Click here to load reader

Xerox WorkCentre 7232/7242 Security Target · PDF file 2008. 5. 21. · Xerox WorkCentre 7232 and Xerox WorkCentre 7242 are identified as Xerox WorkCentre 7232/7242 and use the same

  • View
    4

  • Download
    0

Embed Size (px)

Text of Xerox WorkCentre 7232/7242 Security Target · PDF file 2008. 5. 21. · Xerox...

  • Xerox WorkCentre 7232/7242

    Security Target

    Version 1.0.4

    This document is a translation of the evaluated and certified security target written in Japanese

  • - i -

    - Table of Contents -

    1. ST OVERVIEW ................................................................................................... 1 1.1. ST Identification ....................................................................................................................1 1.2. ST Overview ..........................................................................................................................1 1.3. Common Criteria Conformance Claim..................................................................................2 1.4. References..............................................................................................................................2 1.5. Acronyms and Terminology...................................................................................................3

    1.5.1. Acronyms.................................................................................................................................... 3 1.5.2. Terminology................................................................................................................................ 4

    2. TOE DESCRIPTION ........................................................................................... 8 2.1. TOE Overview .......................................................................................................................8

    2.1.1. Product Type............................................................................................................................... 8 2.1.2. Function Types............................................................................................................................ 8 2.1.3. Service Overview ....................................................................................................................... 9

    2.1.3.1. Environment Assumptions......................................................................................................... 9 2.1.3.2. Security Function Overview .................................................................................................... 10

    2.2. User Assumptions ................................................................................................................ 11 2.3. Logical Scope and Boundary ............................................................................................... 11

    2.3.1. Basic Functions......................................................................................................................... 12 2.3.1.1. Control Panel Function ............................................................................................................ 12 2.3.1.2. Copy Function ......................................................................................................................... 12 2.3.1.3. Print Function .......................................................................................................................... 12 2.3.1.4. Scan Function, Network Scan Function................................................................................... 13 2.3.1.5. Fax Function ............................................................................................................................ 13 2.3.1.6. i-Fax / D-Fax Functions........................................................................................................... 13 2.3.1.7. CWIS Function ........................................................................................................................ 13

    2.3.2. Security Functions .................................................................................................................... 13 2.3.2.1. Hard Disk Data Overwrite (TSF_IOW)................................................................................... 13 2.3.2.2. Hard Disk Data Encryption (TSF_CIPHER) ........................................................................... 14 2.3.2.3. User Authentication (TSF_USER_AUTH).............................................................................. 14 2.3.2.4. System Administrator’s Security Management (TSF_FMT)................................................... 16 2.3.2.5. Customer Engineer Operation Restriction (TSF_CE_LIMIT) ................................................ 17 2.3.2.6. Security Audit Log (TSF_FAU)............................................................................................... 17 2.3.2.7. Internal Network Data Protection (TSF_NET_PROT)............................................................ 17 2.3.2.8. Fax Flow Security (TSF_FAX_FLOW) .................................................................................. 17

    2.4. Physical Scope and Boundary..............................................................................................17 2.5. Assets Protected by TOE .....................................................................................................19

    3. TOE SECURITY ENVIRONMENT ................................................................. 21

  • - ii -

    3.1. Assumptions.........................................................................................................................21 3.2. Threats..................................................................................................................................22 3.3. Organizational Security Policy ............................................................................................22

    4. SECURITY OBJECTIVES................................................................................ 23 4.1. Security Objectives for the TOE ..........................................................................................23 4.2. Security Objectives for the Environment.............................................................................23

    5. IT SECURITY REQUIREMENTS.................................................................... 25 5.1. TOE Security Functional Requirements ..............................................................................25

    5.1.1. Class FAU: Security Audit........................................................................................................ 25 5.1.2. Class FCS: Cryptographic support ........................................................................................... 28 5.1.3. Class FDP: User data protection............................................................................................... 29 5.1.4. Class FIA: Identification and authentication ............................................................................ 32 5.1.5. Class FMT: Security management............................................................................................ 33 5.1.6. Class FPT: Protection of TSF ................................................................................................... 37 5.1.7. Class FTP: Trusted path/channels............................................................................................. 38 5.1.8. TOE Security Function Strength............................................................................................... 38

    5.2. TOE Security Assurance Requirements ...............................................................................38 5.3. Security Requirements for the IT Environment ...................................................................39

    6. TOE SUMMARY SPECIFICATION ............................................................... 40 6.1. TOE Security Functions.......................................................................................................40

    6.1.1. Hard Disk Data Overwrite (TSF_IOW).................................................................................... 41 6.1.2. Hard Disk Data Encryption (TSF_CIPHER)............................................................................ 42 6.1.3. User Authentication (TSF_USER_AUTH) .............................................................................. 42 6.1.4. System Administrator’s Security Management (TSF_FMT).................................................... 44 6.1.5. Customer Engineer Operation Restriction (TSF_CE_LIMIT) ................................................. 45 6.1.6. Security Audit Log (TSF_FAU) ............................................................................................... 46 6.1.7. Internal Network Data Protection (TSF_NET_PROT) ............................................................ 48 6.1.8. Fax Flow Security (TSF_FAX_FLOW) ................................................................................... 50

    6.2. Security Function Strength Level ........................................................................................50 6.3. Assurance Measures.............................................................................................................50

    6.3.1. Configuration Management Description (TAS_CONFIG) .................................................... 51 6.3.2. TOE Configuration List (TAS_CONFIG_LIST) ................................................................... 51 6.3.3. Delivery, Introduction, and Operation Procedure Description (TAS_DELIVERY) .............. 51 6.3.4. Functional Specification (TAS_FUNC_SPEC)...................................................................... 52 6.3.5. High-Level Design Specification (TAS_HIGHLDESIGN) ................................................... 52 6.3.6. Correspondence Analysis Description (TAS_REPRESENT) ..

Search related