CRP-C0239-01 Certification Report Koji Nishigaki, Chairman Information-technology Promotion Agency, Japan Target of Evaluation Application date/ID Certification No. Sponsor Name of TOE Version of TOE 2008-03-07 (ITC-8206) C0239 RICOH COMPANY, LTD.
CRP-C0239-01 Notice: This document is the English translation version of the Certification Report published by the Certification Body of Japan Information Technology Security Evaluation and Certification Scheme.
CRP-C0239-01 Table of Contents 1. Executive Summary ............................................................................... 1 1.1 Introduction ..................................................................................... 1 1.2 Evaluated Product ............................................................................ 1 1.2.1 Name of Product ......................................................................... 1 1.2.2 Product Overview ..................................................
CRP-C0239-01 1. Executive Summary 1.1 Introduction This Certification Report describes the content of certification result in relation to IT Security Evaluation of "Japan:Ricoh imagio MP 4000/5000 series, Overseas:Ricoh Aficio MP 4000/5000 series, Savin 9040/9050 series, Lanier MP 4000/5000 series, Gestetner MP 4000/5000 series, Nashuatec MP 4000/5000 series, Rex-Rotary MP 4000/5000 series, Infotec MP 4000/5000 series Version System/Copy:1.09, Network Support:7.23, Scanner:01.23, Printer:1.09, Fax:03.00.
CRP-C0239-01 The "~ series" in the product names is the generic name for multiple products. The following are the specific product/model names for each "~ series". Some of these products have the Fax Function, and some of these do not. When an "F" is suffixed to the product name, it indicates that the product has the Fax Function, and when an "F" is not suffixed, the product does not have the Fax Function.
CRP-C0239-01 1.2.3 Scope of TOE and Overview of Operation 1.2.3.1 Scope of TOE The TOE is the product of this certification and it is configured as it satisfies the following. If the configuration of the product does not satisfy some of the following, it means that the product is not the TOE.
CRP-C0239-01 - Fax Unit (Optional) The Fax Unit is a device that has a modem function to send and receive fax data when connected to a telephone line. - Controller Board The Controller Board contains Processors, RAM, NVRAM, Ic Key and FlashROM. The brief description of each item is as follows: [Processor] A processor that carries out the processing such as arithmetic processing according to software. [RAM] A volatile memory that is used for an image processing memory.
CRP-C0239-01 1.2.3.2 Operation Overview of TOE Office FTP server SMTP server Firewall SMB server Internal Internal Network Network Internet (External Network) USB Connect MFP (TOE) Printer Driver Fax Driver Web browser Printer Driver Fax Driver A Telephone Line Client PC Client PC Fig. 1-2 Example of Environment for usage of TOE The TOE is used in the environment as shown in the example in Figure 1-2, and its main purpose is to input, output, and store image data.
CRP-C0239-01 Printer Engine. The scanned image data can be stored in D-BOX as Document Data (except for the Scanner Function). 1.2.4.2 Printer Function The Printer Function is used to receive the print data from a client PC via Network Unit or USB Port sent from a client PC and to print out the data using Direct Print Function or Store and Print Function. Direct Print Function simply prints out the received print data using Printer Engine.
CRP-C0239-01 1.2.4.8 Document Server Function (Management) The Document Server Function (Management) is used to carry out the specified process (described below) either to the "stored Document Data in D-BOX (except for the Scanner Function) or the specified Fax Reception Data".
CRP-C0239-01 Although the Web Service Function is available for the functions described above in "1.2.4.1 Copy Function" - "1.2.4.11 Management Function", there are some functions that are not available using this Web Service Function. 1.
CRP-C0239-01 1.5.2 EAL Evaluation Assurance Level of TOE defined by this ST is EAL3 conformance. 1.5.3 SOF This ST claims "SOF-basic" as its minimum strength of function. This TOE is assumed to be placed on the premises for organizations such as offices in which the risk of its assumed threats is low, and to be operated with it connected to the Internal Networks of the organization. Therefore SOF-basic is selected. 1.5.
CRP-C0239-01 - Network Administration - File Administration After the TOE carries out (2), the operator gives the instruction to the TOE of what he/she wants to operate. The instruction may include the "operation on Document Data" or "use of the Management Function". Either (3) or (4) is processed, depending on which instruction you select.
CRP-C0239-01 for changing the document file owners). - It is allowed for the General Users to change their own "authentication information", "Document Data Default ACL (except for field of the document file owner)" and "S/MIME User Information". Since (4) limits the use of the Security Management Function to the "authorized person to use the Security Management Function", the TOE counters T.ABUSE_SEC_MNG. 1.5.4.2 Countermeasure to T.
CRP-C0239-01 Table 1-1 (3) Specific data, mechanism and scope Target data Document Data that are output from Network Unit using the "Scanner Function (Scan)" or "Scanner Function (Management)" Protection mechanism and protected scope When delivering to folders: The Internal Networks between Network Unit and the "SMB Server or FTP Server of the specified folders" is protected by IPSec mechanism.
CRP-C0239-01 1.5.5 Threat This TOE assumes such threats presented in Table 1-2 and provides functions for countermeasure to them. Table 1-2 Assumed Threats Identifier T.ILLEGAL_USE T.UNAUTH_ACCESS T.ABUSE_SEC_MNG T.SALVAGE T.TRANSIT T.FAX_LINE Threat Attackers may read or delete the Document Data by gaining unauthorized access to the TOE from the TOE external interfaces (Operation Panel, Network Interface, USB Interface or SD CARD interface).
CRP-C0239-01 - SMB Server connected to the TOE via Ethernet (An SMB Server has to support the IPSec communication) - Public telephone line or equivalent line The following drivers or later version of these drivers are required when using the TOE from the client PC with drivers. - RPCS Driver V7.68 for domestic machines - RPCS Driver V7.66 for overseas machines - PC Fax Driver V1.59 for domestic machines - LAN Fax Driver V1.60 for overseas machines Internet Explorer 6.
CRP-C0239-01 1.5.9 Documents Attached to Product Documents attached to the TOE are listed below.
CRP-C0239-01 - Documents in CD-ROM > Manuals 9040 / 9040b / 9050 / 9050b MP 4000 / 5000 / 4000B / 5000B LD040 / LD050 / LD040B / LD050B Aficio MP / 4000 / 4000B / 5000 / 5000B (D009-7502A) > Manuals for Administrators Security Reference 9040 / 9040b / 9050 / 9050b MP 4000 / 5000 / 4000B / 5000B LD040 / LD050 / LD040B / LD050B Aficio MP / 4000 / 4000B / 5000 / 5000B (D009-7504A) > Manuals for Administrators Security Reference Supplement 9040 / 9040b / 9050 / 9050b MP 4000 / 5000 / 4000B / 5000B LD040 / LD05
CRP-C0239-01 For Asia (English version) - Printed documents > Notes for Users Back Up/Restore Address Book (D015-7107) > Notes for Administrators: Using this Machine in a CC-Certified Environment (D011-7782, D011-7784 for GSA)) > 9040 / 9040b / 9050 / 9050b MP 4000 / MP 4000B / MP 5000 / MP 5000B LD040 / LD040B / LD050 / LD050B Aficio MP / 4000 / 4000B / 5000 / 5000B Operating Instructions About This Machine (D012-7755) > 9040 / 9040b / 9050 / 9050b MP 4000 / MP 4000B / MP 5000 / MP 5000B LD040 / LD040B / L
CRP-C0239-01 2. Conduct and Results of Evaluation by Evaluation Facility 2.1 Evaluation Methods Evaluation was conducted by using the evaluation methods prescribed in CEM in accordance with the assurance requirements in CC Part 3. Details for evaluation activities are report in the Evaluation Technical Report. It described the description of overview of the TOE, and the contents and verdict evaluated by each work unit prescribed in CEM. 2.
CRP-C0239-01 Telephone Switchboard Simulator MFP for the TOE PSTN PSTN FAX Machine Mail Server USB FTP Server Internal Network SMB Server Client PC (PC for Evaluation) Figure 2-1 Configuration of Developer Testing The following outlines show the elements of the test configuration.
CRP-C0239-01 Ricoh imagio MP 5000SPF, Ricoh Aficio MP 4000SPF were used for machines with Fax function. - Telephone Switchboard Simulator TLE-101III (manufactured by LSI JAPAN CO., LTD.) was used for machines to be considered equivalent to public lines. The configuration of the developer testing covers the TOE configuration which is identified in this ST except for MFP as the TOE.
CRP-C0239-01 of the developer testing and the validity of the implementation items, and then verified that the implementation methods and results met the ones shown in the test plans. 2.3.2 Evaluator Testing 1) Evaluator Test Environment The configuration of testing which the evaluators implemented is the same as the one of the developer testing. The configuration is shown in Fig. 2-1.
CRP-C0239-01 a. Test configuration The test configuration which the evaluators implemented is shown in Figure 2-1. The evaluator testing is implemented in the environment to be considered as covering the TOE configuration identified in ST. b. Testing Approach The testing was implemented in the same way as the developer testing. c.
CRP-C0239-01 1. Use the tool for port scan and the command to access the network port (Rlogin, Telnet, SSH, Rsh, FTP) and investigate the network port which can use TOE. 2. Investigate the potential URL which can bypass the Identification and Authentication function and the access control function, and then enter in the browser the URL which was found by the result to try to access. 3. Attempt all the possible operations except for the login operation from the Operation Panel or Web interface. 4.
CRP-C0239-01 3. Conduct of Certification The following certification was conducted based on each materials submitted by evaluation facility during evaluation process. 1. Contents pointed out in the Observation Report shall be adequate. 2. Contents pointed out in the Observation Report shall properly be reflected. 3. Evidential materials submitted were sampled, its contents were examined, and related work units shall be evaluated as presented in the Evaluation Technical Report. 4.
CRP-C0239-01 4. Conclusion 4.1 Certification Result The Certification Body verified the Evaluation Technical Report, the Observation Report and the related evaluation evidential materials submitted and confirmed that all evaluator action elements required in CC Part 3 are conducted appropriately to the TOE. The Certification Body verified the TOE is satisfied the EAL3 assurance requirements prescribed in CC Part 3. 4.2 Recommendations 4.2.
CRP-C0239-01 5. Glossary The abbreviations used in this report are listed below. CC: Common Criteria Evaluation for Information CEM: Common Methodology Evaluation EAL: Evaluation Assurance Level PP: Protection Profile SOF: Strength of Function ST: Security Target TOE: Target of Evaluation TSF: TOE Security Functions for Information Technology Technology Security Security The glossaries used in this report are listed below.
CRP-C0239-01 Document Data Electronic data that are loaded into MFP by authorized MFP users using either of the following operations. 1. Electronic data that are scanned from paper-based original and digitized by authorized MFP users' operation. 2. Electronic data that are sent to the MFP by authorized MFP users and converted by the MFP from received Print Data into a format that can be processed by the MFP. Document Data ACL An access control list of General Users that is set for each Document Data.
CRP-C0239-01 Internet Fax A function that converts scanned document images to e-mail format and transit the data over the Internet, and a machine that has an e-mail address can receive the e-mail sent using this function. IP-Fax A function that sends and receives document files between two faxes directly via a TCP/IP network. It is also possible to send document files to a fax that is connected to a telephone line using this function.
CRP-C0239-01 Sending by E-mail A function that sends e-mail with the attached Document Data from the TOE. SMB Server A server for sharing files with client PC using Server Message Block protocol. S/MIME User Information Information about each General User that is required for using S/MIME. Includes E-mail address, user certificates and specified value for S/MIME use. SMTP Server A server for sending E-mail using Simple Mail Transfer Protocol.
CRP-C0239-01 6. Bibliography [1] imagio MP 4000/5000 series, Aficio MP 4000/5000 series Security Target Version 1.13 (October 30, 2009) RICOH COMPANY, LTD.
