IEEE 2600 2-2009 en Protection Profile for Hardcopy Devices in IEEE Std 2600-2008 Operational Environment B (IEEE Computer Society)《IEEE Std 2600-2008操作环境B中的硬拷贝.pdf

1、g44g40g40g40g3g54g87g71g3g21g25g19g19g17g21g140g16g21g19g19g28g44g40g40g40g3g54g87g68g81g71g68g85g71g3g51g85g82g87g72g70g87g76g82g81g3g51g85g82g191g79g72g3g73g82g85g3g43g68g85g71g70g82g83g92g3g39g72g89g76g70g72g86g3g76g81g3g44g40g40g40g3g54g87g71g3g21g25g19g19g140g16g21g19g19g27g3g50g83g72g85g68g87g

2、76g82g81g68g79g3g40g81g89g76g85g82g81g80g72g81g87g3g37g3g44g40g40g40g3g38g82g80g83g88g87g72g85g3g54g82g70g76g72g87g92g54g83g82g81g86g82g85g72g71g3g69g92g3g87g75g72g44g81g73g82g85g80g68g87g76g82g81g3g36g86g86g88g85g68g81g70g72g3g38g82g80g80g76g87g87g72g72g3g44g40g40g40g22g3g51g68g85g78g3g36g89g72g81g

3、88g72g3g49g72g90g3g60g82g85g78g15g3g49g60g3g20g19g19g20g25g16g24g28g28g26g15g3g56g54g36g3g3g21g25g3g41g72g69g85g88g68g85g92g3g21g19g20g19g21g25g19g19g17g21g55g48IEEE Std 2600.2TM-2009 IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600TM-2008 Operational Environment B Sponsor Info

4、rmation Assurance Committee of the IEEE Computer Society Approved 9 December 2009 IEEE-SA Standards Board Common Criteria Protection Profile information: PP Identification: IEEE Std 2600.2-2009 PP Registration: BSI-CC-PP-0058-2009 Version: 1.0 Date: March 2009 Author: Hardcopy Device and System Secu

5、rity Working Group Sponsor: IEEE Computer Society Information Assurance (C/IA) Committee Common Criteria Scheme: DE (BSI Bundesamt fr Sicherheit in der Informationstechnik) Common Criteria Testing Lab: atsec information security Common Criteria conformance: Version 3.1, Revision 2, Part 2 extended a

6、nd Part 3 conformant Assurance level: EAL 2 augmented by ALC_FLR.2 2010 IEEE. Copyright claimed in Clauses 10, 11, 13-17, and 19, exclusive of text from Common Criteria Part 2, Version 3.1, and in Annexes A and B, exclusive of text from Common Criteria Part 1, Version 3.1. Abstract: This standard is

7、 for a Protection Profile for Hardcopy Devices in a commercial information processing environment in which a moderate level of document security, network security, and security assurance are required. Typically, the day-to-day proprietary and nonproprietary information needed to operate an enterpris

8、e will be handled by this environment. This environment will be known as “Operational Environment B.” Keywords: all-in-one, Common Criteria, copier, disk overwrite, document, document server, document storage and retrieval, facsimile, fax, hardcopy, ISO/IEC 15408, multifunction device (MFD), multifu

9、nction product (MFP), network, network interface, nonvolatile storage, office, paper, printer, Protection Profile, residual data, scanner, security target, shared communications medium, temporary data The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997,

10、 USA Copyright 2010 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 26 February 2010. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individual standard

11、for educational classroom use can also be obtained through the Copyright Clearance Center. iv Copyright 2010 IEEE. All rights reserved. Introduction This introduction is not part of IEEE Std 2600.2TM-2009, IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600-2008 Operational Enviro

12、nment B. This document is a standard for a Common Criteria Protection Profile for Hardcopy Devices. It is intended to be used by manufacturers of Hardcopy Devices to write conformant Security Target documents for Common Criteria certification of their hardcopy device products. It may also be used to

13、 write conformant Protection Profiles for Hardcopy Devices. This standard is related to IEEE Std 2600TM-2008. IEEE Std 2600-2008 is a more general standard for hardcopy device security and contains a large amount of content that is beyond the scope of or otherwise inappropriate for a Common Criteria

14、 Protection Profile. The two standards are related by way of the compliance clause of IEEE Std 2600-2008. With some well-defined exceptions, 8.1.2 of IEEE Std 2600-2008 contains Security Objectives that are technically consistent with the Security Objectives (APE_OBJ) clause of this document. The ex

15、ceptions to this consistency between IEEE Std 2600-2008 and this standard are distinguished by the use of the word “should” instead of “shall” in IEEE Std 2600-2008 and the absence of those objectives in this standard. For more information Further information, including the status and updates of thi

16、s standard, can be found on the Internet at http:/grouper.ieee.org/groups/2600/. Comments or questions regarding this document should be directed to stds-2600-2ieee.org. The comments should include the title of the document, the page, section, and paragraph numbers, and a detailed comment or recomme

17、ndation. Notice to users Laws and regulations Users of these documents should consult all applicable laws and regulations. Compliance with the provisions of this standard does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing o

18、r referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights This document is copyrighted by the IEEE. It is made avail

19、able for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making this document available for use and adoption by public author

20、ities and private users, the IEEE does not waive any rights in copyright to this document. Updating of IEEE documents Users of IEEE standards should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of

21、 amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. In order to determine whether a given document is the current edition and whether it has been amended

22、 through the issuance of v Copyright 2010 IEEE. All rights reserved. amendments, corrigenda, or errata, visit the IEEE Standards Association Web site at http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously. For more information about the IEEE Standards As

23、sociation or the IEEE standards development process, visit the IEEE-SA website at http:/standards.ieee.org. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/updates/errata/index.html. Users are encouraged to check thi

24、s URL for errata periodically. Interpretations Current interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/ index.html. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by pate

25、nt rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal va

26、lidity or scope of Patents Claims or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of

27、the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association. Participants At the time this standard was submitted to the IEEE-SA Standards Board, the Hardcopy Device and

28、System Security Working Group had the following membership: Don Wright, Chair Lee Farrell, Vice Chair Brian Smithson, Secretary and Lead Editor Carmen Aubry, Nancy Chen, Ron Nevo, and Alan Sukert, Editors Shah Bhatti Peter Cybuck Nick Del Re Satoshi Fujitani Tom Haapanen Akihiko Iwasaki Harry Lewis

29、Takanori Masui Yusuke Ohta Ken Ota Glen Petrie Amir Shahindoust Jerry Thrasher Hiroki Uchiyama Shigeru Ueda Brian Volkoff Bill Wagner Sameer Yamivi Copyright 2010 IEEE. All rights reserved. The following members of the balloting committee voted on this standard. Balloters may have voted for approval

30、, disapproval, or abstention. Carmen Aubry Matthew Ball Ying Chen Danila Chernestov Keith Chow Paul Croll Geoffrey Darnton Nick Del Re Russell Dietz Lee Farrell Randall Groves Mark Henley Werner Hoelzl Raj Jain Piotr Karocki G. Luri Michael S. Newman Stephen Schwarm Steven Smith Brian Smithson Thoma

31、s Starai Jerry Thrasher Thomas Tullia Paul Work Forrest Wright Sameer Yami Acknowledgments The following companies have agreed to make financial contributions to underwrite the cost of Common Criteria certification of some or all of the IEEE Std 2600-series Protection Profiles: Canon Fuji-Xerox HP I

32、nfoPrint Solutions Konica Minolta Kyocera-Mita Lexmark Oc Oki Data Ricoh Samsung Sharp Toshiba Xerox When the IEEE-SA Standards Board approved this standard on 9 December 2009, it had the following membership: Robert M. Grow, Chair Tom A. Prevost, Vice Chair Steve M. Mills, Past Chair Judith Gorman,

33、 Secretary John Barr Karen Bartelson Victor Berman Ted Burse Richard DeBlasio Andrew Drozd Mark Epstein Alexander Gelman James Hughes Richard H. Hulett Young Kyun Kim Joseph L. Koepfinger* John Kulick David J. Law Ted Olsen Glenn Parsons Ronald C. Petersen Narayanan Ramachandran Jon Walter Rosdahl S

34、am Sciacca Howard L. Wolfman *Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Satish K. Aggarwal, NRC Representative Michael Janezic, NIST Representative Don Messina IEEE Standards Program Manager, Document Development Michael D. Kipness IEEE Standards Pro

35、gram Manager, Technical Program Development vii Copyright 2010 IEEE. All rights reserved. Contents 1. Overview. 1 1.1 Scope . 1 1.2 Purpose 1 1.3 Application notes. 1 1.4 Notational conventions 2 2. Normative references 2 3. Protection Profile introduction (APE_INT) 3 3.1 Protection Profile usage. 3

36、 3.2 Protection Profile reference. 3 4. Hardcopy Device overview (APE_INT). 3 4.1 Typical products 3 4.2 Typical usage. 4 5. TOE Overview (APE_INT) 4 5.1 TOE functions . 4 5.2 TOE model 5 5.3 Entity definitions . 6 5.4 TOE operational model . 8 6. Conformance claims (APE_CCL) 9 6.1 Conformance to Co

37、mmon Criteria 9 6.2 Conformance to other Protection Profiles . 9 6.3 Conformance to Packages . 9 6.4 Conformance to this Protection Profile . 9 7. Security Problem Definition (APE_SPD).10 7.1 Threats agents 10 7.2 Threats to TOE Assets. 10 7.3 Organizational Security Policies for the TOE . 10 7.4 As

38、sumptions 11 8. Security Objectives (APE_OBJ). 11 8.1 Security Objectives for the TOE . 11 8.2 Security objectives for the IT environment . 12 8.3 Security objectives for the non-IT environment 12 8.4 Security objectives rationale 13 9. Extended components definition (APE_ECD) 16 9.1 FPT_CIP_EXP Con

39、fidentiality and integrity of stored data 16 9.2 FPT_FDI_EXP Restricted forwarding of data to external interfaces 18 viii Copyright 2010 IEEE. All rights reserved. 10. Common Security Functional Requirements (APE_REQ) 19 10.1 Class FAU: Security audit. 19 10.2 Class FCO: Communication 21 10.3 Class

40、FCS: Cryptographic support 21 10.4 Class FDP: User Data protection. 21 10.5 Class FIA: Identification and authentication . 24 10.6 Class FMT: Security management 26 10.7 Class FPR: Privacy 29 10.8 Class FPT: Protection of the TSF 30 10.9 Class FRU: Resource utilization . 30 10.10 Class FTA: TOE acce

41、ss. 31 10.11 Class FTP: Trusted paths/channels 31 10.12 Common security requirements rationale 31 11. Security Assurance Requirements (APE_REQ). 34 12. SFR Packages introduction 35 12.1 SFR Packages usage 35 12.2 SFR Packages reference 35 12.3 SFR Package functions 37 12.4 SFR Package attributes 37

42、13. 2600.2-PRT SFR Package for Hardcopy Device Print Functions, Operational Environment B 38 13.1 PRT SFR Package introduction. 38 13.2 Class FDP: User Data protection. 38 13.3 PRT security requirements rationale . 39 14. 2600.2-SCN SFR Package for Hardcopy Device Scan Functions, Operational Environ

43、ment B . 40 14.1 SCN SFR Package introduction 40 14.2 Class FDP: User Data protection. 40 14.3 SCN security requirements rationale. 41 15. 2600.2-CPY SFR Package for Hardcopy Device Copy Functions, Operational Environment B. 42 15.1 CPY SFR Package introduction 42 15.2 Class FDP: User Data protectio

44、n. 42 15.3 CPY security requirements rationale. 43 16. 2600.2-FAX SFR Package for Hardcopy Device Fax Functions, Operational Environment B. 44 16.1 FAX SFR Package introduction 44 16.2 Class FDP: User Data protection. 44 16.3 FAX security requirements rationale. 46 17. 2600.2-DSR SFR Package for Har

45、dcopy Device Document Storage and Retrieval Functions, Operational Environment B 46 17.1 DSR SFR Package introduction 46 17.2 Class FDP: User Data protection. 46 17.3 DSR security requirements rationale. 48 ix Copyright 2010 IEEE. All rights reserved. 18. 2600.2-NVS SFR Package for Hardcopy Device N

46、onvolatile Storage Functions, Operational Environment B . 48 18.1 NVS SFR Package introduction 48 18.2 Class FPT: Protection of the TSF 49 18.3 NVS security requirements rationale. 49 19. 2600.2-SMI SFR Package for Hardcopy Device Shared-medium Interface Functions, Operational Environment B . 50 19.

47、1 SMI SFR Package introduction . 50 19.2 Class FAU: Security audit. 50 19.3 Class FPT: Protection of the TSF 51 19.4 Class FTP: Trusted paths/channels 52 19.5 SMI security requirements rationale 52 Annex A (normative) Glossary 54 Annex B (normative) Acronyms . 57 Annex C (informative) Bibliography 5

48、8 1 Copyright 2010 IEEE. All rights reserved. IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600TM-2008 Operational Environment B IMPORTANT NOTICE: This standard is not intended to ensure safety, security, health, or environmental protection in all circumstances. Implementers of

49、the standard are responsible for determining appropriate safety, security, environmental, and health practices or regulatory requirements. This IEEE document is made available for use subject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this document and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on request from IEEE or viewed at http:/standards.ieee.org/IPR/disclaimers.html. 1. Overview 1.1 S