1、g44g40g40g40g3g54g87g71g3g21g25g19g19g17g23g140g16g21g19g20g19g44g40g40g40g3g54g87g68g81g71g68g85g71g3g51g85g82g87g72g70g87g76g82g81g3g51g85g82g191g79g72g3g73g82g85g3g43g68g85g71g70g82g83g92g3g39g72g89g76g70g72g86g3g76g81g3g44g40g40g40g3g54g87g71g3g21g25g19g19g140g16g21g19g19g27g3g50g83g72g85g68g87g
2、76g82g81g68g79g3g40g81g89g76g85g82g81g80g72g81g87g3g39g3g44g40g40g40g3g38g82g80g83g88g87g72g85g3g54g82g70g76g72g87g92g54g83g82g81g86g82g85g72g71g3g69g92g3g87g75g72g44g81g73g82g85g80g68g87g76g82g81g3g36g86g86g88g85g68g81g70g72g3g38g82g80g80g76g87g87g72g72g3g44g40g40g40g22g3g51g68g85g78g3g36g89g72g81g
3、88g72g3g49g72g90g3g60g82g85g78g15g3g49g60g3g20g19g19g20g25g16g24g28g28g26g15g3g56g54g36g3g3g24g3g48g68g85g70g75g3g21g19g20g19g21g25g19g19g17g23g55g48IEEE Std 2600.4TM-2010 IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600TM-2008 Operational Environment D Sponsor Information Assu
4、rance Committee of the IEEE Computer Society Approved 2 February 2010 IEEE-SA Standards Board Common Criteria Protection Profile information: PP Identification: IEEE Std 2600.4-2010 PP Registration: Not registered at the time of publication Version: 1.0 Date: December 2009 Author: Hardcopy Device an
5、d System Security Working Group Sponsor: IEEE Computer Society Information Assurance (C/IA) Committee Common Criteria Scheme: Not validated at the time of publication Common Criteria Testing Lab: atsec information security Common Criteria conformance: Version 3.1, Release 2, Part 2 extended and Part
6、 3 conformant Assurance level: EAL 1 Low Assurance Level 2010 IEEE. Copyright claimed in Clauses 10, 11, and 13, exclusive of text from Common Criteria Part 2, Version 3.1, and in Annexes A and B, exclusive of text from Common Criteria Part 1, Version 3.1. Abstract: A Protection Profile for Hardcopy
7、 Devices in a small, private information processing environment is discussed in this standard in which most elements of security are provided by the physical environment, but basic network security is needed to protect the device and its network from misuse from outside of the environment. Small off
8、ices and home offices are typical applications of this environment. This environment will be known as “Operational Environment D.” Keywords: all-in-one, Common Criteria, copier, disk overwrite, document, document server, document storage and retrieval, facsimile, fax, hardcopy, ISO/IEC 15408, multif
9、unction device (MFD), multifunction product (MFP), network, network interface, nonvolatile storage, office, paper, printer, Protection Profile, residual data, scanner, security target, shared communications medium, temporary data The Institute of Electrical and Electronics Engineers, Inc. 3 Park Ave
10、nue, New York, NY 10016-5997, USA Copyright 2010 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 5 March 2010. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of
11、 any individual standard for educational classroom use can also be obtained through the Copyright Clearance Center. iv Copyright 2010 IEEE. All rights reserved. Introduction This introduction is not part of IEEE Std 2600.4TM-2010, IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 260
12、0TM-2008 Operational Environment D. This document is a standard for a Common Criteria Protection Profile for Hardcopy Devices. It is intended to be used by manufacturers of Hardcopy Devices to write conformant Security Target documents for Common Criteria certification of their hardcopy device produ
13、cts. It may also be used to write conformant Protection Profiles for Hardcopy Devices. This standard is related to IEEE Std 2600-2008. IEEE Std 2600-2008 is a more general standard for hardcopy device security and contains a large amount of content that is beyond the scope of or otherwise inappropri
14、ate for a Common Criteria Protection Profile. The two standards are related by way of the compliance clause of IEEE Std 2600-2008. With some well-defined exceptions, 8.1.4 of IEEE Std 2600-2008 contains Security Objectives that are technically consistent with the Security Objectives (APE_OBJ) clause
15、 of this document. The exceptions to this consistency between IEEE Std 2600 and this standard are distinguished by the use of the word “should” instead of “shall” in IEEE Std 2600-2008 and the absence of those objectives in this standard. For more information Further information, including the statu
16、s and updates of this standard can be found on the Internet at http:/grouper.ieee.org/groups/2600/. Comments or questions regarding this document should be directed to stds-2600-4ieee.org. The comments should include the title of the document, the page, section, and paragraph numbers, and a detailed
17、 comment or recommendation. Notice to users Laws and regulations Users of these documents should consult all applicable laws and regulations. Compliance with the provi-sions of this standard does not imply compliance to any applicable regulatory requirements. Implementers of the standard are respons
18、ible for observing or referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights This document is copyrighted by the IE
19、EE. It is made available for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making this document available for use and adopt
20、ion by public authorities and private users, the IEEE does not waive any rights in copyright to this document. Updating of IEEE documents Users of IEEE standards should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time thr
21、ough the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the v Copyright 2010 IEEE. All rights reserved. document together with any amendments, corrigenda, or errata then in effect. In order to determine whether a given
22、 document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE Standards Association Web site at http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously. For more information about t
23、he IEEE Standards Association or the IEEE standards development process, visit the IEEE-SA website at http:/standards.ieee.org. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/updates/errata/index.html. Users are enc
24、ouraged to check this URL for errata periodically. Interpretations Current interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/ index.html. Patents Attention is called to the possibility that implementation of this standard may require use of subject ma
25、tter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. The IEEE shall not be responsible for identifying patents or patent applications for which a license may be required to impleme
26、nt an IEEE standard or for conducting inquiries into the legal validity or scope of those patents that are brought to its attention. vi Copyright 2010 IEEE. All rights reserved. Participants At the time this standard was completed, the Hardcopy Device and System Security Working Group had the follow
27、ing membership: Don Wright, Chair Lee Farrell, Vice Chair Brian Smithson, Secretary and Lead Editor Carmen Aubry, Nancy Chen, Ron Nevo, and Alan Sukert, Editors Shah Bhatti Peter Cybuck Nick Del Re Satoshi Fujitani Tom Haapanen Akihiko Iwasaki Harry Lewis Takanori Masui Yusuke Ohta Ken Ota Glen Petr
28、ie Amir Shahindoust Jerry Thrasher Hiroki Uchiyama Shigeru Ueda Brian Volkoff Bill Wagner Sameer YamiThe following members of the balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Carmen Aubry Matthew Ball Ying Chen Danila Chernestov Keith
29、 Chow Paul Croll Geoffrey Darnton Nick Del Re Russell Dietz Lee Farrell Randall Groves Mark Henley Werner Hoelzl Raj Jain Piotr Karocki G. Luri Edward McCall Michael S. Newman Stephen Schwarm Steven Smith Brian Smithson Thomas Starai Jerry Thrasher Thomas Tullia Paul Work Forrest Wright Sameer Yami
30、Acknowledgments The following companies have agreed to make financial contributions to underwrite the cost of Common Criteria certification of some or all of the IEEE Std 2600-series Protection Profiles: Canon Fuji-Xerox HP InfoPrint Solutions Konica Minolta Kyocera-Mita Lexmark Oc Oki Data Ricoh Sa
31、msung Sharp Toshiba Xerox vii Copyright 2010 IEEE. All rights reserved. When the IEEE-SA Standards Board approved this standard on 2 February 2010, it had the following membership: Robert M. Grow, Chair Tom A. Prevost, Vice Chair Steve M. Mills, Past Chair Judith Gorman, Secretary John Barr Karen Ba
32、rtelson Victor Berman Ted Burse Richard DeBlasio Andrew Drozd Mark Epstein Alexander Gelman James Hughes Richard H. Hulett Young Kyun Kim Joseph L. Koepfinger* John Kulick David J. Law Ted Olsen Glenn Parsons Ronald C. Petersen Narayanan Ramachandran Jon Walter Rosdahl Sam Sciacca Howard L. Wolfman
33、*Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Satish K. Aggarwal, NRC Representative Michael Janezic, NIST Representative Don Messina IEEE Standards Program Manager, Document Development Michael D. Kipness IEEE Standards Program Manager, Technical Progr
34、am Development viii Copyright 2010 IEEE. All rights reserved. Contents 1. Overview. 1 1.1 Scope . 1 1.2 Purpose 1 1.3 Application notes. 1 1.4 Notational conventions 2 2. Normative references 2 3. Protection Profile introduction (APE_INT) 3 3.1 Protection Profile usage. 3 3.2 Protection Profile refe
35、rence. 3 4. Hardcopy Device overview (APE_INT). 3 4.1 Typical products 3 4.2 Typical usage. 4 5. TOE Overview (APE_INT) 4 5.1 TOE functions . 4 5.2 TOE model 5 5.3 Entity definitions . 6 5.4 TOE operational model . 8 6. Conformance claims (APE_CCL) 8 6.1 Conformance to Common Criteria 8 6.2 Conforma
36、nce to other Protection Profiles . 8 6.3 Conformance to Packages . 8 6.4 Conformance to this Protection Profile . 9 7. Security Problem Definition (APE_SPD). 9 7.1 Threats agents 9 7.2 Threats to TOE Assets. 10 7.3 Organizational Security Policies for the TOE . 10 7.4 Assumptions 10 8. Security Obje
37、ctives (APE_OBJ). 10 8.1 Security Objectives for the TOE . 10 8.2 Security Objectives for the IT environment 11 8.3 Security Objectives for the non-IT environment . 11 8.4 Security objectives rationale 11 9. Extended components definition (APE_ECD) 13 9.1 FPT_FDI_EXP Restricted forwarding of data to
38、 external interfaces 13 ix Copyright 2010 IEEE. All rights reserved. 10. Common Security Functional Requirements (APE_REQ) 15 10.1 Class FAU: Security audit. 15 10.2 Class FCO: Communication 15 10.3 Class FCS: Cryptographic support 15 10.4 Class FDP: User data protection 15 10.5 Class FIA: Identific
39、ation and authentication . 15 10.6 Class FMT: Security management 17 10.7 Class FPR: Privacy 18 10.8 Class FPT: Protection of the TSF 19 10.9 Class FRU: Resource utilization . 19 10.10 Class FTA: TOE access. 19 10.11 Class FTP: Trusted paths/channels 19 10.12 Common security requirements rationale 1
40、9 11. Security Assurance Requirements (APE_REQ). 21 12. SFR Packages introduction 22 12.1 SFR Packages usage 22 12.2 SFR Packages reference 22 12.3 SFR Package functions 23 12.4 SFR Package attributes 23 13. 2600.4-SMI SFR Package for Hardcopy Device Shared-medium Interface Functions, Operational En
41、vironment D . 23 13.1 SMI SFR Package introduction . 23 13.2 Class FPT: Protection of the TSF 23 13.3 Class FTP: Trusted paths/channels 24 13.4 SMI security requirements rationale 24 Annex A (normative) Glossary. 26 Annex B (normative) Acronyms 29 Annex C (informative) Bibliography 30 1 Copyright 20
42、10 IEEE. All rights reserved. IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600TM-2008 Operational Environment D IMPORTANT NOTICE: This standard is not intended to ensure safety, security, health, or environmental protection in all circumstances. Implementers of the standard are
43、 responsible for determining appropriate safety, security, environmental, and health practices or regulatory requirements. This IEEE document is made available for use subject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this documen
44、t and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on request from IEEE or viewed at http:/standards.ieee.org/IPR/disclaimers.html. 1. Overview 1.1 Scope This standard is for a Protection Profile for Har
45、dcopy Devices in a small, private information processing environment in which most elements of security are provided by the physical environment, but basic network security is needed to protect the device and its network from misuse from outside of the environment. Small offices and home offices are
46、 typical applications of this environment. This environment will be known as “Operational Environment D.” 1.2 Purpose The purpose of this standard is to create a security Protection Profile (PP) for Hardcopy Devices in Operational Environment D as defined in IEEE Std 2600TM-2008.11.3 Application not
47、es Application notes are provided where they may contribute to the readers understanding. These notes, while not part of the formal statement of this Protection Profile, are included as an acknowledgment of the diverse uses of this document and are intended to provide guidance to its users. 1Informa
48、tion on references can be found in Clause 2. IEEE Std 2600.4-2010 IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600TM-2008 Operational Environment D 2 Copyright 2010 IEEE. All rights reserved. 1.4 Notational conventions The following notational conventions are used throughout th
49、is standard: a) Defined terms in full form are set in title case (for example, “Document Storage and Retrieval”). b) Defined terms in abbreviated form are set in all caps (for example, “DSR”). c) In tables that describe Security Objectives rationale, a checkmark (“null”) placed at the intersection of a row and column indicates that the threat identified in that row is wholly or partially mitigated by the objective in that column. d) In tables that describe completeness of security requirements, a bold typeface letter “P” placed at the intersection of a row