Type M19. - RICOH MP C3504 SPF, RICOH MP C3004 SPF Make clear to the sales representative that you purchase the MFP as CC-certified product. 1.3 TOE Overview This section defines TOE Type, TOE Usage and Major Security Features of TOE. 1.3.1 TOE Type
a.82 ricoh aficio mp c3004 ball bearing:dia17xdia26x5 207,90 a.83 ricoh aficio mp c3004 collection bottle:ass'y 346,92 a.84 ricoh aficio mp c3004 filter:preventfence:10 143,22 a.85 ricoh aficio mp c3004 paper feed belt 277,90 a.86 ricoh aficio mp c3004 pickup roller 54,88 a.87 ricoh aficio mp c3004 reverse roller:paper feed 285,88
MP C3004 MP C3504 MP C4504 MP C6004 SERIES Copier Printer Facsimile Scanner 35 RICOH MP C3504SP cpm 30Black&white Full color RICOH MP C3004SP 45 RICOH MP C4504SP. Note: Photo shows the Ricoh MP C3004 SP with the optional PB3160 Feed Table. Note: Screen display shown here is a composite image. We're reinventing office life with Workstyle .
short on time. Use the RICOH MP C3004/MP C3504 to perform everyday office tasks with incredible speed and ease. With a built-in motion sensor, the MFP is ready to work as soon as you are. Print colourful presentations, images, brochures and more at up to 35 pages per minute and grab them on your way to an important meeting.
Use the RICOH MP C3004/MP C3504 to print, scan, copy and fax information in multiple formats to a wider range of audiences quickly and easily. Use the advanced 10.1"-wide Super VGA Smart Operation Panel to create your own digital workflows — with shortcuts, advanced scan-to capabilities and time-saving automation
MP C3004(A)SP MP C3504(A)SP MP C4504(A)SP MP C5504(A)SP MP C6004SP Colour Multifunction Printer Copier Printer Facsimile Scanner MP C3504(A)SP 35 Colour ppm MP C3004(A)SP 30 Colour ppm MP C6004SP 60 Colour ppm MP C5504(A)SP 55 Colour ppm MP C4504(A)SP 45 Colour ppm. Much more than a new range. It’s a whole new way
MP C3004(A)SP 6004SP Barevné multifunkční tiskárny Kopírka Tiskárna Fax Skener MP C3504(A)SP 35 Barevně str./m MP C3004(A)SP 30 Barevně str./m MP C6004SP 60 Barevně str./m MP C5504(A)SP 55 Barevně str./m MP C4504(A)SP 45 Barevně str./m MP C3504(A)SP MP C4504(A)SP MP C5504(A)SP MP C
- RICOH MP C6004 SP, RICOH MP C5504 SP, RICOH MP C5504A SP, RICOH MP C4504 SP, RICOH MP C4504A SP Above MFP with Fax Unit Type M20. - RICOH MP C6004 SPF, RICOH MP C5504 SPF, RICOH MP C4504 SPF Make clear to the sales representative that you purchase the MFP as CC-certified product. 1.3 TOE Overview
Tkinter ("Tk Interface")is python's standard cross-platform package for creating graphical user interfaces (GUIs). It provides access to an underlying Tcl interpreter with the Tk toolkit, which itself is a cross-platform, multilanguage graphical user interface library. Tkinter isn't the only GUI library for python, but it is the one that comes standard. Additional GUI libraries that can be .
