1、g44g40g40g40g3g54g87g71g3g21g25g19g19g17g22g140g16g21g19g20g19g44g40g40g40g3g54g87g68g81g71g68g85g71g3g51g85g82g87g72g70g87g76g82g81g3g51g85g82g191g79g72g3g73g82g85g3g43g68g85g71g70g82g83g92g3g39g72g89g76g70g72g86g3g76g81g3g44g40g40g40g3g54g87g71g3g21g25g19g19g140g16g21g19g19g27g3g50g83g72g85g68g87g
2、76g82g81g68g79g3g40g81g89g76g85g82g81g80g72g81g87g3g38g3g44g40g40g40g3g38g82g80g83g88g87g72g85g3g54g82g70g76g72g87g92g54g83g82g81g86g82g85g72g71g3g69g92g3g87g75g72g44g81g73g82g85g80g68g87g76g82g81g3g36g86g86g88g85g68g81g70g72g3g38g82g80g80g76g87g87g72g72g3g44g40g40g40g22g3g51g68g85g78g3g36g89g72g81g
3、88g72g3g49g72g90g3g60g82g85g78g15g3g49g60g3g20g19g19g20g25g16g24g28g28g26g15g3g56g54g36g3g3g24g3g48g68g85g70g75g3g21g19g20g19g21g25g19g19g17g22g55g48IEEE Std 2600.3TM-2009 IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600-2008 Operational Environment C Sponsor Information Assura
4、nce Committee of the IEEE Computer Society Approved 9 December 2009 IEEE-SA Standards Board Common Criteria Protection Profile information: PP Identification: IEEE Std 2600.3-2009 PP Registration: Not registered at the time of publication Version: 1.0 Date: October 2009 Author: Hardcopy Device and S
5、ystem Security Working Group Sponsor: IEEE Computer Society Information Assurance (C/IA) Committee Common Criteria Scheme:Not validated at the time of publication Common Criteria Testing Lab: atsec information security Common Criteria conformance: Version 3.1, Release 2, Part 2 extended and Part 3 c
6、onformant Assurance level: EAL 2 augmented by ALC_FLR.1 2010 IEEE. Copyright claimed in Clauses 10, 11, and 13, exclusive of text from Common Criteria Part 2, Version 3.1, and in Annexes A and B, exclusive of text from Common Criteria Part 1, Version 3.1. Abstract: A Protection Profile for Hardcopy
7、Devices in a public-facing environment is provided in this standard in which document security is not guaranteed, but access control and usage accounting are important to the operator of the environment. A retail copy center, public library, Internet caf, and hotel business center are typical applic
8、ations of this environment. This environment will be known as “Operational Environment C.” Keywords: all-in-one, Common Criteria, copier, disk overwrite, document, document server, document storage and retrieval, facsimile, fax, hardcopy, ISO/IEC 15408, multifunction device (MFD), multifunction prod
9、uct (MFP), network, network interface, nonvolatile storage, office, paper, printer, Protection Profile, residual data, scanner, security target, shared communications medium, temporary data The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA Copyri
10、ght 2010 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 5 March 2010. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individual standard for educational
11、 classroom use can also be obtained through the Copyright Clearance Center. iv Copyright 2010 IEEE. All rights reserved. Introduction This introduction is not part of IEEE Std 2600.3TM-2009, IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600-2008 Operational Environment C. This d
12、ocument is a standard for a Common Criteria Protection Profile for Hardcopy Devices. It is intended to be used by manufacturers of Hardcopy Devices to write conformant Security Target documents for Common Criteria certification of their hardcopy device products. It may also be used to write conforma
13、nt Protection Profiles for Hardcopy Devices. This standard is related to IEEE Std 2600TM-2008. IEEE Std 2600-2008 is a more general standard for hardcopy device security and contains a large amount of content that is beyond the scope of or otherwise inappropriate for a Common Criteria Protection Pro
14、file. The two standards are related by way of the compliance clause of IEEE Std 2600-2008. With some well-defined exceptions, 8.1.3 of IEEE Std 2600-2008 contains Security Objectives that are technically consistent with the Security Objectives (APE_OBJ) clause of this document. The exceptions to thi
15、s consistency between IEEE Std 2600 and this standard are distinguished by the use of the word “should” instead of “shall” in IEEE Std 2600-2008 and the absence of those objectives in this standard. For more information Further information, including the status and updates of this standard, can be f
16、ound on the Internet at http:/grouper.ieee.org/groups/2600/. Comments or questions regarding this document should be directed to stds-2600-3ieee.org. The comments should include the title of the document, the page, section, and paragraph numbers, and a detailed comment or recommendation. Notice to u
17、sers Laws and regulations Users of these documents should consult all applicable laws and regulations. Compliance with the provi-sions of this standard does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the
18、applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights This document is copyrighted by the IEEE. It is made available for a wide var
19、iety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making this document available for use and adoption by public authorities and private u
20、sers, the IEEE does not waive any rights in copyright to this document. Updating of IEEE documents Users of IEEE standards should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrig
21、enda, or errata. An official IEEE document at any point in time consists of the current edition of the v Copyright 2010 IEEE. All rights reserved. document together with any amendments, corrigenda, or errata then in effect. In order to determine whether a given document is the current edition and wh
22、ether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE Standards Association Web site at http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously. For more information about the IEEE Standards Association or the IE
23、EE standards development process, visit the IEEE-SA website at http:/standards.ieee.org. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/updates/errata/index.html. Users are encouraged to check this URL for errata pe
24、riodically. Interpretations Current interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/ index.html. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publi
25、cation of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of
26、Patents Claims or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any
27、 patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association. Participants At the time this standard was submitted to the IEEE-SA Standards Board, the Hardcopy Device and System Security Wor
28、king Group had the following membership: Don Wright, Chair Lee Farrell, Vice Chair Brian Smithson, Secretary and Lead Editor Carmen Aubry, Nancy Chen, Ron Nevo, and Alan Sukert, Editors Shah Bhatti Peter Cybuck Nick Del Re Satoshi Fujitani Tom Haapanen Akihiko Iwasaki Harry Lewis Takanori Masui Yusu
29、ke Ohta Ken Ota Glen Petrie Amir Shahindoust Jerry Thrasher Hiroki Uchiyama Shigeru Ueda Brian Volkoff Bill Wagner Sameer Yamivi Copyright 2010 IEEE. All rights reserved. The following members of the balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or a
30、bstention. Carmen Aubry Matthew Ball Ying Chen Danila Chernestov Keith Chow Paul Croll Geoffrey Darnton Nick Del Re Russell Dietz Lee Farrell Randall Groves Mark Henley Werner Hoelzl Raj Jain Piotr Karocki G. Luri Edward McCall Michael S. Newman Stephen Schwarm Steven Smith Brian Smithson Thomas Sta
31、rai Jerry Thrasher Thomas Tullia Paul Work Forrest Wright Sameer Yami Acknowledgments The following companies have agreed to make financial contributions to underwrite the cost of Common Criteria certification of some or all of the IEEE Std 2600-series Protection Profiles: Canon Fuji-Xerox HP InfoPr
32、int Solutions Konica Minolta Kyocera-Mita Lexmark Oc Oki Data Ricoh Samsung Sharp Toshiba Xerox When the IEEE-SA Standards Board approved this standard on 9 December 2009, it had the following membership: Robert M. Grow, Chair Tom A. Prevost, Vice Chair Steve M. Mills, Past Chair Judith Gorman, Secr
33、etary John Barr Karen Bartelson Victor Berman Ted Burse Richard DeBlasio Andrew Drozd Mark Epstein Alexander Gelman James Hughes Richard H. Hulett Young Kyun Kim Joseph L. Koepfinger* John Kulick David J. Law Ted Olsen Glenn Parsons Ronald C. Petersen Narayanan Ramachandran Jon Walter Rosdahl Sam Sc
34、iacca Howard L. Wolfman *Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Satish K. Aggarwal, NRC Representative Michael Janezic, NIST Representative Don Messina IEEE Standards Program Manager, Document Development Michael D. Kipness IEEE Standards Program
35、Manager, Technical Program Development vii Copyright 2010 IEEE. All rights reserved. Contents 1. Overview. 1 1.1 Scope . 1 1.2 Purpose 1 1.3 Application notes. 1 1.4 Notational conventions 2 2. Normative references 2 3. Protection Profile introduction (APE_INT) 3 3.1 Protection Profile usage. 3 3.2
36、Protection Profile reference. 3 4. Hardcopy Device overview (APE_INT). 3 4.1 Typical products 3 4.2 Typical usage. 4 5. TOE Overview (APE_INT) 4 5.1 TOE functions . 4 5.2 TOE model 5 5.3 Entity definitions . 6 5.4 TOE operational model . 8 6. Conformance claims (APE_CCL) 9 6.1 Conformance to Common
37、Criteria 9 6.2 Conformance to other Protection Profiles . 9 6.3 Conformance to Packages . 9 6.4 Conformance to this Protection Profile . 9 7. Security Problem Definition (APE_SPD).10 7.1 Threats agents 10 7.2 Threats to TOE Assets. 10 7.3 Organizational Security Policies for the TOE . 10 7.4 Assumpt
38、ions 11 8. Security Objectives (APE_OBJ). 11 8.1 Security Objectives for the TOE . 11 8.2 Security Objectives for the IT environment 11 8.3 Security Objectives for the non-IT environment . 12 8.4 Security Objectives rationale. 12 9. Extended components definition (APE_ECD) 15 9.1 FPT_FDI_EXP Restric
39、ted forwarding of data to external interfaces 15 viii Copyright 2010 IEEE. All rights reserved. 10. Common Security Functional Requirements (APE_REQ) 17 10.1 Class FAU: Security audit. 17 10.2 Class FCO: Communication 18 10.3 Class FCS: Cryptographic support 18 10.4 Class FDP: User Data protection.
40、19 10.5 Class FIA: Identification and authentication . 19 10.6 Class FMT: Security management 21 10.7 Class FPR: Privacy 22 10.8 Class FPT: Protection of the TSF 22 10.9 Class FRU: Resource utilization . 23 10.10 Class FTA: TOE access. 23 10.11 Class FTP: Trusted paths/channels 23 10.12 Common secur
41、ity requirements rationale 23 11. Security Assurance Requirements (APE_REQ). 26 12. SFR Packages introduction 26 12.1 SFR Packages usage 26 12.2 SFR Packages reference 27 12.3 SFR Package functions 27 12.4 SFR Package attributes 27 13. 2600.3-SMI SFR Package for Hardcopy Device Shared-medium Interfa
42、ce Functions, Operational Environment C . 28 13.1 SMI SFR Package introduction . 28 13.2 Class FAU: Security audit. 28 13.3 Class FPT: Protection of the TSF 29 13.4 Class FTP: Trusted paths/channels 29 13.5 SMI security requirements rationale 30 Annex A (normative) Glossary. 31 Annex B (normative) A
43、cronyms 34 Annex C (informative) Bibliography 35 1 Copyright 2010 IEEE. All rights reserved. IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600-2008 Operational Environment C IMPORTANT NOTICE: This standard is not intended to ensure safety, security, health, or environmental prot
44、ection in all circumstances. Implementers of the standard are responsible for determining appropriate safety, security, environmental, and health practices or regulatory requirements. This IEEE document is made available for use subject to important notices and legal disclaimers. These notices and d
45、isclaimers appear in all publications containing this document and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on request from IEEE or viewed at http:/standards.ieee.org/IPR/disclaimers.html. 1. Overvie
46、w 1.1 Scope This standard is for a Protection Profile for Hardcopy Devices in a public-facing environment in which document security is not guaranteed, but access control and usage accounting are important to the operator of the environment. A retail copy center, public library, Internet caf, and ho
47、tel business center are typical applications of this environment. This environment will be known as “Operational Environment C.” 1.2 Purpose The purpose of this standard is to create a security Protection Profile (PP) for Hardcopy Devices in Operational Environment C as defined in IEEE Std 2600TM-20
48、08.11.3 Application notes Application notes are provided where they may contribute to the readers understanding. These notes, while not part of the formal statement of this Protection Profile, are included as an acknowledgment of the diverse uses of this document and are intended to provide guidance
49、 to its users. 1Information on references can be found in Clause 2. IEEE Std 2600.3-2009 IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600TM-2008 Operational Environment C 2 Copyright 2010 IEEE. All rights reserved. 1.4 Notational conventions The following notational conventions are used throughout this standard: a) Defined terms in full form are set in title case (for example, “Document Storage and Retrieval”). b) Defined terms in abbreviated form are set in all caps (for example, “DSR”). c) In tables that describe Security Objective
