User Guide for RICOH models including: IM C6500, IM C8000, All-In-One Printer
If the message “SD Card authentication has failed” is displayed, ... The Scan to Folder destination (FTP or SMB server) must be registered.
Ricoh Im C6500 User Guide › Url: https://www.niap-ccevs.org/MMO/ProductCC/RicohIM-C6500-C8000SeriesCCGuidev0.5
RICOH
RICOH IM C6500/C8000
Common Criteria Guide
Version 0.5 December 2020 Document prepared by
www.lightshipsec.com
RICOH
Common Criteria Guide
Table of Contents
1 About this Guide ...............................................................................................................3
1.1 Overview ....................................................................................................................3 1.2 Audience ....................................................................................................................3 1.3 About the Common Criteria Evaluation .......................................................................3 1.4 Conventions ...............................................................................................................7 1.5 Related Documents ....................................................................................................8
2 Secure Acceptance and Update .......................................................................................9
2.1 Obtaining the TOE......................................................................................................9 2.2 Verifying the TOE .......................................................................................................9 2.3 Power-on Self-Tests ...................................................................................................9 2.4 Updating the TOE.......................................................................................................9
3 Configuration Guidance .................................................................................................11
3.1 Installation ................................................................................................................11 3.2 Administration Interfaces .......................................................................................... 11 3.3 Initial Configuration ...................................................................................................11 3.4 Services ...................................................................................................................40 3.5 Administration...........................................................................................................41 3.6 Management of Security Functions ...........................................................................42 3.7 U_NORMAL User Access.........................................................................................49
4 Clearing the machine for redeployment or at end-of-life ..............................................49
List of Tables
Table 1: TOE Models ..................................................................................................................3 Table 2: Machine Firmware and Hardware ..................................................................................4 Table 3: Drivers .........................................................................................................................6 Table 4: Evaluation Assumptions.................................................................................................7 Table 5: Related Documents .......................................................................................................8 Table 6: System Settings...........................................................................................................13 Table 7: Basic Authentication ....................................................................................................22 Table 8: LDAP Authentication....................................................................................................23 Table 9: Printer Settings ............................................................................................................24 Table 10: Scanner Settings .......................................................................................................24 Table 11: Fax Settings...............................................................................................................25 Table 12: Device Settings..........................................................................................................27 Table 13: Excluded Printer Features..........................................................................................28 Table 14: Excluded Fax Features .............................................................................................. 29 Table 15: Network Settings........................................................................................................29 Table 16: Security Settings........................................................................................................31 Table 17: WIM Auto Logout Settings.......................................................................................... 38 Table 18: System Settings 2......................................................................................................38 Table 19: Fax Settings..............................................................................................................39 Table 20: Management Functions.............................................................................................. 41 Table 21: Changing System Settings ......................................................................................... 42 Table 22: SMTP Settings...........................................................................................................45 Table 23: Changing Security Settings ........................................................................................ 46 Table 24: WIM Auto Logout Settings.......................................................................................... 48 Table 25: Audit Events ..............................................................................................................50
Page 2 of 57
RICOH
Common Criteria Guide
1
1.1
1
1.2
2
1.3
3
1.3.1
4
1.3.2
5 6
7
8
About this Guide
Overview
This guide provides supplemental instructions to achieve the Common Criteria evaluated configuration of the RICOH IM C6500/C8000 and related information.
Audience
This guide is intended for system administrators and the various stakeholders involved in the Common Criteria evaluation. It is assumed that readers will use this guide in conjunction with the related documents listed in Table 5.
About the Common Criteria Evaluation
The Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408) is an international standard for security certification of IT products and systems. More information is available at https://www.commoncriteriaportal.org/
Protection Profile Conformance
The Common Criteria evaluation was performed against the requirements of the Protection Profile for Hardcopy Devices (HCD PP) v1.0 and Protection Profile for Hardcopy Devices, v1.0, Errata #1, June 2017 available at https://www.niapccevs.org/Profile/PP.cfm
Evaluated Software and Hardware
The TOE includes the RICOH MFP models: IM C6500 and IM C8000 labeled and marketed under different RICOH Family Group brand names as noted in Table 1.
The TSF is executed by the main controller and the operation unit respectively. For all TOE models, the main controller has an Intel ® Atom Processor Apollo Lake (E3940 or E3930) and runs LPUX 6.0 OS, a customized OS based on NetBSD; the operation unit has an ARM Cortex-A9 Quad Core processor and runs a customized Linux 3.18 OS.
The first two numeric digits in the TOE model number correspond to copy speed, e.g. 6500 performs 65 prints per minute, 8000 performs 80 prints per minute, the alphabetic suffix corresponds to regional fonts and printer languages.
Differences between models with different printing speeds are limited to print engine components; differences between branding variants are limited to labels, displays, packaging materials, and documentation. The differences are not security relevant. The TOE version JE-1.00-H includes the TOE models listed in Table 1, the firmware and hardware listed in Table 2 as well as the printer driver PCL6 Driver 1.0.0.0 and the Lan-Fax Driver 9.4.0.0.
Table 1: TOE Models
Branding
Model
RICOH
IM C6500
IM C8000
Page 3 of 57
RICOH
Common Criteria Guide
Branding SAVIN LANIER nashuatec Rex Rotary Gestetner
Model IM C6500 IM C8000 IM C6500 IM C8000 IM C6500 IM C8000 IM C6500 IM C8000 IM C6500 IM C8000
Table 2: Machine Firmware and Hardware
Primary Classification
Secondary Classification
Version
Firmware
System/Copy
1.02
Network Support
19.21
Web Support
1.02
OSS Info
1.00
Fax
01.00.00
Scanner
01.01
Web Uapl
1.00
NetworkDocBox
1.01.1
animation
1.00
Page 4 of 57
RICOH
Primary Classification
Secondary Classification Printer RPCS
FontEXP
PCL
IRIPS PS3
IRIPS PDF
IRIPS Font
GraphicData
HelpData
MovieData
MovieData2
MovieData3
Data Erase Onb
GWFCU3.8-25(WW)
PowerSaving Sys
RICOHACT
Engine
CheetahSystem
Common Criteria Guide
Version 1.01 3.24.6 1.00 1.00 1.00 1.02 1.20 1.01 0.03 1.00 1.00 1.00 1.05
01.00.00 F.L3.25
1.10 1.01 1.02
Page 5 of 57
RICOH
Common Criteria Guide
Primary Classification
Secondary Classification
Version
OpePanel
ADF01.040:02D3HA5260C TDCU0.07.1:05D0CN5530
Hardware
Ic Ctlr
03
Ic Key
01024704
Drivers Printer Driver
LAN-Fax Driver
Table 3: Drivers Model PCL6 Driver 1.0.0.0 RPCS Driver 1.0.0.0 LAN-Fax Driver 9.5.0.0 PCFAX Driver 9.3.0.0
1.3.3
9
Evaluated Functions
The following functions have been evaluated under Common Criteria:
a) Security Audit. The TOE generates audit records of user and administrator actions. It stores audit records both locally and on a remote syslog server.
b) Cryptographic Support. The TOE includes a cryptographic module for the cryptographic operations that it performs. The relevant CAVP certificate numbers are noted in the Security Target.
c) Access Control. The TOE enforces access control policy to restrict access to user data. The TOE ensures that documents, document processing job information, and security-relevant data are accessible only to authenticated users who have the appropriate access permissions.
d) Storage Data Encryption. The TOE encrypts data on the HDD and in NVRAM to protect documents and confidential system information if those devices are removed from the TOE.
e) Identification and Authentication. Except for a defined minimal set of actions that can be performed by an unauthenticated user, the TOE ensures that all users must be authenticated before accessing its functions and data. Users login to the TOE by entering their credentials on the local operation panel, through WIM login, through print or fax drivers, or using network authentication services.
f) Administrative Roles. The TOE provides the capability for managing its functions and data. Role-based access controls ensure that the ability to
Page 6 of 57
RICOH
Common Criteria Guide
configure the security settings of the TOE is available only to the authorized administrators. Authenticated users can perform copy, printer, scanner, document server and fax operations based on the user role and the assigned permissions.
g) Trusted Operations. The TOE performs power-on self-tests to ensure the integrity of the TSF components. It provides a mechanism for performing trusted update that verifies the integrity and authenticity of the upgrade software before applying the updates. It uses an NTP server for accurate time.
h) TOE Access. Interactive user sessions at the local and remote user interfaces are automatically terminated by the TOE after a configured period of inactivity.
i) Trusted Communications. The TOE protects communications from its remote users using TLS/HTTPS, and communications with the LDAP, FTP, NTP, syslog, and SMTP servers using IPsec.
j) PSTN Fax-Network Separation. The TOE restricts information received from or transmitted to the telephone network to only fax data and fax protocols. It ensures that the fax modem cannot be used to bridge the LAN.
k) Image Overwrite. the TOE actively overwrites residual image data stored on the HDD after a document processing job has been completed or cancelled.
10
NOTE: No claims are made regarding any other security functionality.
1.3.4
11
Evaluation Assumptions
The following assumptions were made in performing the Common Criteria evaluation. The guidance shown in the table below should be followed to uphold these assumptions in the operational environment.
Table 4: Evaluation Assumptions
Assumption
Guidance
A.PHYSICAL -- Physical security, commensurate with the value of the TOE and the data it stores or processes, is assumed to
be provided by the environment.
Ensure that the device is hosted in a physically secure environment and that adequate security measures are in place to protect access.
A.NETWORK -- The Operational Environment is assumed to protect the TOE from direct, public access to its LAN interface.
Ensure that the device is hosted on a protected network environment.
A.TRUSTED_ADMIN -- TOE Administrators are trusted to administer the TOE according
to site security policies
Ensure that administrators are trustworthy e.g. implement background checks or similar
controls.
A.TRAINED_USERS -- Authorized Users are trained to use the TOE according to site
security policies
Ensure that authorized users receive adequate training.
1.4
Conventions
12
The following conventions are used in this guide:
Page 7 of 57
RICOH
Common Criteria Guide
a) CLI Command <replaceable> - This style indicates to you that you can type the word or phrase on the command line and press [Enter] to invoke a command. Text within <> is replaceable. For example:
Use the cat <filename> command to view the contents of a file
b) [key] or [key-combo] key or key combination on the keyboard is shown in this style. For example:
The [Ctrl]-[Alt]-[Backspace] key combination exits your graphical session and returns you to the graphical login screen or the console.
c) GUI => Reference denotes a sequence of GUI screen interactions. For example:
Select File => Save to save the file.
d) [REFERENCE] Section denotes a document and section reference from Table 5. For example:
Follow [ADMIN] Configuring Users to add a new user.
1.5
Related Documents
13
This guide supplements the below documents which are available on the RICOH
Support site help pages.
Table 5: Related Documents
Reference
[ADMIN]
RICOH IM C6500/C8000 Series User Guide User Guide
[SECURITY]
RICOH IM C6500/C8000 Series User Guide User Guide Security Reference
14
NOTE: The information in this guide supersedes related information in other
documentation.
Page 8 of 57
RICOH
2
2.1
15
2.2
16
17 18
Common Criteria Guide
Secure Acceptance and Update
Obtaining the TOE
The TOE is delivered via commercial carrier.
Verifying the TOE
To verify the TOE Model, check that the machine's model number on the label to the rear of the machine ends with -17, -27, -29 or -00 which correspond to the branding variants of RICOH IM C6500/C8000 included in the evaluated configuration. To verify the TOE firmware, the authorized administrator login and use the following steps: On the Operation Panel: a) -Press [Home] b) -Press the [Settings] icon c) -Press [System Settings] d) -Press [Machine/Control Panel Information] e) -Press [Firmware version] The firmware list is displayed.
On the WIM:
a) -Device Management -> Configuration->Firmware Update
This lists all the firmware except for the TPM device driver which is only shown in the Ops panel firmware listing.
2.3
Power-on Self-Tests
19
At system start-up, the TOE performs a firmware validity test to determine if the
firmware is valid. If an error occurs and the test fails, a verification error is displayed
on the control panel. The firmware validity test error will also display on the Web
Image Monitor after the machine starts.
20
The TOE also performs software integrity test at TOE start-up by verifying the digital
signature on the TOE software. Any errors are displayed on the Control Panel or on
the WIM interface.
2.4
Updating the TOE
21
TOE updates are hand delivered by RICOH service personnel. The update
packages are digitally signed and uploaded to the TOE using WIM.
22
For MFP Control or FCU Software, the TOE performs the following verifications
installing the package:
a) Identifies the type of software (e.g., MFP Control, Operation Panel, FCU)
b) Verifies that the software model name matches the TOE
Page 9 of 57
RICOH
1
Common Criteria Guide
c) Verifies the digital signature on the update package. For Operation Panel software, the TOE performs the following verifications before the installing the package: a) Identifies the type of software (e.g., MFP Control, Operation Panel, FCU) b) Verifies that the software model name matches the TOE c) Verifies the digital signature
Page 10 of 57
RICOH
3
3.1
23
3.1.1
24
25
26 27 28 29 30
3.2
31
3.3
32
33
Common Criteria Guide
Configuration Guidance
Installation
The TOE is delivered pre-installed with initial settings for CC-mode configuration performed by a RICOH Authorized Service representative.
Printer and Fax Driver
The printer and LAN-Fax driver are downloaded from the RICOH support site. To install the printer driver, enter the machine's IP address or host name in the [URL] box as follows:
https://(machine's IP address or host name)/printer To install the LAN-Fax driver, enter the following URL in the [Printer URL] box as follow:
https://(machine's IP address or host name)/printer Install the LAN-Fax driver (INF file) in the following location: 32-bit driver X86\DRIVERS\LAN-FAX\X86\DISK1 64-bit driver X64\DRIVERS\LAN-FAX\X64\DISK1
Administration Interfaces
The TOE provides the following administrator interfaces: a) Operation Panel of the MFP is an LCD touch screen interface that provides a local user interface where users can perform copy, fax print, network transmission of documents operations. The administrator user can configure the MFP via this local interface. b) Web Image Monitor (WIM) this is the remote user interface accessible via TLS/HTTPS where users can perform print, copy, fax, storage operations on documents. This interface provides various settings for administrators to perform limited configuration of the MFP. For additional details on how to launch the WIM interface see `Using Web Image Monitor" in the Introduction and Basic Operations section of the User Guide.
Initial Configuration
Both the Operation Panel and the WIM are used to setup initial configuration of the MFP TOE. Administrator must be registered during the initial setup by entering a username/password combination. Procedures 1 through 3 describe the sequential steps for initial configuration of the TOE. The following warnings are noted: a) Before using the MFP, the encryption key to encrypt the data in the machine
must be provided by the service representative or be newly created. b) Back up the encryption key only when the machine is not operating.
Page 11 of 57
RICOH
Common Criteria Guide
c) For faxing, use the public switched telephone network. IP-Fax and Internet Fax are not CC conformant.
d) For print jobs and fax transmissions from the client computer, use IPP-SSL authentication.
e) If the message "SD Card authentication has failed" is displayed, contact RICOH Service Representative.
f) In the event of a hard disk error, the machine will display options to initialize the disk or not. User authentication might fail after a hard disk initialization, if this happens, contact the service representative.
g) To send files by e-mail using the scanner or fax function, install the user certificate when registering a user in the address book and set the encryption setting to [Encrypt All]. When you display addresses to send an e-mail, a icon will appear next to destinations for which [Encrypt All] has been set.
h) When using Scan to Folder make sure IPsec is enabled and complete the following steps:
1. The Scan to Folder destination (FTP or SMB server) must be registered in the address book by the administrator.
2. When you register the Scan to Folder destination in the address book, go to "Protection -> Protect Destination -> Access Privileges" Click [Change] and then and then select [Read- only] for users who are allowed to access the Scan to Folder destination.
3. Configure IPsec for the server selected as the Scan to Folder destination
i) Before receiving faxes, specify "Stored Reception File User Setting" in the Fax setting.
j) When you configure "Program Special Sender" in the fax mode, do not specify "Forwarding per Sender" or "Memory Lock RX per Sender" before registering or changing special senders.
k) The file creator (owner) has the authority to grant [Full Control] privileges to other users for stored documents in the Document Server. However, administrators should tell users that [Full Control] privileges are meant only for the file creator (owner).
l) When using Web Image Monitor, users should not access other Web sites. Users should logout of WIM when it is not being used.
m) Obtain log files by downloading them via Web Image Monitor or by automatic log collection.
n) To prevent incorrect timestamps from being recorded in the audit log, ensure that the Audit Server that connects to the MFP is synchronized with the MFP.
o) If the power plug is pulled out before the main power is turned off so that the machine is shut down abnormally, the date and time when the main power is turned off (the value for "Main Power Off", which is an attribute of the eco log) is not registered correctly to the "eco" log.
p) When you specify "HDD Erase Method" in "Erase All Memory", do not select "Format".
q) Do not assign "Reception File Settings" to a Quick Operation key in Fax mode.
Page 12 of 57
RICOH
Common Criteria Guide
3.3.1
34
35 36
3.3.1.1
37
Tab
r) When you delete all logs, make sure that the following functions are not being used:
i) Scan file transmission
ii) When switching from [On] to [Off] in [Document Server Function] in [Settings for Administrator] in [System Settings], delete all the received fax documents and specify the following settings again:
1. System Settings
2. Settings for Administrator -> File Management -> Document Server Function -> Select [On]
3. Fax Settings
4. Reception Settings -> Reception File Settings -> Store [On]
5. Reception Settings -> Reception File Settings -> Print [Off]
s) If [SHA1] in [DIGEST] in [TCP/IP] in [Network Security] in [Security] in [Configuration] in [Device Management] has been switched from [Active] to [Inactive] on Web Image Monitor, [SSL3.0] is automatically set to [Active]. In such a case set [SHA1] to [Inactive], and then, in [Configuration] in [Device Management] on Web Image Monitor, specify the following setting:
i) Security -> Network Security -> SSL/TLS Version
ii) Set "TLS1.2" to [Active] and all others to [Inactive]
Procedure 1 Settings Specified using the Operation Panel
Follow the instructions in "Registering Administrators Before Using the Machine" to activate the administrator account that would configure the machine. Enter passwords for administrator and supervisor, these are the authorized administrators roles that comprise U.ADMIN and the only roles with permissions to configure the TOE and the TSF.
Login to the operation panel as the administrator to configure the settings below.
Select "English" from "Change Language". Delete all the icons on the Home screen except for "Copy", "Scanner", "Fax", "Settings", "Quick Print Release", "Printer", "Document Server", "Address Book", "Substitute RX File". Do not re-register the deleted icons.
System Settings
The administrator must specify the settings in [System Settings] within the ranges shown in Error! Reference source not found..
Table 6: System Settings
Item
Settings
Date/Time/Timer
Date/Time Time Zone
Set the appropriate time zone.
The specified setting is applied after the machine reboots.
Page 13 of 57
RICOH Tab Date/Time/Timer
Date/Time/Timer Date/Time/Timer Date/Time/Timer Network/Interface
Network/Interface Network/Interface
Common Criteria Guide
Item
Settings
Date/Time Daylight Saving Time
Set the appropriate daylightsaving time.
The specified setting is applied after the machine reboots. Reboot the machine after configuring this setting.
Date/Time Set Date
Set the appropriate date.
Date/Time Set Time
Set the appropriate time.
Date/Time Auto Logout Timer
Select [On], and then set the range for the timer between 10999 seconds.
IP Address (IPv4) IPv4 Address
Configuration
Specifying a static IPv4 address
Enter the IPv4 address and subnet mask.
Obtaining the DHCP server address automatically
Select [Auto-Obtain (DHCP)].
IP Address (IPv4) IPv4 Gateway Address
Enter the IPv4 gateway address.
DNS Configuration
Specify this only if you are using a static DNS server.
Specifying a static DNS server
Enter the IPv4 address in "DNS Server 1", "DNS Server 2", and "DNS Server 3". (Specify DNS Server 2 and 3 if required.)
Obtaining the DHCP server address automatically
Select [Auto-Obtain (DHCP)].
Page 14 of 57
RICOH Tab Network/Interface Network/Interface Network/Interface
Network/Interface Network/Interface Network/Interface Network/Interface Network/Interface Network/Interface Network/Interface Network/Interface
Common Criteria Guide
Item
Settings
Effective Protocol IPv4
[Active]
Effective Protocol IPv6
[Inactive]
SMB
SMB Client Advanced Settings
SMBv2/SMBv3
[Active]
IEEE 802.1X
[Inactive]
Authentication for Ethernet
MLP Network Interface settings
[Wi-Fi Connection]
Control Panel : Wireless [Off] LAN
Wi-Fi
Control Panel : Wireless [Off] LAN
Wireless Direct
Control Panel : Proxy Settings
Use Proxy
[Disable]
Bluetooth
[Off]
Bluetooth
External Interface Software Settings
Select IC Card Reader
[Do not Use]
USB Port USB Port
[Inactive]
Page 15 of 57
RICOH
Common Criteria Guide
Tab
Item
Settings
Settings for Administrator
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
Administrator Authentication Management
User Management
Set [Administrator Authentication] to [On], and then select [Administrator Tools] in [Available Settings].
Settings for Administrator
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
Administrator Authentication Management
Machine Management
Set [Admin. Authentication] to [On], and then select [General Features], [Tray Paper Settings], [Timer Settings], [Interface Settings], [File Transfer], and [Administrator Tools] in [Available Settings].
Settings for Administrator
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
Administrator Authentication Management
Network Management
Set [Admin. Authentication] to [On], and then select [Interface Settings], [File Transfer], and [Administrator Tools] in [Available Settings].
Settings for Administrator
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
Administrator Authentication Management
File Management
Set [Admin. Authentication] to [On], and then select [Administrator Tools] in [Available Settings].
Page 16 of 57
RICOH
Common Criteria Guide
Tab
Item
Settings
Settings for Administrator
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
Register/Change Administrator
Set Administrator Login User Name/Login Password
Administrator 1-4
Specify settings for one or more administrators.
Specify the administrator's "Login User Name" and "Login Password".
Settings for Administrator
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
Register/Change Administrator
Set Administrator Privileges
Assign all administrator roles (user administrator, machine administrator, network administrator, and file administrator) to a single administrator.
Settings for Administrator
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
Register/Change Administrator
Set Administrator Login User Name/Login Password
Supervisor
Change the supervisor's "Login User Name" and "Login Password".
Settings for Administrator
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
Setting for Entering Authentication Password
[Only 1 Byte Characters]
Settings for Administrator
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
Application Authentication Management
Set [Copier Function], [Printer Function], [Document Server Function], [Fax Function] and [Scanner Function] to [On].
Page 17 of 57
RICOH
Common Criteria Guide
Tab
Item
Settings
Settings for Administrator
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
User's Own Customization
[Prohibit]
Settings for Administrator
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
LDAP Search
[Off]]
Settings for Administrator Security
[On]
Extended Security
Settings
Restrict Display of User
Information
Settings for Administrator Security
[On]
Extended Security
Settings
Restrict Adding of User
Destinations (Fax)
Settings for Administrator Security
[On]
Extended Security
Settings
Restrict Adding of User
Destinations (Scanner)
Settings for Administrator Security
[On]
Extended Security
Settings
Restrict Use of
Destinations (Fax)
Settings for Administrator Security
[On]
Extended Security
Settings
Restrict Use of
Destinations (Scanner)
Page 18 of 57
RICOH
Common Criteria Guide
Tab
Item
Settings
Settings for Administrator
Security Extended Security
Settings Transfer to Fax Receiver
[Prohibit]
Settings for Administrator
Security Extended Security
Settings Authenticate Current Job
[Access Privilege]
Settings for Administrator
Security Extended Security
Settings Update Firmware
[Prohibit]
Settings for Administrator
Security
Extended Security Settings
Change Firmware Structure
[Prohibit] Click [OK]
Settings for Administrator
Security Extended Security
Settings Password Policy
Set "Complexity Setting" to [Level 1] or [Level 2], press [Change] on the right of "Minimum Character No.", and then set the number of characters to 15 or more.
(Note -- The TOE requires minimum password length of 15 characters).
Settings for Administrator Security
[Off]
Extended Security
Settings
Security Setting for
Access Violation
Settings for Administrator Security
[On]
Service Mode Lock
Settings for Administrator
Security Server Settings
Server Function
[Inactive]
Page 19 of 57
RICOH
Common Criteria Guide
Tab
Item
Settings
Settings for Administrator
Data Management Auto Erase Memory
Setting
Select [On], and then select [NSA], [DoD], or [Random Numbers].
If you set this to [Random Numbers], set [Number of Erase] to three or more.
Settings for Administrator Data Management Transfer Log Setting
[Forward to the System Log Server]
Settings for Administrator
File Management
Machine Data Encryption Settings
Ensure that the current data has been encrypted.
If the data has been encrypted, the following message will appear: "The current data in the machine has been encrypted."
Settings for Administrator
File Management Auto Delete File in
Document Server
Select [Specify Days], [Specify Hours] or [Off]
Settings for Administrator
File Management Document Server
Function
Select [On]
Settings for Administrator
Function Restriction Menu Protect Copier
[Level 2]
Settings for Administrator
Function Restriction Menu Protect Printer
[Level 2]
Settings for Administrator
Function Restriction Menu Protect Scanner
[Level 2]
Settings for Administrator
Function Restriction Menu Protect Fax
[Level 2]
Page 20 of 57
RICOH Tab Display/Input
Machine
Machine Machine Machine Machine Machine Machine
Common Criteria Guide
Item
Settings
Key/Keyboard/Input Assistance
Keyboard & Input Methods
Switchable Keyboard Settings
iWnn IME
[Active]
Power/Energy Saving
[Off]
Shift to Main Power-Off
When Network Disconnected (mainly Europe and Asia)
Power/Energy Saving Main Power On By
Remote Operation
[Inactive]
External Device Control Panel SD Card
Slot
[Inactive]
External Device Control Panel USB
Memory Slot
[Inactive]
External Device Allow Media Slots Use Store to Memory Storage
Device
[Prohibit]
External Device Allow Media Slots Use Print from Memory
Storage Device
[Prohibit]
Others Central Management
[Do not Manage Centrally]
Page 21 of 57
RICOH
Common Criteria Guide
3.3.1.2
38
User Authentication Settings
The TOE is configured to do either local authentication labeled [Basic Authentication] or external authentical labeled [LDAP Authentication], using an LDAP Server in its operational environment. The TOE supports both methods of user authentication but both cannot be enforced on the same running instance of the TOE. The administrator configures User Authentication in [System Settings] -> [Administrator Tools (System Settings)] with the following settings:
3.3.1.2.1 Basic Authentication Settings Table 7: Basic Authentication
Tab
Item
Settings
Administrator Tools
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
User Authentication Management
[Basic Authentication]
Administrator Tools
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
User Authentication Management
Specify this in accordance with your operating environment and set the browser to [unavailable]
Basic Authentication
Available Functions
Administrator Tools
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
User Authentication Management
[Entire]
Basic Authentication
Printer Job Authentication
3.3.1.2.2 LDAP Authentication Settings
39
Prior to configuring the LDAP Authentication settings, an LDAP server must be
configured and available for used by the TOE. For details on preparing the LDAP
Server in the operational environment, see the Security Guide Section `Preparing the
Server to Use for User Authentication".
Page 22 of 57
RICOH Tab Administrator Tools Administrator Tools
Administrator Tools
Administrator Tools
Table 8: LDAP Authentication
Item
Settings
Common Criteria Guide
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
User Authentication Management
[LDAP Authentication]
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
User Authentication Management
Select the LDAP server to authenticate.
LDAP Authentication
LDAP Servers
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
User Authentication Management
Specify this in accordance with your operating environment and set the browser to [unavailable].
LDAP Authentication
Available Functions
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
User Authentication Management
[Entire]
LDAP Authentication
Printer Job Authentication
3.3.1.3
40
Printer Settings
The administrator must configure the printer settings within the range specified in Table 9.
Page 23 of 57
RICOH Tab
Table 9: Printer Settings
Item
Settings
Common Criteria Guide
Data Management/Maintenance
Print Jobs
Select [On] or [Off].
Auto Delete Temporary
Print Jobs
Data Management/Maintenance
Print Jobs Auto Delete Stored
Print Jobs
Select [On] or [Off].
Data Management/Maintenance
Print Jobs
Jobs Not Printed as Machine Was Off
[Do not Print]
Data Management/Maintenance
Print Jobs Restrict Direct Print
Jobs
[Automatically Store Jobs]
Data Management/Maintenance
Print Jobs
Auto Store Jobs Without User Authentication Information
Select [Off]
Data
Administrator Tools
[On]
Management/Maintenance Prohibit List/Test Print
3.3.1.4
41
Tab
Scanner Settings The administrator must configure the scanner settings as specified in Table 10.
Table 10: Scanner Settings
Item
Settings
Sending Settings
Email (URL Link)
[Off]
Download File
Directly From URL Link
Others
History Settings Print & Delete
Scanner Records
[Do not Print: Disable Send]
Page 24 of 57
RICOH 3.3.1.5
42
Tab
Common Criteria Guide
Fax Settings The administrator must configure the fax settings as specified in Table 11.
Table 11: Fax Settings
Item
Settings
Send Settings
Backup File
[Off]
Transmission Setting
Reception Settings
Reception File Settings [On]
Action on Receiving File
Store
Reception Settings
Reception File Settings [Off]
Action on Receiving File
Forwarding
Reception Settings
Reception File Settings [Off]
Action on Receiving File
Print
Reception Settings
Reception File Settings [Off]
Action on Receiving File
Memory Lock Reception
Reception Settings
Reception File Settings Reception File Storing
Error Setting
[Do not Receive]
Reception Settings
Reception File Settings Reception File Storage
Location
[Fax Memory]
Reception Settings
Box Setting
Register/Change/ Delete Box
Leave the default values do not specify (register) the items in this
setting.
Page 25 of 57
RICOH
Common Criteria Guide
Tab
Item
Settings
Detailed Initial Settings
Parameter Setting
Parameter Setting switch 40, bit 0
[1]
If the memory for stored received faxes becomes full, the MFP stops receiving new faxes and keeps the stored ones without printing or deleting them.
Detailed Initial Settings
Parameter Setting
Parameter Setting switch 10, bit 0
[1]
Only authorized users can see the stored received faxes from the control panel.
Detailed Initial Settings
Parameter Setting
Parameter Setting switch 04, bit 7
[0]
If this is enabled, previews will not be included in the reports.
Detailed Initial Settings
Internet Fax/Email/Folder [Off] Internet Fax Setting
Detailed Initial Settings
Internet Fax/Email/Folder [Off] Email Setting
Detailed Initial Settings
Internet Fax/Email/Folder [Off] Folder Setting
Detailed Initial Settings
IP-Fax Settings IP-Fax Use Settings
Set [Enable H.323] and [Enable SIP] to [Off].
Detailed Initial Settings Fax Email Account
[Do not Receive]
3.3.2
43
3.3.2.1
44
Procedure 2 Setting Specified using WIM
The administrator login to the WIM interface using a web browser from a client computer to configure values for various MFP settings including Device, Printer, Fax, Network, Security and Webpage. For details on launching the WIM interface see the Using Web Image Monitor page in the User Guide.
Device Settings
The administrator sets the values in [Device Settings] as specified in Table 12.
Page 26 of 57
RICOH Category Device Settings
Device Settings Device Settings Device Settings Device Settings Device Settings Device Settings Device Settings
Device Settings
Table 12: Device Settings
Item
Settings
System
Prohibit printing stored files from Web Image Monitor
[Prohibit]
Logs Collect Job Logs
[Active]
Logs Job Log Collect Level
[Level 1]
Logs Collect Access Logs
[Active]
Logs
Access Log Collect Level
[Level 2]
Logs
Collect Eco-friendly Logs
[Active]
Logs
[Level 2]
Eco-friendly Log Collect Level
Logs
Common Settings for All Logs
Transfer Logs
[Inactive]
SYSLOG Transfer
Transfer SYSLOG Server
[Active]
Common Criteria Guide
Page 27 of 57
RICOH Category Device Settings
Device Settings
Common Criteria Guide
Item
Settings
Email
Administrator Email Address
Enter the administrator's email address.
Email SMTP Server Name
Enter the SMTP server name or IP address.
3.3.2.2
45
Excluded Printer Features
On the WIM interface, the administrator configures the settings for [printer] with the values specified in Table 13.
Table 13: Excluded Printer Features
Category
Item
Settings
Printer
Basic Settings Virtual Printer
[Inactive]
Printer
Permissions for Printer Language to Operate File System
PDF,PostScript
[Do not Permit]
Printer
Google Cloud Print Settings
Google Cloud Print
Select [Off], and then press [Start registration].
3.3.2.3
46
Excluded Fax Features
On the WIM interface, the administrator configures the settings for [Fax] with the values specified in Table 14Table 13.
Page 28 of 57
RICOH Category Fax
Fax Fax Fax
Table 14: Excluded Fax Features
Item
Settings
Initial Settings
Cloud Fax Settings
Enable/Disable Cloud Fax
[Disable]
IP-Fax Settings
[Off]
Enable H.323
IP-Fax Settings
[Off]
Enable SIP
Parameter Settings
[Off]
LAN-Fax Result Report
Common Criteria Guide
3.3.2.4
47
Network Settings
The administrator login to the WIM to configures the network settings listed in Table 15.
Table 15: Network Settings
Category
Item
Settings
Network
IPv4 LLMNR
[Inactive]
3.3.2.5
48
49 50
Security Settings
The TOE includes FIPS validated cryptographic module which it uses to provide its cryptographic services. The TOE uses IPsec for communication with LDAP, FTP, Syslog, SMTP and NTP servers. The TOE uses TLSv1.2 for remote administration via WIM and for communication with remote non-administrative users.
If the TLS channel for remote administration is broken unintentionally, the TOE will attempt to re-establish the connection automatically or by prompting the user to retry manually.
If the IPsec trusted channel with a remote server is unintentionally disrupted, the TOE will automatically attempt to re-establish the connection and a message will be displayed on the operation panel.
Page 29 of 57
RICOH
Common Criteria Guide
51
While the trusted channel to a remote syslog server is disrupted, the TOE will store
audit records locally on the MFP up to the document storage limits. Once the
disruption has been corrected the TOE will automatically resume transmission. All
LDAP user authentication attempts will be denied while the trusted channel to an
LDAP server is disrupted.
52
All pre-shared keys, symmetric keys, and private keys are encrypted and are not
accessible through normal interfaces during operation. Instructions for clearing the
machine before disposal are provided in the Security Guide.
53
The TOE stores keys and certificates in encrypted form in NVRAM and Flash
memory. Destruction of old keys is performed directly without delay in NVRAM; in
Flash, it is performed by an internal microcontroller in concert with wear-leveling, bad
block management, and garbage collection processes. There are no situations
where key destruction may be delayed at the physical layer.
3.3.2.5.1 IPSEC
54
The TOE supports only IKEv1 Main Mode. IKEv1 Aggressive mode must be disabled
by using telnet to login to the MFP. In the evaluated configuration, Telnet is disabled
by default, enable it using the WIM and go to Security->Network Security and select
`Enable telnet for IPv4. Use the following steps to disable aggressive mode; disable
telnet again once the steps are completed.
55
-Telnet to the MFP using the admin account for login.
a) -At the the "msh>" command prompt, enter the command:"ipsec aggressive_mode off" and
-Exit the system by entering the command "logout"
b) -At the "Do you save configuration data? (yes/no/return)" prompt enter
-"yes".
56
Launch the WIM to configure the following settings.
3.3.2.5.2 Installing a certificate on an IPsec Server
57
The authorized administrator must generate a certificate from the TOE device,
export it and install it on the server. Use the following steps to export and install the
certificate:
58
-Log in to the WIM as the administrator
59
-On the home screen click on Device Management ->Configuration -> Device
Certificate -> Export
60
-Select "Base 64 encoded X.509" and "Export"
61
-Place the exported certificate into a location where your IPsec endpoint can make
use of it.
62
-In the "Encryption Key Auto Exchange Settings" in "IPsec" in "Security" setting
screen, you can select tabs. The tab has "Settings 1" to "Settings 4" and "Default
Settings". "Settings 1" to "Settings 4" are applied in order when connecting to IPsec,
and if any connection cannot be established, the settings of "Default Settings" are
applied.
63
For additional details see the Security Guide section on "Encrypting Network
Communication"
3.3.2.5.3 Cryptographic Settings
Page 30 of 57
RICOH
Common Criteria Guide
64
The authorized administrator must configure the following cryptographic parameters
using the WIM.
Table 16: Security Settings
Category
Item
Settings
Security
Device Certificate Certificate 1 Create
Configure this to create and install the device certificate (self-signed certificate)
Set "Algorithm Signature" to one of the following:
sha512WithRSA-2048
sha256WithRSA-2048
See the Security Guide for the other necessary settings.
Security
Device Certificate Certificate 1 Request
Configure this to create a certificate request for the device certificate.
Set "Algorithm Signature" to one of the following:
sha512WithRSA-2048
sha256WithRSA-2048
Submit the certificate request according to the methods required by the certificate authority.
Install the issued certificate using the WIM.
Security
Device Certificate Install
Use this setting to install the device certificate and any intermediate certificate.
See the Security Guide for additional instructions on this setting.
Security Security
Device Certificate Install Intermediate
Certificate
Device Certificate Certification S/MIME
When using an intermediate certificate, configure this setting to install the certificate.
Select the installed device certificate.
Page 31 of 57
RICOH Category Security Security Security Security Security Security Security
Security
Common Criteria Guide
Item
Device Certificate Certification IPsec
Network Security Security Level
Network Security TCP/IP IPv6
Network Security HTTP - Port 80 IPv4
Network Security SSL/TLS Version
Network Security Encryption Strength
Setting
Network Security TCP/IP KEY EXCHANGE RSA
Network Security TCP/IP DIGEST SHA1
Settings Select the installed device certificate.
[FIPS 140] After setting this to [FIPS 140], be sure to click [OK]. [Inactive]
[Close] Doing this will also set "IPv4" to [Close] in "Port 80" in "IPP".
Set "TLS1.2" to [Active], and "TLS1.1", "TLS1.0", and "SSL3.0" to [Inactive]. Check "AES", and uncheck "RC4" and "3DES".
[Inactive]
[Inactive]
Page 32 of 57
RICOH Category Security
Security
Security Security Security Security
Security Security Security Security
Common Criteria Guide
Item
Settings
Network Security FTP IPv4
[Inactive]
Network Security WSD (Device) IPv4
[Inactive]
Network Security WSD (Printer)
[Inactive]
Network Security WSD (Scanner)
[Inactive]
Network Security SNMP
[Inactive]
S/MIME Encryption Algorithm
Select [AES-256 bit], or [AES-128 bit].
When using S/MIME, it is necessary to register the user certificate.
S/MIME Digest Algorithm
Select [SHA-512 bit], [SHA-384 bit], or [SHA-256 bit].
S/MIME
[Use Signatures]
When Sending Email by Scanner
S/MIME
When Transferring by Fax
[Use Signatures]
S/MIME
[Use Signatures]
When Sending Email by Fax
Page 33 of 57
RICOH Category Security Security
Security Security
Security
Security
Common Criteria Guide
Item
Settings
S/MIME
When Emailing TX Results by Fax
[Use Signatures]
S/MIME
[Use Signatures]
When Transferring Files Stored in Document Server (Utility)
IPsec IPsec
Select [Active]
IPsec
Encryption Key Auto Exchange Settings
Encapsulation Mode
[Transport Mode]
IPsec
Encryption Key Auto Exchange Settings
Address Type
[IPv4]
IPsec
Encryption Key Auto Exchange Settings
Local Address
The machine's IP address
Page 34 of 57
RICOH Category Security
Security
Security
Common Criteria Guide
Item
Settings
IPsec
Encryption Key Auto Exchange Settings
Remote Address
Connected server's IP address
Set the following server IP addresses.
FTP server
NTP server
LDAP server
SMTP server
Syslog server
(Note: the evaluated configuration uses IPsec for trusted channel communication with these listed servers required in the TOE operational environment. However, for SMTP and Syslog servers, the TOE can optionally be configured to use either TLS or IPsec to protect communication.)
IPsec
Encryption Key Auto Exchange Settings
Security Level
[Authentication and High-Level Encryption]
For Default Settings set to [PROTECT]
Settings 1 through Settings 4, set values
[PROTECT]
[BYPASS]
[DISCARD]
IPsec
Encryption Key Auto Exchange Settings
Security Policy
[Apply]
Page 35 of 57
RICOH Category Security
Security Security Security Security
Common Criteria Guide
Item
Settings
IPsec
Encryption Key Auto Exchange Settings
Authentication Method
[Certificate] or [PSK].
If you select PSK, press the "Change" button for "PSK Text" to set PSK.
"PSK Text" is limited (truncated) to 32 characters; is composed of any combination of upper and lower-case characters, numbers and special characters that include and (that include: "!", "@", "#", "$", "%", "^", "&", "*", "(", and ")").
Note: It is recommended that long "PSK Text" composed of all permitted characters should be chosen as this is considered more secure.
IPsec
Encryption Key Auto Exchange Settings
Hash Algorithm
Select [SHA256], [SHA384], or [SHA512].
IPsec
Encryption Key Auto Exchange Settings
Encryption Algorithm
Select [AES-128-CBC] or [AES-256CBC].
IPsec
[14]
Encryption Key Auto Exchange Settings
Diffie-Hellman Group
IPsec Encryption Key Auto
Exchange Settings
Validity Period
Enter "86,400" for Phase 1 Enter "28, 800" for Phase 2
The default is 300 seconds for both Phase 1 and phase 2.
Page 36 of 57
RICOH Category Security
Security
Security
Security Security Security Security
Common Criteria Guide
Item
Settings
IPsec
Encryption Key Auto Exchange Settings
Authentication Algorithm
Check [HMAC-SHA256-128], [HMAC-SHA384-192] and [HMACSHA512-256], and uncheck [HMACSHA1-96] and [HMAC-MD5-96].
IPsec
Encryption Key Auto Exchange Settings
Encryption Algorithm Permissions
Check [AES-128] and [AES-256], and uncheck [Cleartext], [DES] and [3DES].
IPsec
[14]
Encryption Key Auto Exchange Settings
PFS
User Lockout Policy Lockout
[Active]
User Lockout Policy
1-5
Number of Attempts before Lockout
User Lockout Policy
[Active]
Lockout Release Timer
User Lockout Policy Lock Out User for
1-9999
3.3.2.6
65
WIM Auto Logout Settings
The administrator must configure the values for [Webpage] settings as specified in Table 17.
Page 37 of 57
RICOH
Category Webpage
Common Criteria Guide
Table 17: WIM Auto Logout Settings
Item
Settings
Webpage
Web Image Monitor Auto Logout Settings
3 - 60
Note that the default setting is 60 seconds.
3.3.3
66
3.3.3.1
67
Tab
Procedure 3 Additional Settings Using the Operation Panel
After completing the configurations in Procedure 2 using the WIM interface, the administrator must go back to the Operation Panel and login to configure the following additional system and fax settings.
System Settings
The administrator must configure the values for [System] settings specified in Table 18.
Table 18: System Settings 2
Item
Settings
Settings for Administrator Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
Select [Auth. Not Required] for all applications.
Application Authentication Management
Network/Interface
Effective Protocol
[Inactive]
Firmware Update (IPv4)
Network/Interface
Effective Protocol
[Inactive]
Firmware Update (IPv6)
Network/Interface
Effective Protocol @Remote Service
[Inactive]
Page 38 of 57
RICOH
Common Criteria Guide
3.3.3.2
68
Tab
Fax Settings
The administrator must configure in the address book the users and groups who are authorized to receive faxes stored by the MFP. See the User Guide Section on `Registering Fax Numbers in the Address Book'. After users are entered in the address book, the administrator can configure the Fax settings in Table 19.
Table 19: Fax Settings
Item
Settings
Reception Settings
Stored Reception File User Setting
[On]
After setting this to [On], specify the users or groups that can access stored reception files.
3.3.4
69
Verifying the MFP Settings
After completing procedure 1 through procedure 3, check the log data and ROM version with the following steps:
a) Check that the machine is OFF
b) Turn the machine ON.
c) Check the details of the Log files that were stored in the machine. Check that the details for "Log Type", "Result", and "Module Name" in the recorded access log are as follows:
i) Log Type: Firmware: Structure
ii) Result: Succeeded
iii) Module Name: G3
iv) For additional details about logs, see "Collecting Logs", "Managing Devices", settings.
d) Login as admin to the Operation Panel and check the fax parameter settings with the following steps:
i) Press [Settings]
ii) Press [Fax Settings]
iii) Press [Detailed Initial Settings]
iv) Press [Parameter Settings: Print List]
v) Check that the following ROM version matches the one shown in the printed list: [ROM Version]
G3: 01.00.00 (Validation Data: 2BA7)
e) Log off
Page 39 of 57
RICOH
3.4
3.4.1
70
3.4.2
71 72 73 74 75
3.4.3
76
77
3.4.4
78
3.4.5
79
3.4.6
80
3.4.7
81
Common Criteria Guide
Services
Firewall
See System Settings
Syslog Server
Configure the SYSLOG server use the WIM interface settings from [Configuration] of [Device Management]. Set -Device Settings -> SYSLOG Transfer -> Transfer to SYSLOG Server and select "Active". -Enter the Syslog Destination <IP address> and <port number> -Select `Inactive' for Verification of Syslog Server Certificate For additional information see "Collecting Logs" in the User Guide.
LDAP Server
Registering the LDAP Server in the Settings page of the online User Guide provides instructions for configuring the LDAP server that the TOE will use for user authentication. Server information to be configured includes:
-a registration name for the LDAP sever -host name or IPv4 address of the LDAP server -a root folder to store email addresses -port number used for communication with the LDAP server (636) -Use Secure Connection (SSL) is set to [ON] -Digest Authentication Additional settings for the LDAP server are described in Table 8: LDAP Authentication.
NTP Server
See System Settings
FTP Server
See System Settings
SMTP Server
See System Settings
CAC/PIV Authentication Solutions
For CAC/PIV authentication, follow the installation and configuration guidance in CAC/PIV/SIPR v4.1 Installation & Configuration Guide and CAC PIV SIPR ELPNX SOP Option v2.3 Installation Guide for v4.x.
Page 40 of 57
RICOH
Common Criteria Guide
3.5
Administration
3.5.1
82 83
Administration Interfaces
See Administration Interfaces above. Table 20 below shows the management functions available at the different administration interfaces.
Table 20: Management Functions
Management Functions
Enable
Interface(s)
Manage user accounts (users, roles, privileges and available functions list)
Create,
Operation Panel,
modify, delete
WIM
Manage the document user list for stored documents
Create, modify
Operation Panel, WIM
Configure audit transfer settings
Modify
WIM
Manage audit logs
Download, Operation Panel,
Delete, export
WIM
Manage Audit Functions
Enable, Disable
Operation Panel, WIM
Manage time and date settings
Modify
Operation Panel, WIM
Configure minimum password length
Modify
Operation Panel, WIM
Configure Password complexity settings
Modify
Operation Panel, WIM
Configure Operation Panel Auto Logout Time
Modify
Operation Panel, WIM
Configure WIM Auto Logout Time
Modify
WIM
Configure number of authentication failure before account lockout
Modify
WIM
Configure account release timer settings
Modify
WIM
Configure PSTN Fax-Line Separation Stored Reception File User
Modify
Operation Panel, WIM
Configure image overwrite
Modify
Operation Panel
Configure network settings for trusted communications (specify IP addresses and port to connect to the TOE)
Modify
Operation Panel, WIM
Page 41 of 57
RICOH
Management Functions Manage HDD Cryptographic key Manage Device Certificates
Manage TOE Trusted Update Configure FTP Configure IPsec Configure SMTP over IPsec Configure NTP
Common Criteria Guide
Enable
Interface(s)
Create Delete
Operation Panel, WIM
Create, query, modify, delete,
upload, downlad
Operation Panel, WIM
Query, Modify
WIM
Modify
WIM
Modify
WIM
Modify
WIM
Modify
Operation Panel, WIM
3.6
84
3.6.1
85
Tab
Management of Security Functions
After initial configuration the TOE security functions can be modified and managed via the WIM or the Operation Panel.
Functions Managed via the Operation Panel
The following settings on the Operation Panel are used to manage the TOE time services, network services, administrators, the password policy and the auto erase memory function.
Table 21: Changing System Settings
Item
Settings
Date/Time/Timer
Date/Time Time Zone
Set the appropriate time zone.
The specified setting is applied after the machine reboots.
Date/Time/Timer
Date/Time Daylight Saving Time
Set the appropriate daylight-saving time.
Reboot the machine after configuring this setting.
Date/Time/Timer
Date/Time Set Date
Set the appropriate date.
Page 42 of 57
RICOH Tab Date/Time/Timer Date/Time/Timer Network/Interface
Network/Interface Network/Interface
Common Criteria Guide
Item Date/Time
Set Time Timer
Auto Logout Timer
IP Address (IPv4) IPv4 Address
Configuration
IP Address (IPv4) IPv4 Gateway
Address
DNS Configuration
Settings
Set the appropriate time.
Select [On], and then set the range for the timer between 10-999 seconds.
Specifying a static IPv4 address Enter the IPv4 address and subnet mask. Obtaining the DHCP server address automatically Select [Auto-Obtain (DHCP)].
Enter the IPv4 gateway address.
Specify this only if you are using a static DNS server. Specifying a static DNS server Enter the IPv4 address in "DNS Server 1", "DNS Server 2", and "DNS Server 3". (Specify DNS Server 2 and 3 if required.) Obtaining the DHCP server address automatically Select [Auto-Obtain (DHCP)].
Page 43 of 57
RICOH
Common Criteria Guide
Tab
Item
Settings
Settings for Administrator
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
Specify settings for one or more administrators.
Specify the administrator's "Login User Name" and "Login Password".
Register/Change Administrator
Set Administrator Login User Name/Login Password
Administrator 1-4
Settings for Administrator
Authentication/Charge Administrator
Authentication/User Authentication/App Auth.
Register/Change Administrator
Set Administrator Privileges
Assign all administrator roles (user administrator, machine administrator, network administrator, and file administrator) to a single administrator.
Settings for Administrator
Authentication/Charge
Administrator Authentication/User Authentication/App Auth.
Register/Change Administrator
Change the supervisor's "Login User Name" and "Login Password".
Note: You must be login as the Supervisor admin to change the login information for the supervisor admin.
Set Administrator Login User Name/Login Password
Supervisor
Page 44 of 57
RICOH
Common Criteria Guide
Tab
Item
Settings
Settings for Administrator
Security
Specifying the Extended Security Functions
Password Policy
Set "Complexity Setting" to [Level 1] or [Level 2], press [Change] on the right of "Minimum Character No.", and then set the number of characters to 15 or more.
For example, to set the number of characters to 15, press the number key "1", "5", and then "#".
Changes to the password policy apply to passwords that are specified or changed after the policy has been updated.
Settings for Administrator
Data Management
Auto Erase Memory Setting
Select [On], and then select [NSA], [DoD], or [Random Numbers].
If you set this to [Random Numbers], set [Number of Erase] to three or more.
3.6.2
86
3.6.2.1
87
Functions Managed via the WIM
The following settings are used to manage TOE functions via the WIM interface.
SMTP Settings The TOE provides secure communication with an SMTP server. Use the following settings on WIM to manage the SMTP server.
Table 22: SMTP Settings
Category
Item
Settings
Device Settings
Email
Administrator Email Address
Enter the administrator's email address.
Device Settings
Email SMTP Server Name
Enter the SMTP server name or IP address.
3.6.2.2
88
Security Settings
The following settings on WIM are used to manage the TOE cryptographic and trusted channel functions as well as the user lockout policy.
Page 45 of 57
RICOH Category Security
Security
Security Security Security Security
Common Criteria Guide
Table 23: Changing Security Settings
Item
Settings
Device Certificate Certificate 1 Create
Create and install a self-signed device certificate.
Set "Algorithm Signature" to one of the following:
sha512WithRSA-2048
sha256WithRSA-2048
Device Certificate Certificate 1 Request
Create a certificate request Set "Algorithm Signature" to one of the following: sha512WithRSA-2048 sha256WithRSA-2048 Submit the request Install the issued certificate
Device Certificate Install
Install a certificate issued by the certificate authority and any intermediate certificate.
Device Certificate
Install Intermediate Certificate
When using an intermediate certificate, configure this setting to install the certificate.
Device Certificate Certification S/MIME
Select the installed device certificate.
Device Certificate Certification IPsec
Select the installed device certificate.
Page 46 of 57
RICOH Category Security Security Security Security Security
Security
Security
Common Criteria Guide
Item
Settings
S/MIME Encryption Algorithm
Select [AES-256 bit] or [AES-128 bit].
When using S/MIME, it is necessary to register the user certificate.
S/MIME Digest Algorithm
Select [SHA-512 bit], [SHA-384 bit], or [SHA-256 bit].
IPsec IPsec
Select [Active].
IPsec
Encryption Key Auto Exchange Settings
Local Address
The machine's IP address
IPsec
Encryption Key Auto Exchange Settings
Remote Address
Connected server's IP address
(the TOE uses IPsec for communication with the LDAP, Syslog, NTP, SMTP and FTP servers)
IPsec
[Certificate] or [PSK].
Encryption Key Auto Exchange Settings
Authentication Method
If you select PSK, press the
"Change" button for "PSK Text" to set PSK.
"PSK Text" is limited (truncated) to 32 characters.
IPsec
Encryption Key Auto Exchange Settings
Hash Algorithm
Select [SHA256], [SHA384], or [SHA512].
Page 47 of 57
RICOH Category Security
Security Security
Common Criteria Guide
Item
Settings
IPsec
Encryption Key Auto Exchange Settings
Encryption Algorithm
Select [AES-128-CBC] or [AES-256CBC].
User Lockout Policy
1-5
Number of Attempts before Lockout
User Lockout Policy Lock Out User for
1-9999
3.6.2.3
89
Auto Logout Settings
The TSF initiated termination function can be managed via the WIM with by configuring the value for the following setting.
Table 24: WIM Auto Logout Settings
Category
Item
Settings
Webpage
Webpage
Web Image Monitor Auto Logout Settings
3 - 60 The default setting is 60 seconds.
3.6.3
90
91
3.6.4
92
User Management
Users accessing the TOE functions are identified and authenticated and allowed to access only the functions that they have permissions to access. The TOE includes an address book of registered users accounts that stores individual user attributes including username, user role, available function lists. The instructions for managing users are provided in "User Authentication" in the "Introduction and Basic Operations" pages of the User Guide.
It should be noted that changes to user security attributes are effective immediately with the press of the "OK" button.
Administrator Roles
The System Settings in Procedure 1 above identifies the settings for managing the administrator roles in the TOE.
Page 48 of 57
RICOH
3.6.5
93
3.6.6
94
3.6.7
95
3.6.8
96
97 98
99
3.7
100
4
101 102
Common Criteria Guide
Default Passwords
The administrator and supervisor passwords are blank by default, they must be set as part of the initial configuration.
Password Management
The System Settings in Procedure 1 above identify the settings for configuring the TOE password policy.
Setting Time
See "Table 6: System Settings " for the settings to configure Time and for the Time settings and "Table 16: Security Settings " for settings to configure access to an NTP server for time synchronization.
Audit Logging
The TOE collects audit data in 3 types of logs: a) Job log which logs user actions such as printing, copying, storing documents
or faxing documents.
b) Access Log - which logs identification and authentication events, system events and security operations events. This log includes records of the use of the management functions, login and logout events.
c) Eco -Friendly Log -- Which logs power on and power off events. Only the authorized administrator can access, configure and manage the audit settings. Only the authorized administrator can review and manage the audit logs The TOE limits the number of audit records that it stores in the 3 logs: 4000 job logs, 12,000 access logs and 4,000 eco-friendly logs before the oldest audit record are overwritten. Using the WIM, the authorized administrator can download the audit logs and delete them.
Additional instructions for managing the audit logs are available in the Collecting Logs RICOH Help pages,
U_NORMAL User Access
The U_Normal user does not have administrator access to the TOE. They can access TOE protected user data and functions based on the available functions list configured for their user account. The user guide describes the job and operations accessible to the U_Normal user.
Clearing the machine for redeployment or at end-of-life
All pre-shared keys, symmetric keys, and private keys are encrypted and are not accessible through normal interfaces during operation.
To clear the machine of all customer-supplied information, perform the following steps:
a) Replace the data encryption key
b) Replace the device certificate
Page 49 of 57
RICOH
Common Criteria Guide
c) Perform the Erase All Memory function .
103
This deletion function is outside the scope of the evaluation. See the Security Guide
for additional information.
5
Annex A: Log Reference
5.1
Format
104
The TOE generates audit records for all required auditable events. Each audit
record includes time and date, type of events, user identify, outcome of events.
5.2
Events
105
The TOE generates the following log events.
Table 25: Audit Events
Requirement FAU_GEN.1
FDP_ACF.1
Auditable Events Start-up and shutdown of the audit functions
Job Completion
Example Event
Tied to startup of the main power: "2020-09-09T17:00:10.0","202009-09T17:00:10.0","Main Power On","Completed","Succeeded"," 0x000000000001beff",,,"","","","" ,"","",,"", Tied to shutdown of the main power: "2020-09-09T16:58:47.0","202009-09T16:58:47.0","Main Power Off","Completed","Succeeded"," 0x000000000001befe",,,"","",""," ","","",,"",
Print: "2020-09-02T17:21:08.0","20200902T17:21:14.0","Report Printing ","Succeeded","Control Panel"," Completed",,"0xffffff88","admin1 ","0x000000000001b303","",,""," ",,,"","","","",,"","",,,"","","","","","",, "","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",," ",,"","","",,,"","","","","","",,,"","",""," ","","","",,"","","",,"","","","","","",""," ","","",,,,, ,,,"Succeeded",,"Completed",,"", "","0x000000000001b303","",,"", "",,,"","","","",,"","",,,"","","","","","", ,"","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",, "",,"","","",,,"","","","","","",,"Report ","","","","","","","",,"","","",,"","",""," ","","","","","","",,,,, ,,,"Succeeded",,"Completed",,"", "","0x000000000001b303","",,"",
Page 50 of 57
RICOH Requirement
Common Criteria Guide
Auditable Events
Example Event
"",,,"","","","",,"","",,,"","","","","","", ,"","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",, "",,"","","",,,"","","","","","",,,"","","", "","","","",,"","","","Print","202009-02T17:21:08.0","2020-0902T17:21:14.0","","","","","","","1" ,"","LT","normal",,,
Fax: "2020-09-03T09:24:06.0","20200903T09:24:54.0","Fax: Sending"," Failed","Control Panel","Failed", "Cancelled by User","0x00000003","u1","0x000 000000001b364","",,"","",,,"","","" ,"",,"","",,,"","","","","","",,"","",,,,,,,, ,"",,"",,"","","",,,,,"",,,,"",,"",,"","","", ,,"","","","","","",,,"","","","","","","",, "","","",,"","","","","","","","","","",,,,,
,,,"Succeeded",,"Completed",,"", "","0x000000000001b364","",,"", "",,,"","","","",,"","",,,"","","","","","", ,"","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",, "",,"","","",,,"","","","","","",,"Scan File","2020-0903T09:24:09.0","2020-0903T09:24:10.0","","","","","",,"","", "",,"","","","","","","","","","",,,,, ,,,"Failed",,"Failed","Data Transf er Interrupted","","","0x0000000000 01b364","",,"","",,,"","","","",,"","",, ,"","","","","","",,"","",,,,,,,,,"",,"",,"", "","",,,,,"",,,,"",,"",,"","","",,,"","",""," ","","",,,"","","","","","","",,"","","","S end","2020-0903T09:24:06.0","2020-0903T09:24:54.0","u1d","1234",""," ","","","","",,,,,
Scan: "2020-09-09T16:52:36.0","20200909T16:52:47.0","Scanner: Sendi ng","Succeeded","Control Panel ","Completed",,"0x00000003","u 1","0x000000000001bee9","",,"", "",,,"","","","",,"","",,,"","","","","","", ,"","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",, "",,"","","",,,"","","","","","",,,"","","", "","","","",,"","","",,"","","","","","","", "","","",,,,,
Page 51 of 57
RICOH Requirement
Common Criteria Guide
Auditable Events
Example Event
,,,"Succeeded",,"Completed",,"", "","0x000000000001bee9","",,"", "",,,"","","","",,"","",,,"","","","","","", ,"","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",, "",,"","","",,,"","","","","","",,"Scan File","2020-0909T16:52:36.0","2020-0909T16:52:40.0","","","","","",,"","", "",,"","","","","","","","","","",,,,, ,,,"Succeeded",,"Completed",,"", "","0x000000000001bee9","",,"", "",,,"","","","",,"","",,,"","","","","","", ,"","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",, "",,"","","",,,"","","","","","",,,"","","", "","","","",,"","","","Send","202009-09T16:52:40.0","2020-0909T16:52:47.0","u1d","10.20.5.7 :/u1","","","","","","",,,,,
Document Server: "2020-09-03T09:13:24.0","202009-03T09:13:28.0","Document Server: Storing","Succeeded","C ontrol Panel","Completed",,"0x0 0000003","u1","0x00000000000 1b349","",,"","",,,"","","","",,"","",,," ","","","","","",,"","",,,,,,,,,"",,"",,"","" ,"",,,,,"",,,,"",,"",,"","","",,,"","","","", "","",,,"","","","","","","",,"","","",,""," ","","","","","","","","",,,,, ,,,"Succeeded",,"Completed",,"", "","0x000000000001b349","",,"", "",,,"","","","",,"","",,,"","","","","","", ,"","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",, "",,"","","",,,"","","","","","",,"Scan File","2020-0903T09:13:24.0","2020-0903T09:13:28.0","","","","","",,"","", "",,"","","","","","","","","","",,,,, ,,,"Succeeded",,"Completed",,"", "","0x000000000001b349","",,"", "",,,"","","","",,"","",,,"","","","","","", ,"","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",, "",,"","","",,,"","","","","","",,,"","","", "","","","",,"","","","Store","202009-03T09:13:24.0","2020-0903T09:13:28.0","","","903","COP Y0012","0","","","",,,,, Copy: "2020-09-01T12:41:09.0","20200901T12:41:19.0","Copier: Copyin g","Succeeded","Control Panel", "Completed",,"0x00000003","u1"
Page 52 of 57
RICOH Requirement
FIA_UAU.1/ FIA_UID.1
Common Criteria Guide
Auditable Events
Unsuccessful identification Unsuccessful authentication
Example Event
,"0x000000000001adf4","",,"","", ,,"","","","",,"","",,,"","","","","","",,"" ,"",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",,"",, "","","",,,"","","","","","",,,"","","",""," ","","",,"","","",,"","","","","","","",""," ","",,,,, ,,,"Succeeded",,"Completed",,"", "","0x000000000001adf4","",,""," ",,,"","","","",,"","",,,"","","","","","",, "","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",," ",,"","","",,,"","","","","","",,"Scan File","2020-0901T12:41:09.0","2020-0901T12:41:19.0","","","","","",,"","", "",,"","","","","","","","","","",,,,, ,,,"Succeeded",,"Completed",,"", "","0x000000000001adf4","",,""," ",,,"","","","",,"","",,,"","","","","","",, "","",,,,,,,,,"",,"",,"","","",,,,,"",,,,"",," ",,"","","",,,"","","","","","",,,"","",""," ","","","",,"","","","Print","2020-0901T12:41:09.0","2020-0901T12:41:19.0","","","","","","","1" ,"","LT","normal",,,
Operation Panel
"2020-09-03T09:13:00.0","20200903T09:13:00.0","Login","Failed", ,"Password Mismatch",,"0x00000000","u1"," 0x000000000001b347","","Auth entication","","",,"Control Panel","","","","",,"","",,,"","","",""," ","",,"","",,,,,,,,,"",,"",,"","","",,,,,"",,, ,"",,"",,"","","",,,"","","","","","","Co mpleted",,"","","","","","","",,"","","" ,,"","","","","","","","","","",,,,,
WIM
"2020-09-09T16:35:58.0","20200909T16:35:58.0","Login","Failed", ,"Password Mismatch",,"0x00000000","admi n","0x000000000001bea1","ip:1 72.16.200.10","Authentication"," ","",,"via Network","","","","",,"","",,,"","",""," ","","",,"","",,,,,,,,,"",,"",,"","","",,,,,"" ,,,,"",,"",,"","","",,,"","","","","","","C
Page 53 of 57
RICOH Requirement
FMT_SMF.1
Common Criteria Guide
Auditable Events
Example Event
ompleted",,"","","","","","","",,"","", "",,"","","","","","","","","","",,,,,
Use of a management function
Setting authentication lockout policies:
"2020-08-26T14:58:16.0","202008-26T14:58:16.0","Machine Configuration","Succeeded",,"Su cceeded",,"0xffffff88","admin1"," 0x00000000000195bf","","Devic e Settings","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","User Lockout Policy","","","","","Completed",,"", "","","","","","",,"","","",,"","","","","", "","","","","",,,,,
,,,,,,,"","","0x00000000000195bf" ,"","Device Settings","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","","Num ber of Attempts before Lockout","4","","","Completed",," ","","","","","","",,"","","",,"","","",""," ","","","","","",,,,,
,,,,,,,"","","0x00000000000195bf" ,"","Device Settings","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","","Lock Out User for","2","","","Completed",,"","","", "","","","",,"","","",,"","","","","","","", "","","",,,,,
Changing minimum password length:
"2020-09-03T11:29:15.0","202009-03T11:29:15.0","Machine Configuration","Succeeded",,"Su cceeded",,"0xffffff88","admin11", "0x000000000001b41a","","Devi
Page 54 of 57
RICOH Requirement
Common Criteria Guide
Auditable Events
Example Event
ce Settings","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","Passw ord Policy","","","","","Completed",,"", "","","","","","",,"","","",,"","","","","", "","","","","",,,,,
,,,,,,,"","","0x000000000001b41a ","","Device Settings","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","","Com plexity Setting","Level1","","","Complete d",,"","","","","","","",,"","","",,"",""," ","","","","","","","",,,,,
,,,,,,,"","","0x000000000001b41a ","","Device Settings","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","","Mini mum Character No.","5","","","Completed",,"",""," ","","","","",,"","","",,"","","","","",""," ","","","",,,,,
"2020-09-09T16:35:46.0","202009-09T16:35:46.0","Machine Configuration","Succeeded",,"Su cceeded",,"0xffffff88","admin1"," 0x000000000001be8d","","Devic e Settings","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","SYSL OG","","","","","Completed",,"","", "","","","","",,"","","",,"","","","","","", "","","","",,,,,
,,,,,,,"","","0x000000000001be8d ","","Device Settings","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","","SYS LOG IPAddress","Changed","","","Co
Page 55 of 57
RICOH
Common Criteria Guide
Requirement FMT_SMR.1 FPT_SMR.1
Auditable Events
Example Event
mpleted",,"","","","","","","",,"","","" ,,"","","","","","","","","","",,,,,
Modification of the group of users that are part of a role
Changes to the time
TOE does not specifically modify the group of users that are part of a role.
"2020-08-01T08:06:24.0","20200801T08:06:24.0","Date/Time Cha nge","Succeeded","Control Pan el","Succeeded",,"0xffffff87","ad min","0x000000000001a58a","", "System","","",,,"","","","",,"","",,,"" ,"","","","","",,"","",,,,,,,,,"",,"",,"","", "",,,,,"",,,,"",,"",,"","","",,,"","","",""," ","","Completed",,"","","","","","","" ,,"","","",,"","","","","","","","","","",,, ,,
FTP_TRP.1 Remote administrator
FTP_TRP.1 Remote non-admin users FTP_ITC.1
Failure to establish a session
"2020-09-09T16:43:57.0","202009-09T16:43:57.0","Collect Encrypted Communication Logs","Failed",,"C ommunication Failure",,"0x000000 00","","0x000000000001bed6",""," Network Attack Detection/Encrypted Communication","","",,,"","","","",, "","",,,"","","","","","",,"","",,,,,,,,,"" ,"Encryption Communication","443","TCP","ip: 172.16.200.10","52664","","HTTP" ,,"SSL","Communication Start Request Receiver (In)","","Start",,,"",,"",,"","","",,,"", "","","","","","Failed",,"","","","","" ,"","",,"","","",,"","","","","","","","" ,"","",,,,,
Failure to establish See remote administration a session
Failure to establish a session
IPsec: "2020-08-19T14:14:00.0","202008-19T14:14:00.0","Collect Encrypted Communication Logs","Failed",," Communication Failure",,"0x000 00000","","0x0000000000015c9 4","","Network Attack Detection/Encrypted Communication","","",,,"","","","",,
Page 56 of 57
RICOH Requirement
Common Criteria Guide
Auditable Events
Example Event
"","",,,"","","","","","",,"","",,,,,,,,,""," Encryption Communication","500","UDP","i p:10.20.5.3","500","","IPsec",,"IP sec","Communication Start Request Sender (Out)","","Start",,,"",,"",,"","","",,,"" ,"","","","","","Failed",,"","","","","", "","",,"","","",,"","","","","","","","","", "",,,,,
TLS:
{"parentLogId":"0000000000018 f5f","subLogId":"0008000000000 0650000000000018f5f","subJob Type":"destination.network","des NetSubState":"endedincomplete","desNetStartTime":" 2020-0825T20:29:51Z","desNetStartVali dTimeFlag":"on","desNetEndTim e":"2020-0825T20:30:01Z","desNetEndValid TimeFlag":"on","desNetAddress Name":"u1d","desNetAddress":" u1@example.com","desNetSen dKind":"mail","desNetSendOwn er":"u1d","desNetSendMode":"d ocument","desNetSendPages":" ","desNetFileNo":"","desNetError Info":"","desNetSubStatusDetail" :"dest-connectfail","logPart":"1of1"}
Page 57 of 57
Microsoft Word for Microsoft 365