Fuji xerox Docucentre-v c2265 User manual

March 2016

Fuji Xerox

DocuCentre-V C2265/C2263models

with Hard Disk, Data Security, Scan,

and Fax

Security Target

Version 1.1.7

This document is a translation of the evaluated

and certified security target written in Japanese.

- i -

- Table of Contents -

1. ST INTRODUCTION ................................................................................................................1

1.1. ST Reference..................................................................................................................................................1

1.2. TOE Reference...............................................................................................................................................1

1.3. TOE Overview ................................................................................................................................................2

1.3.1. TOE Type and Major Security Features ...................................................................................................... 2

1.3.2. Environment Assumptions............................................................................................................................... 5

1.3.3. Required Non-TOE Hardware and Software ............................................................................................ 6

1.4. TOE Description............................................................................................................................................8

1.4.1. User Assumptions................................................................................................................................................ 8

1.4.2. Logical Scope and Boundary .......................................................................................................................... 8

1.4.3. Physical Scope and Boundary ..................................................................................................................... 17

1.4.4. Guidance.............................................................................................................................................................. 18

2. CONFORMANCE CLAIM .....................................................................................................20

2.1. CC Conformance Claim ..........................................................................................................................20

2.2. PP claim, Package Claim ........................................................................................................................20

2.2.1. PP Claim ............................................................................................................................................................... 20

2.2.2. Package Claim ................................................................................................................................................... 20

2.2.3. Conformance Rationale................................................................................................................................. 21

3. SECURITY PROBLEM DEFINITION ................................................................................23

3.1. Threats..........................................................................................................................................................23

3.1.1. Assets Protected by TOE ................................................................................................................................ 23

3.1.2. Threats agents................................................................................................................................................... 26

3.1.3. Threats.................................................................................................................................................................. 26

3.2. Organizational Security Policies..........................................................................................................27

3.3. Assumptions ...............................................................................................................................................27

4. Security Objectives................................................................................................................28

4.1. Security Objectives for the TOE...........................................................................................................28

4.2. Security Objectives for the Environment .........................................................................................29

4.3. Security Objectives Rationale ..............................................................................................................29

5. EXTENDED COMPONENTS DEFINITION ....................................................................34

5.1. FPT_FDI_EXP Restricted forwarding of data to external interfaces ....................................34

6. SECURITY REQUIREMENTS..............................................................................................36

6.1. Security Functional Requirements .....................................................................................................40

6.1.1. Class FAU: Security Audit .............................................................................................................................. 43

- ii -

6.1.2. Class FCS: Cryptographic Support............................................................................................................. 50

6.1.3. Class FDP: User Data Protection ................................................................................................................ 51

6.1.4. Class FIA: Identification and Authentication....................................................................................... 67

6.1.5. Class FMT: Security Management ............................................................................................................ 70

6.1.6. Class FPT: Protection of the TSF ................................................................................................................ 90

6.1.7. Class FTA: TOE Access..................................................................................................................................... 92

6.1.8. Class FTP: Trusted Path/Channels ............................................................................................................. 92

6.2. Security Assurance Requirements ......................................................................................................93

6.3. Security Requirement Rationale.........................................................................................................94

6.3.1. Security Functional Requirements Rationale........................................................................................ 94

6.3.2. Dependencies of Security Functional Requirements.......................................................................102

6.3.3. Security Assurance Requirements Rationale ......................................................................................107

7. TOE SUMMARY SPECIFICATION ................................................................................. 108

7.1. Security Functions ................................................................................................................................. 108

7.1.1. Hard Disk Data Overwrite (TSF_IOW) ...................................................................................................110

7.1.2. Hard Disk Data Encryption (TSF_CIPHER) ..........................................................................................111

7.1.3. User Authentication (TSF_USER_AUTH) .............................................................................................111

7.1.4. System Administrator’s Security Management (TSF_FMT) ........................................................117

7.1.5. Customer Engineer Operation Restriction (TSF_CE_LIMIT) ........................................................119

7.1.6. Security Audit Log (TSF_FAU)...................................................................................................................120

7.1.7. Internal Network Data Protection (TSF_NET_PROT) .....................................................................122

7.1.8. Information Flow Security (TSF_INF_FLOW).....................................................................................124

7.1.9. Self Test (TSF_S_TEST) ................................................................................................................................125

8. ACRONYMS AND TERMINOLOGY ............................................................................... 126

8.1. Acronyms .................................................................................................................................................. 126

8.2. Terminology............................................................................................................................................. 127

9. REFERENCES ........................................................................................................................ 131

- iii -

- List of Figures and Tables -

Figure 1 General Operational Environment...........................................................................................................6

Figure 2 MFD Units and TOE Logical Scope..........................................................................................................9

Figure 3 Authentication Flow for Private Print and Mailbox........................................................................12

Figure 4 MFD Units and TOE Physical Scope.....................................................................................................17

Figure 5 Assets under and not under Protection..............................................................................................25

Table 1 Function Types and Functions provided by the TOE ..........................................................................2

Table 2 User Role Assumptions ..................................................................................................................................8

Table 3 TOE Basic Functions.....................................................................................................................................10

Table 4 Assets for User Data ....................................................................................................................................23

Table 5 Assets for TSF Data......................................................................................................................................24

Table 6 Other Assets....................................................................................................................................................24

Table 7 Threats to User Data and TSF Data......................................................................................................26

Table 8 Organizational Security Policies ..............................................................................................................27

Table 9 Assumptions....................................................................................................................................................27

Table 10 Security Objectives for the TOE ............................................................................................................28

Table 11 Security objectives for the environment ...........................................................................................29

Table 12 Assumptions / Threats / Organizational Security policies and the Corresponding

Security Objectives ..............................................................................................................................................30

Table 13 Security Objectives Rationale for Security Problem......................................................................30

Table 14 Security functional Requirements........................................................................................................40

Table 15 Auditable Events of TOE and Individually Defined Auditable Events ...................................43

Table 16 Common Access Control SFP .................................................................................................................51

Table 17 SFR Package attributes ............................................................................................................................52

Table 18 Function Access Control SFP ..................................................................................................................53

Table 19 PRT Access Control SFP............................................................................................................................54

Table 20 SCN Access Control SFP...........................................................................................................................55

Table 21 CPY Access Control SFP............................................................................................................................55

Table 22 FAX Access Control SFP............................................................................................................................56

Table 23 DSR Access Control SFP ...........................................................................................................................56

Table 24 D.FUNC Operation List.............................................................................................................................57

Table 25 List of Security Functions ........................................................................................................................71

Table 26 Security Attributes and Authorized Roles.........................................................................................72

Table 27 Security Attributes and Authorized Roles (Function Access).....................................................73

Table 28 Security Attributes and Authorized Roles(PRT) ..............................................................................74

Table 29 Security Attributes and Authorized Roles (SCN)............................................................................75

Table 30 Security Attributes and Authorized Roles (FAX) .............................................................................77

Table 31 Security Attributes and Authorized Roles (DSR) ............................................................................78

Table 32 Security Attributes and Authorized Roles (D.FUNC) ....................................................................79

- iv -

Table 33 Initialization property ..............................................................................................................................79

Table 34 Initialization property ..............................................................................................................................81

Table 35 Initialization property ..............................................................................................................................84

Table 36 Operation of TSF Data.............................................................................................................................84

Table 37 Operation of TSF Data.............................................................................................................................86

Table 38 Security Management Functions Provided by TSF .......................................................................86

Table 39 Security Assurance Requirements........................................................................................................93

Table 40 Security Functional Requirements and the Corresponding Security Objectives................94

Table 41 Security Objectives to SFR Rationale..................................................................................................96

Table 42 Dependencies of Functional Security Requirements................................................................. 103

Table 43 Security Functional Requirements and the Corresponding TOE Security Functions..... 108

Table 44 Management of security attributes................................................................................................. 113

Table 45 Access Control for Basic Functions ................................................................................................... 115

Table 46 Access Control for User Data.............................................................................................................. 115

Table 47 Details of Security Audit Log .............................................................................................................. 120

Fuji Xerox C2265/C2263 Security Target

- 1 - Copyright

2016 by Fuji Xerox Co., Ltd

1. ST INTRODUCTION

This chapter describes Security Target (ST) Reference, TOE Reference, TOE Overview,

and TOE Description.

1.1. ST Reference

This section provides information needed to identify this ST.

ST Title:

Fuji Xerox DocuCentre-V C2265/C2263 models

with Hard Disk, Data Security, Scan, and Fax

Security Target

ST Version: V 1.1.7

Publication Date: March 18, 2016

Author: Fuji Xerox Co., Ltd.

1.2. TOE Reference

This section provides information needed to identify this TOE.

The TOE is DocuCentre-V C2265 and DocuCentre-V C2263.

The TOE name is integrated as below.

TOE Identification: Fuji Xerox DocuCentre-V C2265/C2263 models

with Hard Disk, Data Security, Scan, and Fax

Version: ・Controller ROM Ver. 1.0.13

・FAX ROM Ver. 2.0.8

Developer: Fuji Xerox Co., Ltd.

NOTE: When Fuji Xerox DocuCentre-V C2265/C2263 is not equipped with one or more of the

following: Hard Disk, Data Security, Scan, and Fax functions, the corresponding kits described

below shall be installed.

・Function Extension Kit (Hard Disk): EC103136 (For Japan and for overseas)

・Fax Kit: QC100164 (For Japan), EC103127 (For overseas)

・Data Security Kit: EC103105 (For Japan)

・Scan Kit: EC103096 (For Japan), EC103123 (For overseas)

The followings are the target products.

(1) For Japan and for overseas

DocuCentre-V C2263: Controller ROM Ver. 1.0.1３

FAX ROM Ver. 2.0.8

Fuji Xerox C2265/C2263 Security Target

- 2 - Copyright

2016 by Fuji Xerox Co., Ltd

(2) For overseas

DocuCentre-V C2265: Controller ROM Ver. 1.0.1３

FAX ROM Ver. 2.0.8

1.3. TOE Overview

1.3.1. TOE Type and Major Security Features

1.3.1.1. TOE Type

This TOE, categorized as an IT product, is the Fuji Xerox DocuCentre-V C2265/C2263

(hereinafter referred to as “MFD”) which has the copy, print, scan, and fax functions.

The TOE is the product which controls the whole MFD and protects the data that are

transmitted over the encryption communication protocols.

These protocols protect the security of the TOE setting data, Mailbox, the security audit log

data and the document data on the internal network between the TOE and the remote.

The TOE also prevents the document data and the used document data in the internal HDD

from being disclosed by unauthorized person.

1.3.1.2. Function Types

Table 1 shows the Function types and functions provided by the TOE.

Table 1 Function Types and Functions provided by the TOE

Function types Functions provided by the TOE

Basic Function

- Control Panel

- Copy

- Print

- Scan

- Network Scan

- Fax

- Internet Fax Send

- CWIS

Security Function

- Hard Disk Data Overwrite

- Hard Disk Data Encryption System

- User Authentication

- Administrator’s Security Management

- Customer Engineer Operation Restriction

- Security Audit Log

- Internal Network Data Protection

- Information Flow Security

- Self Test

Fuji Xerox C2265/C2263 Security Target

- 3 - Copyright

2016 by Fuji Xerox Co., Ltd

・ As the TOE uses the Hard Disk Data Overwrite and Hard Disk Data Encryption functions, a

model to be used as the TOE shall be equipped with the internal HDD. Therefore, when the

model to be used is not equipped with the internal HDD, the internal HDD shall be

purchased and installed.

・ When a model to be used as the TOE does not have the Data Security function, the Data

Security Kit shall be purchased and installed. (The target products intended for Japan do

not have the Data Security function.)

・ As the TOE uses the following functions: fax, the Internet fax send, scan, and network scan,

when a model to be used as the TOE does not have one or more of the said functions, the

Fax Kit and/or Scan Kit shall be purchased and installed.

・ To use print function, the printer driver shall be installed to the external client for general

user and that for system administrator.

・ There are two types of user authentication, local authentication and remote

authentication, and the TOE behaves with either one of the authentication types

depending on the setting.

In this ST, the difference of the TOE behavior is described if the TOE behaves differently

depending on the type of authentication being used. Unless specified, the behavior of the

TOE is the same for both authentication types.

There are two types of remote authentication, LDAP authentication and Kerberos

authentication. To set SA (system administrator privilege) as user role assumption in

Kerberos authentication, LDAP server is also necessary.

Note:

・ For Japanese model does not have Remote Authentication function and S/MIME function.

Each function of Remote Authentication, S/MIME, E-mail, and Internet Fax Send that are

written in the following sections is subject to evaluation of for overseas model only.

・ The TOE’s optional functions to print from USB and store to USB are not included in the

target of evaluation.

Therefore, the [Store to USB] and [Media Print] buttons do not appear on the control panel.

1.3.1.3. Usage and Major Security Features of TOE

The TOE is mainly used to perform the following functions:

・ Copy function and Control Panel function are to read the original data from IIT and print

them out from IOT according to the general user’s instruction from the control panel.

When more than one copy of original data are ordered, the data read from IIT are first

stored into the MFD internal HDD. Then, the stored data are read out from the internal

HDD for the required number of times so that the required number of copies can be made.

・ Print function is to decompose and print out the print data transmitted by a general user

client.

・ CWIS (CentreWare Internet Services) is to retrieve the document data scanned by MFD

from Mailbox.

Fuji Xerox C2265/C2263 Security Target

- 4 - Copyright

2016 by Fuji Xerox Co., Ltd

It also enables a system administrator to refer to and rewrite TOE setting data via Web

browser.

・ Scan function and Control Panel function are to read the original data from IIT and store

them into Mailbox within the MFD internal HDD, according to the general user’s instruction

from the control panel.

The stored document data can be retrieved via standard Web browser by using CWIS.

・ Network Scan function and Control Panel function are to read the original data from IIT

and transmit the document data to FTP server, or Mail server, according to the information

set in the MFD. This function is operated according to the general user’s instruction from

the control panel.

・ Fax function and Control Panel function are to send and receive fax data. According to the

general user’s instruction from the control panel to send a fax, the original data are read

from IIT and then sent to the destination via public telephone line. The document data are

received from the sender’s machine via public telephone line and then stored in Mailbox.

・ The Internet Fax Send function and Control Panel function are to send and receive fax data

via the Internet, not public telephone line.

The TOE provides the following security features:

(1) Hard Disk Data Overwrite

To completely delete the used document data in the internal HDD, the data are overwritten

with new data after any job of copy, print, scan, etc. is completed.

(2) Hard Disk Data Encryption

The document data are encrypted before being stored into the internal HDD when using any

function of copy, print, scan, etc. or configuring various security function settings.

(3) User Authentication

Access to the TOE functions is restricted to the authorized user and this function identifies

and authenticates users. A user needs to enter his/her ID and password from the MFD

control panel, or general user client by using CWIS.

(4) System Administrator’s Security Management

This function allows only the system administrator identified and authorized from the

control panel or system administrator client to refer to and change the TOE security function

settings.

(5) Customer Engineer Operation Restriction

A system administrator can prohibit CE from referring to, and changing the TOE security

function settings.

(6) Security Audit Log

The important events of TOE such as device failure, configuration change, and user

Fuji Xerox C2265/C2263 Security Target

- 5 - Copyright

2016 by Fuji Xerox Co., Ltd

operation are traced and recorded based on when and who used what function.

(7) Internal Network Data Protection

This function protects the communication data on the internal network such as document

data, security audit log data, Mailbox and TOE setting data.

The following general encryption communication- protocols are supported: SSL/TLS, IPSec,

and S/MIME.

(8) Information Flow Security

This function restricts the unpermitted communication between external interfaces and

internal network.

(9) Self Test

This function verifies the integrity of TSF executable code and TSF data.

1.3.2. Environment Assumptions

This TOE is assumed to be used as an IT product at general office and to be connected to public

telephone line, user clients, and the internal network protected from threats on the external

network by firewall etc.

Figure 1 shows the general environment for TOE operation.

Other manuals for DocuCentre-V C2265

This manual suits for next models

Table of contents

Other Fuji Xerox Copier manuals

Fuji Xerox

Fuji Xerox DocuCentre 9000 User manual

Fuji Xerox

Fuji Xerox DocuPrint CM415 AP User manual

Fuji Xerox

Fuji Xerox ApeosPort-IV C7780 User manual

Fuji Xerox

Fuji Xerox DocuPrint 3105 User manual

Fuji Xerox

Fuji Xerox D125 User manual

Fuji Xerox

Fuji Xerox DC1010S User manual

Fuji Xerox

Fuji Xerox ApeosPort-IV 5070 Use and care manual

Fuji Xerox

Fuji Xerox DocuColor 5065II User manual

Fuji Xerox

Fuji Xerox DC 236 User manual

Fuji Xerox

Fuji Xerox DocumentCentre C400 Series User manual

Fuji Xerox

Fuji Xerox Document Centre 706 User manual

Popular Copier manuals by other brands

Xerox

Xerox Document Centre 50 installation guide

Sharp

Sharp AR-5015 N Service manual

Minolta

Minolta CF910 manual 

Canon

Canon iR1210 Service bulletin

Ricoh

Ricoh FW740 manual

Ricoh

Ricoh B003 Service manual

Oce

Oce 9800 user manual

Olivetti

Olivetti d-Copia 1800 Service manual

Minolta

Minolta Di181 manual 

Ricoh

Ricoh Di-C1 manual

Canon

Canon iR5000i Service manual

Xerox

Xerox WorkCentre Pro 40 user manual

Canon

Canon NP6317 Service handbook

Minolta

Minolta EP4000 Operator's manual

Triumph Adler

Triumph Adler DCC 2526 Instruction handbook

Kyocera Mita

Kyocera Mita KM-2030 Instruction handbook

Triumph Adler

Triumph Adler DC 2222 Instruction handbook

Triumph Adler

Triumph Adler DC 2075 Instruction handbook

Fuji Xerox DocuCentre-V C2265 User manual

Popular Copier manuals by other brands