HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 20 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
a print job received from a client computer is either automatically assigned by that client computer or
assigned by the user sending the print job from the client computer. For copy jobs, the user identifier is
assigned by the TOE. Every non-fax job in Job Storage is assigned either a Job PIN or a Job Encryption
Password by the user at job creation time.
The default rules for a non-administrative (U.NORMAL) user for accessing a non-fax job in Job Storage
are:
if the job is Job PIN protected:
o the job owner (i.e., the authenticated user who matches the job's user identifier) can
access the job without supplying the Job PIN
o any non-owner authenticated user who supplies the correct Job PIN can access the job
if the job is Job Encryption Password protected, any authenticated user who supplies the correct
Job Encryption Password can access the job
A Control Panel administrator (U.ADMINISTRATOR) user has a permission in their Permission Set that
allows the administrator to delete a non-fax job in Job Storage.
The TOE protects each fax job in Job Storage through the Permission Set mechanism. A user must have
a specific fax permission in their Permission Set to access received fax jobs in Job Storage.
1.5.2.4.5 TOE function access control
For Control Panel users, the TOE controls access to Control Panel applications (e.g., Retrieve from
Device Memory) using Permission Sets and, optionally, sign-in methods (authentication databases).
Permission Sets act as User Roles to determine if the user can perform a function controlled by
permissions.
Each Control Panel application requires the user to have one or more specific permissions in their
session Permission Set in order to access that application. In addition, the TOE's administrator can map a
sign-in method to each Control Panel application and require the user to be authenticated to that sign-in
method in order to access that application. The individual applications only check and enforce
permissions. They do not check the sign-in methods. Instead, the TOE enforces the sign-in method
requirement at the time that the user signs in to the TOE by removing permissions from the user's session
Permission Set for each application in which the user's sign-in method does not match the sign-in method
required by the TOE. By removing the permissions required by each non-matching application, the TOE
limits the set of applications that the user can access.
Administrators can change/modify the sign-in method mapped to each application. In addition, the TOE
contains a function that allows administrators to select if the sign-in method application mappings are
enforced or ignored by the TOE. This function is called "Allow users to choose alternate sign-in methods."
When this function is disabled, the TOE enforces the "sign in method to application" mappings and
prunes (reduces) the user's session Permission Set accordingly. When this function is enabled, the sign
in method mappings are ignored by the TOE and the user's session Permission Set remains unchanged.
For IPsec users, the TOE uses the IPsec/Firewall to control access to the supported network service
protocols. The IPsec/Firewall contains the IP addresses of authorized client computers grouped into
address templates and the network service protocols grouped into service templates. The administrator
maps an address template to a service template using an IPsec/Firewall rule. Service templates,
therefore, act as the User Roles. IP addresses of computers not contained in a rule are denied access to
the TOE.
1.5.2.4.6 Residual information protection
The TOE protects deleted objects by making them unavailable to TOE users via the TOE's interfaces.
This prevents TOE users from attempting to recover deleted objects of other users via the TOE
interfaces.
To Next Page
Loading...