HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 62 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
User-subject binding (FIA_USB.1) 6.1.4.9
The TSF shall associate the following user security attributes with subjects acting on the
behalf of that user: User Identifier (Display Name for Local Device Sign In, user name
for both LDAP Sign In and Windows Sign In, IP address for IPsec) and User Role.
Application Note: Incoming analog fax phone line users have no security attributes, but Receive Fax
jobs are owned by U.ADMINISTRATOR.
The TSF shall enforce the following rules on the initial association of user security attributes
with subjects acting on behalf of users: If "Allow users to choose alternate sign-in
methods" is disabled, the user's session Permission Set will be reduced to exclude
the permissions of applications whose sign in method does not match the sign in
method used by the user to sign in.
The TSF shall enforce the following rules governing changes to the user security attributes
associated with the subjects acting on the behalf of users: none.
6.1.5 Security management (FMT)
Management of authentication security functions behavior (FMT_MOF.1-6.1.5.1
auth)
The TSF shall restrict the ability to enable, disable the functions "Allow users to choose
alternate sign-in methods" for Control Panel applications to U.ADMINISTRATOR.
Management of Fax Archive security functions behavior (FMT_MOF.1-6.1.5.2
faxarchive)
The TSF shall restrict the ability to enable, disable the functions Fax Archive to
U.ADMINISTRATOR.
Management of Permission Set security attributes (FMT_MSA.1-perm) 6.1.5.3
The TSF shall enforce the Common Access Control SFP in Table 29: Common
Access Control SFP and TOE Function Access Control SFP to restrict the ability to
modify, create, delete the security attributes Permission Sets and Permission Set
associations to U.ADMINISTRATOR.
Application Note: The rule applies to all the Permission Sets except the Device Administrator and
Device User. These default Permission Sets cannot be created, renamed or deleted. In addition, the
permissions in Device Administrator Permission Set cannot be modified.
Management of TOE function security attributes (FMT_MSA.1-tfac) 6.1.5.4
The TSF shall enforce the TOE Function Access Control SFP to restrict the ability to
perform the following operations on the security attributes
IPsec/Firewall service templates (defining IPsec User Roles): create, modify,
To Next Page
Loading...