HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 59 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
of a security attribute and, thus, not listed under "security attributes" above.
The TSF shall enforce the following rules to determine if an operation among controlled
subjects and controlled objects is allowed:
The user is explicitly authorized by U.ADMINISTRATOR to use a function
A Network Client Computer that is authorized to use the TOE is
automatically authorized to use the functions F.DSR, F.PRT, F.SMI.
The TSF shall explicitly authorise access of subjects to objects based on the following
additional rules: the user acts in the role U.ADMINISTRATOR, none.
The TSF shall explicitly deny access of subjects to objects based on the following
additional rules: none.
Subset residual information protection (FDP_RIP.1) 6.1.3.5
The TSF shall ensure that any previous information content of a resource is made
unavailable upon the deallocation of the resource from the following objects: D.DOC.
6.1.4 Identification and authentication (FIA)
Authentication failure handling (FIA_AFL.1) 6.1.4.1
The TSF shall detect when the Number for the specified Sign In method in Table 30:
Simplified Account Lockout for each sign in method of unsuccessful authentication
attempts occur related to the Event for the same Sign In method in Table 30: Simplified
Account Lockout for each sign in method.
When the defined number of unsuccessful authentication attempts has been met, the TSF
shall perform the Action for the same Sign In method in Table 30: Simplified Account
Lockout for each sign in method.
Application Note: Multiple unsuccessful authentication attempts using the same authentication data are
counted as just one unsuccessful authentication attempt by the sign in methods. For example, assuming
the LDAP Sign In method has zero unsuccessful authentication attempts, if the same user types the
same incorrect password into the LDAP Sign In method seven times in a row, the sign in method will only
count it as one unsuccessful authentication attempt.
Local Device
Sign In:
Administrator
Access Code
the latest successful
authentication for the
Administrator Access
Code
insert a 10 second delay between each
Administrator Access Code authentication
attempt until:
a successful Administrator Access
Code authentication occurs, or
5 minutes elapses after the last failed
Administrator Access Code
authentication
To Next Page
Loading...