Dell C5765dn Color Laser Multifunction Printer Security Target Version 1.1.4 This document is a translation of the evaluated and certified security target written in Japanese.
- Table of Contents 1. ST INTRODUCTION ........................................................... 1 1.1. 1.2. 1.3. 1.3.1. TOE Type and Major Security Features............................................... 1 1.3.2. Environment Assumptions ...............................................................4 1.3.3. Required Non-TOE Hardware and Software ......................................... 5 1.4. 2. User Assumptions .......................................................................... 8 1.
6. SECURITY REQUIREMENTS ...............................................29 6.1. 6.1.1. Class FAU: 6.1.2. Class FCS: Cryptographic support ................................................... 39 6.1.3. Class FDP: 6.1.4. Class FIA: Identification and authentication ..................................... 45 6.1.5. Class FMT: Security management ................................................... 50 6.1.6. Class FPT: 6.1.7. Class FTP: Trusted path/channels .........................................
- List of Figures and Tables Figure 1: General Operational Environment .......................................................... 5 Figure 2: MFD Units and TOE Logical Scope .......................................................... 9 Figure 3: Authentication Flow for Private Print and Mailbox ................................... 12 Figure 4: MFD Units and TOE Physical Scope ...................................................... 16 Figure 5: Assets under and not under Protection .............................
Dell C5765dn Security Target 1. ST INTRODUCTION This chapter describes Security Target (ST) Reference, TOE Reference, TOE Overview, and TOE Description. 1.1. ST Reference This section provides information needed to identify this ST. ST Title: Dell C5765dn Color Laser Multifunction Printer Security Target ST Version: V 1.1.4 Publication Date: September 8, 2014 Author: Fuji Xerox Co., Ltd. 1.2. TOE Reference This section provides information needed to identify this TOE.
Dell C5765dn Security Target Table 1: Function Types and Functions Provided by the TOE Function types Functions provided by the TOE - Control Panel - Copy - Print Basic Function - Scan - Network Scan - Fax - Direct Fax (with local authentication only) - Remote Configuration - Hard Disk Data Overwrite - Hard Disk Data Encryption - User Authentication - Administrator’s Security Management Security Function - Customer Engineer Operation Restriction - Security Audit Log - Internal Network Data Protection
Dell C5765dn Security Target 1.3.1.3. Usage and Major Security Features of TOE The TOE is mainly used to perform the following functions: ・ Copy function and Control Panel function are to read the original data from IIT and print them out from IOT according to the general user’s instruction from the control panel. When more than one copy of an original data is ordered, the data read from IIT are first stored into the MFD internal HDD.
Dell C5765dn Security Target A user can also use Smart Card authentication (CAC/PIV) for identification and authentication. (4) System Administrator’s Security Management This function allows only the system administrator identified and authorized from the control panel or system administrator client to refer to and change the TOE security function settings. (5) Customer Engineer Operation Restriction A system administrator can prohibit CE from referring to and changing the TOE security function settings.
Dell C5765dn Security Target External Network General User Client General User General User -Printer Driver -Fax Driver -Network Scan Utility -Web Browser General User Client -Printer Driver -Fax Driver Firewall USB USB Media USB System Administrator Client System Administrator TOE Card Reader USB Internal Network -Web Browser Mail Server FTP Server SMB Server LDAP Server Kerberos Server Public Telephone Line General User OCSP Server CE System Administrator Figure 1: General Operational En
Dell C5765dn Security Target document. When the client is connected to the MFD directly via USB and printer/fax driver is installed to the client, the user can request the MFD to print/fax the document data. (2) System administrator client: The hardware is a general-purpose PC. A system administrator can refer to and change TOE setting data via Web browser. (3) Mail server: The hardware/OS is a general-purpose PC or server. The MFD sends/receives document data to/from Mail server via mail protocol.
Dell C5765dn Security Target The OS of (1) general user client and (3) system administrator client are assumed to be Windows XP, Windows Vista, and Windows 7. The (6) LDAP server, (7) Kerberos server, and (8) OCSP server are assumed to be Windows Active Directory. The (9) Card Reader is assumed to be SCR331 or SCR3310 v2.0.
Dell C5765dn Security Target 1.4. TOE Description This section describes user assumptions and logical/physical scope of this TOE. 1.4.1. User Assumptions Table 2 specifies the roles of TOE users assumed in this ST. Table 2: User Role Assumptions User Role Description Administrator of the An administrator or responsible official of the organization which organization owns and uses TOE. General user A user of TOE functions such as copy, print and fax.
Dell C5765dn Security Target Logical Scope TOE General User Control Panel System Administrator Remote Configuration Internal Network Data Protection User Authentication Customer Engineer CardReader LDAP Server Kerberos Server OCSP Server Public Telephone Line System Administrator Client -Web Browser Controller ROM System Administrator’s Security Management Print (Decompose) Security Audit Log Copy General User Client - Printer driver - Fax Driver - Network Scan Utility - Web Browser Fax / Dire
Dell C5765dn Security Target IOT according to the general user’s instruction from the control panel. When more than one copy of an original is ordered, the data read from IIT are first stored into the MFD internal HDD. Then, the stored data are read out from the internal HDD for the required number of times so that the required number of copies can be made. Print Function Print function is to print out the data according to the instruction from a general user client.
Dell C5765dn Security Target 1.4.2.2. Security Functions The security functions provided by the TOE are the following. (1) Hard Disk Data Overwrite To completely delete the used document data in the internal HDD, the data are overwritten with new data after each job (copy, print, scan, Network Scan, Fax, or Direct Fax) is completed. Without this function, the used document data remain and only the management data are deleted.
Dell C5765dn Security Target Figure 3 shows the authentication flow of the above functions.
Dell C5765dn Security Target control panel or to use Smart Card (CAC/PIV). When the user is authenticated, the document data can be scanned from IIT and stored into the internal HDD according to the user’s instruction from the control panel. To store the received fax data into Mailbox, user authentication is not required.
Dell C5765dn Security Target ・ Set the ID the password of key operator (only a key operator is privileged); ・ Refer to and set the ID of SA / general user, and set the password (with local authentication only); ・ Refer to and set the access denial when system administrator’s authentication fails; ・ Refer to and set the limit of user password length (for general user and SA, with local authentication only); ・ Refer to and set Audit Log; ・ Refer to and set the SSL/TLS communication; ・ Refer to a
Dell C5765dn Security Target (9) Self Test The TOE can execute the self test function to verify the integrity of TSF executable code and TSF data. 1.4.2.3. Settings for the Secure Operation System administrator shall set the following to enable security functions in 1.4.2.2. ・ Hard Disk Data Overwrite Set to [Enabled]. ・ Hard Disk Data Encryption Set to [Enabled]. ・ Passcode Entry for Control Panel Set to [Enabled]. ・ Access denial when system administrator’s authentication fails Default [5] Times.
Dell C5765dn Security Target 1.4.3. Physical Scope and Boundary The physical scope of this TOE is the MFD. Figure 4 shows configuration of each unit and TOE physical scope.
Dell C5765dn Security Target connected to the IIT board and IOT board. The control panel is a panel on which buttons, lamps, and a touch screen panel are mounted to use and configure MFD functions of copy, print, scan, and fax. The IIT (Image Input Terminal) is a device to scan an original and send its data to the controller board for copy, scan, and fax functions. The IOT (Image Output Terminal) is a device to output image data which was sent from the controller board.
Dell C5765dn Security Target 2. CONFORMANCE CLAIMS 2.1. CC Conformance Claims This ST and TOE conform to the following evaluation standards for information security (CC): Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model, Version 3.1 Revision 4 Japanese Version 1.0 Part 2: Security functional components, Version 3.1 Revision 4 Japanese Version 1.0 Part 3: Security assurance components, Version 3.1 Revision 4 Japanese Version 1.
Dell C5765dn Security Target 3. SECURITY PROBLEM DEFINITION This chapter describes the threats, organizational security policies, and the assumptions for the use of this TOE. 3.1. Threats 3.1.1. Assets Protected by TOE This TOE protects the following assets (Figure 5): (1) Right to use MFD functions The general user’s right to use each function of the TOE is assumed as an asset to be protected.
Dell C5765dn Security Target General User Client System Administrator Client External Network - Printer Driver - Fax Driver - Web Browser - Network Scan Utility Asset under protection Asset not under protection Internally Stored Data Firewall TOE Document data, security audit log Document Data Used Document Data Security Audit Log Data TOE Setting Data data, and TOE setting data transmitted in the internal network Internal Network TOE setting data transmitted in the internal network General Data o
Dell C5765dn Security Target Categories of TOE Setting Data (Note) Data on access denial due to authentication failures of system administrator Data on Customer Engineer Operation Restriction Data on Internal Network Data Protection Data on Security Audit Log Data on Mailbox Data on User Authentication Data on Store print Data on date and time Data on Self Test Note: The setting data other than TOE setting data are also stored on NVRAM and SEEPROM.
Dell C5765dn Security Target 3.2. Organizational Security Policies Table 6 below describes the organizational security policy the TOE must comply with. Table 6: Organizational Security Policy Organizational Policy Description (Identifier) P.FAX_OPT P.VERIFY TOE shall ensure that the internal network cannot be accessed via public telephone line. The TOE shall execute self-test to verify the integrity of TSF executable code and TSF data. P.OVERWRITE 3.3.
Dell C5765dn Security Target 4. SECURITY OBJECTIVES This chapter describes the security objectives for the TOE and for the environment and the rationale. 4.1. Security Objectives for the TOE Table 8 defines the security objectives to be accomplished by the TOE. Table 8: Security Objectives for the TOE Security Description Objectives(Identifier) O.AUDITS The TOE must provide the Security Audit Log function and its log data which are necessary to monitor unauthorized access.
Dell C5765dn Security Target 4.2. Security Objectives for the Environment Table 9 defines the security objectives for the TOE environment. Table 9: Security Objectives for the Environment Security Description Objectives(Identifier) A system administrator who is assigned by an organization administrator OE.ADMIN as an appropriate and reliable person for this TOE management and who receives necessary training to manage the TOE. The system administrator shall ensure that users have competence by OE.
Dell C5765dn Security Target P. OVERWRITE P.VERIFY P.FAX_OPT T.CONSUME T.DATA_SEC T.COMM_TAP T.CONFDATA T.RECOVER A.ACCESS A.SECMODE A.USER Security Objectives A.ADMIN Security Problems O.FAX_SEC O.MANAGE O.RESIDUAL O.VERIFY O.USER O.
Dell C5765dn Security Target Security Problem Security Objectives Rationale By satisfying the following objective, T.RECOVER can be countered: By OE.SEC, it is necessary to enable the TOE security functions (i.e. Hard Disk Data Overwrite) and disable the reading-out of the document data and security audit log data in the internal HDD as well T.RECOVER as the recovery of the used document data. To be specific, this threat can be countered by the following security objectives: O.CIPHER. By O.
Dell C5765dn Security Target Security Problem Security Objectives Rationale By satisfying the following objectives, T.DATA_SEC can be countered. By OE.SEC, it is necessary to enable the following passwords, user authentication function, and security audit log function: User Password, System Administrator Password, Local Authentication or Remote Authentication, Security Audit Log. Then, only the authenticated user is allowed to access the security audit log data and document data.
Dell C5765dn Security Target 5. EXTENDED COMPONENTS DEFINITION 5.1. Extended Components This ST conforms to CC Part 2 and CC Part 3, and there are no extended components which shall be defined.
Dell C5765dn Security Target 6. SECURITY REQUIREMENTS This chapter describes the security functional requirements, security assurance requirements, and security requirement rationale. The terms and phrases used in this chapter are defined below. - Subject Term/phrase Key Operator Process Definition Operation upon using Mailbox and Store Print when the user authentication of key operator succeeded. SA Process Operation upon using Mailbox and Store Print when the user authentication of SA succeeded.
Dell C5765dn Security Target control panel. Used document data stored in the The remaining data in the MFD internal HDD even internal HDD after deletion. The document data are first stored into the internal HDD, used, and then only their files are deleted. Document data Document data means all the data including image data transmitted across the MFD when any of copy, print, scan or fax functions is operated by a general user.
Dell C5765dn Security Target general user. SA identifier User ID and password used to authenticate and identify SA. Key Operator identifier User ID and password used to authenticate and identify key operator. Owner identifier of Mailbox Data on each Mailbox, incl. permitted user, box name, (Personal, Shared) password, conditions for deleting documents, etc. Owner identifier of Store Print Data on Private Print, incl. user ID, password, measures to be taken at authentication failure, etc.
Dell C5765dn Security Target Data on ID of key operator ID data for key operator authentication. Included in the TOE setting data. Data on password of key operator Password data for key operator authentication. Included in the TOE setting data. Data on ID of SA ID data for SA authentication. Included in the TOE setting data. Data on password of SA Password data for SA authentication. Included in the TOE setting data. Data on ID of General User ID data for general user authentication.
Dell C5765dn Security Target Data on Hard Disk Data The data on whether to enable/disable the functions Encryption related to Hard Disk Data Encryption. They also incorporate the data on the encryption seed key. Included in the TOE setting data. Data on Hard Disk Data The data on whether to enable/disable the functions Overwrite related to Hard Disk Data Overwrite. They also incorporate the data on the number of pass (overwrite procedure). Included in the TOE setting data.
Dell C5765dn Security Target 6.1. Security Functional Requirements Security functional requirements which the TOE offers are described below. The security functional requirements are based on the class and component which are specified by the [CC part 2]. 6.1.1. Class FAU: Security audit FAU_GEN.1 Audit data generation Hierarchical to: No other components. Dependencies: FPT_STM.1 Reliable time stamps FAU_GEN.1.
Dell C5765dn Security Target private keys). FCS_COP.1 a) Minimal: Success and failure, and the type of None cryptographic operation. b) Basic: Any applicable cryptographic mode(s) of operation, subject attributes and object attributes. FDP_ACC.1 None - FDP_ACF.1 a) Minimal: Successful requests to perform an Basic: Creation/deletion operation on an object covered by the SFP. of Mailbox. b) Basic: All requests to perform an operation on an User name, job object covered by the SFP.
Dell C5765dn Security Target FIA_UAU.1 a) Minimal: Unsuccessful use of the authentication < Basic > mechanism; Success/failure of b) Basic: All use of the authentication mechanism. authentication c) Detailed: All TSF mediated actions performed before authentication of the user. FIA_UAU.7 None - FIA_UID.
Dell C5765dn Security Target administrator mode FMT_SMR.1 a) Minimal: modifications to the group of users that are part of a role; Registration of system b) Detailed: every use of the rights of a role. administrator, changes in user registration data (role), and deletion of system administrator FPT_STM.1 FPT_TST.1 a) Minimal: changes to the time; b) Detailed: providing a timestamp. Changes in time setting.
Dell C5765dn Security Target [assignment: authorized users] - system administrator [assignment: list of audit information] - all log information FAU_SAR.1.2 The TSF shall provide the audit records in a manner suitable for the user to interpret the information. FAU_SAR.2 Restricted audit review Hierarchical to: No other components. Dependencies: FAU_SAR.1 Audit review FAU_SAR.2.
Dell C5765dn Security Target [assignment: other actions to be taken in case of audit storage failure] - no other actions to be taken 6.1.2. Class FCS: Cryptographic support FCS_CKM.1 Cryptographic key generation Hierarchical to: No other components Dependencies: [FCS_CKM.2 Cryptographic key distribution, or FCS_COP.1 Cryptographic operation] FCS_CKM.4 Cryptographic key destruction FCS_CKM.1.
Dell C5765dn Security Target - 256bits [assignment: list of cryptographic operations] - encryption of the document data and security audit log data to be stored in the internal HDD and decryption of the document data and security audit log data retrieved from the internal HDD. 6.1.3. Class FDP: User data protection FDP_ACC.1 Subset access control Hierarchical to: No other components. Dependencies: FDP_ACF.1 Security attribute based access control FDP_ACC.1.
Dell C5765dn Security Target Store Print Deletion of document data Retrieval of document data FDP_ACF.1 Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialization FDP_ACF.1.
Dell C5765dn Security Target created. - Deletion of Personal Mailbox When the general user identifier and SA identifier of the general user process and SA process match the owner identifier of Personal Mailbox, deletion of the corresponding Personal Mailbox is allowed.
Dell C5765dn Security Target attributes, that explicitly deny access of subjects to objects]. [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. - no rules that explicitly deny the access FDP_IFC.1 Subset information flow control Hierarchical to: No other components Dependencies: FDP_IFF.1 Simple security attributes FDP_IFC.1.
Dell C5765dn Security Target - Fax information flow control SFP [assignment: list of subjects and information controlled under the indicated SFP, and for each, the security attributes] - none. (Sending information to public telephone line, receiving information from the internal network, and the corresponding data on the public telephone line are not controlled under the Fax information flow control SFP). FDP_IFF.1.
Dell C5765dn Security Target Hierarchical to: No other components Dependencies: No dependencies FDP_RIP.1.1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the [selection: allocation of the resource to, deallocation of the resource from] the following objects: [assignment: list of objects].
Dell C5765dn Security Target operation until the main unit is cycled. FIA_AFL.1(2) Authentication failure handling Hierarchical to: No other components Dependencies: FIA_UAU.1 Timing of authentication FIA_AFL.1.1 (2) The TSF shall detect when [selection: [assignment: positive integer number], an administrator configurable positive integer within [assignment: range of acceptable values]] unsuccessful authentication attempts occur related to [assignment: list of authentication events].
Dell C5765dn Security Target [selection: [assignment: positive integer number] , an administrator configurable positive integer within [assignment: range of acceptable values] - [assignment: positive integer number] [assignment: positive integer number] -1 FIA_AFL.1.2 (3) When the defined number of unsuccessful authentication attempts has been [selection: met, surpassed], the TSF shall [assignment: list of actions].
Dell C5765dn Security Target - met [assignment: list of actions] - have the control panel to display the message of “authentication was failed” and to require reentry of the user information. The TSF shall also have Web browser to reenter the user information FIA_ATD.1 User attribute definition Hierarchical to: No other components. Dependencies: No dependencies. FIA_ATD.1.
Dell C5765dn Security Target FIA_UAU.7.1 The TSF shall provide only [assignment: list of feedback] to the user while the authentication is in progress. [assignment: list of feedback] - display of asterisks (“*”) to hide the entered password characters FIA_UID.1 Timing of identification Hierarchical to: No other components. Dependencies: No dependencies FIA_UID.1.1 The TSF shall allow [assignment: list of TSF-mediated actions] on behalf of the user to be performed before the user is identified.
Dell C5765dn Security Target [assignment: rules for the changing of attributes]. [assignment: rules for the changing of attributes]. - none 6.1.5. Class FMT: Security management FMT_MOF.1 Management of security functions behavior Hierarchical to: No other components Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MOF.1.
Dell C5765dn Security Target Self Test enable, disable FMT_MSA.1 Management of security attributes Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or Key operator, SA FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MSA.1.
Dell C5765dn Security Target Store Print owner identifier query, delete Key operator, SA , General user All Store Print owner identifier query, delete Key operator, SA FMT_MSA.3 Static attribute initialization Hierarchical to: No other components. Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles FMT_MSA.3.
Dell C5765dn Security Target modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorized identified roles]. [selection: change default, query, modify, delete, clear, [assignment: other operations]] - query, modify, delete [assignment: other operations]] - create [assignment: list of TSF data] - TSF data listed in Table 19 [assignment: the authorized identified roles].
Dell C5765dn Security Target Data on Customer Engineer Operation query, modify Key operator, SA Data on Hard Disk Data Encryption query, modify Key operator, SA Data on Hard Disk Data Overwrite query, modify Key operator, SA Data on date and time query, modify Key operator, SA Data on Self Test query, modify Key operator, SA Restriction FMT_SMF.1 Specification of Management Functions Hierarchical to: No other components Dependencies: No dependencies FMT_SMF.1.
Dell C5765dn Security Target explicit access based decisions. FDP_RIP.1 FIA_AFL.1 FIA_ATD.1 FIA_SOS.1 FIA_UAU.1 Reason: Access is restricted and does not need to be managed. a) The choice of when to perform residual Management of data on information protection (i.e. upon allocation Hard Disk Data Overwrite or deallocation) could be made configurable within the TOE.
Dell C5765dn Security Target interact with the functions in the TSF; FMT_MSA.1 a) managing the group of roles that can interact with the security attributes; Customer Engineer Operation Restriction None Reason: The role group is fixed and is not managed. b) management of rules by which security attributes inherit specified values. FMT_MSA.
Dell C5765dn Security Target 6.1.6. Class FPT: Protection of the TSF FPT_STM.1 Reliable time stamps Hierarchical to: No other components. Dependencies: No dependencies. FPT_STM.1.1 The TSF shall be able to provide reliable time stamps. FPT_TST.1 TSF testing Hierarchical to: No other components. Dependencies: No dependencies. FPT_TST.1.
Dell C5765dn Security Target 6.1.7. Class FTP: Trusted path/channels FTP_TRP.1 Trusted path Hierarchical to: No other components. Dependencies: No dependencies. FTP_TRP.1.
Dell C5765dn Security Target 6.2. Security Assurance Requirements The requirements for the TOE security assurance are described in Table 22. The evaluation assurance level of the TOE is EAL3. All the requirement components for assurance are quoted directly from the component of EAL3 specified by [the CC part 3]. Table 22: EAL3 Assurance Requirements Assurance Assurance Component Name Requirements Class ADV: Development ADV_ARC.1 Security architecture description ADV_FSP.
Dell C5765dn Security Target 6.3. Security Requirement Rationale 6.3.1. Security Functional Requirements Rationale Table 23 lists security functional requirements and the corresponding security objectives. As shown in Table 23, each security functional requirement corresponds to at least one security objective of the TOE. Table 24 shows the rationale demonstrating that each security objective is assured by TOE security functional requirements.
Dell C5765dn Security Target O.VERIFY O.USER O.RESTRICT O.RESIDUAL O.MANAGE O.FAX_SEC O.COMM_SEC Requirements O.CIPHER Security Functional O.AUDITS Security Objectives FMT_MSA.1 FMT_MSA.3 FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTP_TRP.
Dell C5765dn Security Target Security Objectives Security Functional Requirements Rationale log file. By FPT_STM.1, the auditable events are recorded with time stamp in the audit log, using highly reliable clock of the TOE. O. CIPHER is the objective that encrypts the used document data and the security audit log data i in the internal HDD so that they cannot be analyzed even if retrieved. By satisfying the following security requirements, O.CIPHER can be realized. O.CIPHER By FCS_CKM.
Dell C5765dn Security Target Security Objectives Security Functional Requirements Rationale local authentication) reaches the defined number of times. By FIA_UAU.1 and FIA_UID.1, user authentication is performed to identify an authorized system administrator or general user. By FIA_UAU.7, unauthorized disclosure of the authentication information (password) is prevented because the authentication feedback is protected. By FMT_MOF.
Dell C5765dn Security Target Security Objectives Security Functional Requirements Rationale By FIA_UAU.7, unauthorized disclosure of the authentication information (password) is prevented because the authentication feedback is protected. O.USER is the objective that identifies the TOE user and allows only the authorized user to retrieve, and delete the document data and to change password. By satisfying the following security requirements, O.USER can be realized: By FDP_ACC.1 and FDP_ACF.
Dell C5765dn Security Target Security Objectives Security Functional Requirements Rationale By FMT_SMR.1, the role of general user and system administrator is maintained and associated with the general user and system administrator. O. VERIFY is the objective that provides the function to verify the integrity of TSF executable code. By satisfying the following security requirements, O. VERIFY can be realized. By FPT_TST.1 the TOE can execute the self test function to verify the O.
Dell C5765dn Security Target Functional Requirement Requirement and its name Dependencies of Functional Requirements Requirement that Requirement that is not dependent on is dependent on and its rationale FCS_CKM.4: A cryptographic key is generated when MFD is FCS_CKM.1 booted, and stored on DRAM (volatile memory). Cryptographic key generation FCS_COP.1 (The stored data in the A cryptographic key does not need to be destructed because this key is lost when the MFD main unit is powered off.
Dell C5765dn Security Target Functional Requirement Requirement and its name Dependencies of Functional Requirements Requirement that Requirement that is not dependent on is dependent on and its rationale FIA_AFL.1(3) Authentication failure handling FIA_UAU.1 (General user) FIA_AFL.1(4) Authentication failure handling FIA_UAU.1 (SA, remote authentication) FIA_ATD.1 None User attribute definition FIA_SOS.1 None Verification of secrets FIA_UAU.1 Timing of authentication FIA_UID.1 FIA_UAU.
Dell C5765dn Security Target Functional Requirement Requirement and its name Dependencies of Functional Requirements Requirement that Requirement that is not dependent on is dependent on and its rationale FPT_STM.1 None Reliable time stamp FPT_TST.1 None TSF testing FTP_TRP.1 None Trusted Path 6.3.3. Security Assurance Requirements Rationale This TOE is for a MFD, a commercial product.
Dell C5765dn Security Target 7. TOE SUMMARY SPECIFICATION This chapter describes the summary specifications of the security functions provided by this TOE. 7.1. Security Functions Table 26 shows security functional requirements and the corresponding TOE security functions. The security functions described in this section satisfy the TOE security functional requirements that are specified in section 6.1 of this ST.
Dell C5765dn Security Target FMT_MSA.3 FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTP_TRP.
Dell C5765dn Security Target the system administrator mode, the document data and security audit log data are encrypted before stored into the internal HDD when operating any function of copy, print, scan, Network Scan, fax, Direct Fax, or configuring various security function settings. (1) FCS_CKM.
Dell C5765dn Security Target Function to retrieve document data from Mailbox. c) Functions controlled by Configuration Web Tool Display of device condition, display of job status and its log, function to retrieve document data from Mailbox, and print function by file designation In addition, access to and setting change of the TOE security functions are restricted to the authorized system administrator.
Dell C5765dn Security Target authentication which is performed before using the MFD functions. When the entered password does not match the one set by an authorized user, the message saying “authentication was failed” is displayed on the control panel, requesting re-entry of the user information. Re-entry of user information is also required at Web browser and Network Scan Utility (with local authentication only). (4) FIA_AFL.
Dell C5765dn Security Target With the authenticated ID, TOE associates the roles of key operator, SA, and general user with the subjects. (10) FMT_MSA.1 Management of security attributes With the user authentication function, the TOE permits the authenticated user to handle the identities related to each Mailbox and Store Print as shown in Table 27.
Dell C5765dn Security Target FDP_ACF.1 Security attribute based access control With the user authentication function, the TOE permits the authenticated user to operate Mailbox and Store Print (Private Print) as shown in Table 28.
Dell C5765dn Security Target document data can be scanned from IIT and stored into the internal HDD according to the user’s instruction from the control panel. To store the received fax data into Mailbox, user authentication is not required.
Dell C5765dn Security Target 7.1.4. System Administrator’s Security Management (TSF_FMT) To grant a privilege to a specific user, this function allows only the authorized system administrator to access the system administrator mode which enables him/her to refer to and configure the settings of the following TOE security functions from the control panel or system administrator client. (1) FMT_MOF.1 Management of security functions behavior FMT_MTD.1 Management of TSF data FMT_SMF.
Dell C5765dn Security Target With Configuration Web Tool, the settings of the following TOE security functions can be referred to and changed from a system administrator client via Web browser.
Dell C5765dn Security Target from referring to / changing the settings related to System Administrator’s Security Management (TSF_FMT). This function can prevent setting change by an attacker who is impersonating CE. (1) FMT_MOF.1 Management of security functions behavior FMT_MTD.1 Management of TSF data FMT_SMF.
Dell C5765dn Security Target Logged Events Description Status Shutdown requested User operation (Local) Start/End Self Test Successful/Failed Login Successful, Failed (Invalid User Authentication Login/Logout UserID), Failed (Invalid Logout Password), Failed Locked System Administrator - Authentication (Number of authentication Detected continuous Authentication Fail failures recorded) Audit Log Enable/Disable Change in Audit Policy Audit Policy Job Status Print Job Status Copy Com
Dell C5765dn Security Target (2) FAU_SAR.1 Audit review It is assured that all the information recorded in the audit log can be retrieved. Security audit log data can be downloaded in the form of tab-delimited text by pressing the button “store as a text file.” To download security audit log data, SSL/TLS communication needs to be enabled before using Web browser. (3) FAU_SAR.2 Restricted audit review The person who retrieves the security audit log data is limited to the authenticated system administrator.
Dell C5765dn Security Target the communication data from modification or disclosure. a) SSL/TLS According to the SSL/TLS communication which is configured by a system administrator using the system administrator mode, SSL/TLS ensuring secure data transmission is supported. This protects the security of document data, security audit log data, and TOE setting data on the internal network. By supporting SSL/TLS, the TOE can act as SSL/TLS server or SSL/TLS client.
Dell C5765dn Security Target Cryptographic key generated as IPSec (ESP: Encapsulating Security Payload) at every session Specifically, one of the following combinations between secret-key cryptographic method and hash method is adopted: Cryptographic Method and Size Hash Method of Secret Key AES / 128 bits SHA-1 3-Key Triple-DES / 168 bits SHA-1 c) SNMPv3 According to the SNMP v3 communication which is configured by a system administrator using the system administrator mode, SNMP v3 is supported.
Dell C5765dn Security Target Secret-key cryptographic method generated as S/MIME for every mail Cryptographic Method and Size of Secret Key 3Key Triple-DES/168 bits AES / 128 bits AES / 192 bits AES / 256 bits Hash method generated as S/MIME for every mail hash method SHA1 SHA256 7.1.8. Fax Flow Security (TSF_FAX_FLOW) This function inhibits unauthorized access to the TOE via the Fax card in the controller board, at any case. The data on public telephone line are not delivered to the internal network.
Dell C5765dn Security Target 8. ACRONYMS AND TERMINOLOGY 8.1.
Dell C5765dn Security Target 8.2. Terminology The following terms are used in this ST: Term User Definition Any entity outside the TOE who interacts with the TOE: i.e. general user, system administrator, and CE. System Administrator A user authorized by key operator to manage MFD maintenance and Privilege (SA) configure TOE security functions. System Administrator Customer Engineer (CE) Attacker Control Panel An authorized user who manages MFD maintenance and configures TOE security functions.
Dell C5765dn Security Target Term Print Data Control Data Definition The data written in PDL, a readable format for MFD, which are to be converted into bitmap data by the TOE decompose function. The data that are transmitted by command and response interactions. This is one the type of the data transmitted between MFD hardware units. The decomposed data of the data read by the copy function and the print Bitmap Data data transmitted from a user client to MFD by the print function.
Dell C5765dn Security Target Term Definition of users, access denial due to authentication failure of system administrator, Internal Network Data Protection, Security Audit Log, User Authentication, Report Print, Auto Clear, Data/Time, and Self Test. General Client and Server Client and server which do not directly engage in TOE operations Deletion from the internal HDD means deletion of the management information.
Dell C5765dn Security Target Term Definition stored in Smart Card (CAC/PIV). The OCSP (Online Certificate Status Protocol) is a protocol for obtaining OCSP Server the revocation status of X. 509 digital certificates in real time. A server that can use the OCSP is called an OCSP server (or OCSP responder). With an OCSP server, a client does not need to obtain and verify a CRL.
Dell C5765dn Security Target 9. REFERENCES The following documentation was used to prepare this ST. Short Name Document Title Part 1: Introduction and general model (September 2012 Version 3.1 Revision 4) Common Criteria for Information Technology Security Evaluation - Version 3.1 [CC Part 1] Part 1: Introduction and general model, dated September 2012, CCMB-2012-09-001 (Japanese version 1.
