HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 79 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
7 TOE Summary Specification
7.1 TOE Security Functionality
The following section explains how the security functions are implemented by the TOE. The different TOE
security functions cover the various SFR classes.
The primary security features of the TOE are:
Auditing
Cryptography
Identification and authentication
Data protection and access control
Protection of the TSF
TOE access protection
Trusted channel communication and certificate management
User and access management
7.1.1 Auditing
The TOE performs auditing of security relevant functions. The TOE connects and sends audit records to
a syslog server (part of the Operational Environment) for long-term storage and audit review. The records
sent to the syslog server by the TOE are only those generated by the TOE while the syslog server has an
established connection with the TOE. If the connection between the TOE and syslog server breaks and is
later reestablished, only records generated by the TOE after the connection is reestablished are sent to
the syslog server. Both the Jetdirect Inside and HCD System firmware generate audit records.
The types of records generated by the TOE are specified in section 6.1.1.1. Each record includes the
date and time of the event, type of event, subject identity (if applicable), and the outcome (success or
failure) of the event. Events resulting from actions of identified users are associated with the identity of
the user that caused the event.
The subject identity used in the audit record is formed in the following manner. For Local Device Sign In,
the subject's identity contains the user's Display Name prefixed with "LOCAL\". For LDAP Sign In, the
subject's identity contains the user's LDAP user name prefixed with either the LDAP server's host name
or IP address then a backslash. For Windows Sign In, the subject's identity contains the user's Windows
domain name and Windows user name separated by a "\". For IPsec, the subject's identity is the user's IP
address.
The time source used for the audit record timestamps is discussed in section 7.1.5.3.
This section maps to the following SFRs:
FAU_GEN.1
FAU_GEN.2
7.1.2 Cryptography
The TOE uses IPsec to protect its communications channels. The QuickSec cryptographic library, which
is part of the Operational Environment, is used to supply the cryptographic algorithms for IPsec. See
section 7.1.6.27 for more information.
To Next Page
Loading...