HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 80 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
The TOE supports the decrypting of print jobs encrypted using the Job Encryption Password. The
decryption code used by the TOE is included in the TOE. See section 7.1.4.3 for more information.
7.1.3 Identification and authentication (I&A)
The TOE supports multiple Control Panel sign in methods, both local and remote methods. It also
supports IPsec identification and mutual authentication.
The following interfaces support I&A:
Control Panel
IPsec
The following interface allows a user limited TOE access without I&A:
Analog Fax Phone Line (for incoming analog fax phone line users)
Control Panel I&A 7.1.3.1
The Control Panel interface supports both local and remote sign in methods. The following sign in
methods are allowed with the evaluated configuration:
Local sign in method:
o Local Device Sign In
Remote sign in methods:
o LDAP Sign In
o Windows Sign In (via Kerberos)
(The servers for the remote sign in methods are part of the Operational Environment.)
The Control Panel also allows both non-administrative users (U.NORMAL) and administrative users
(U.ADMINISTRATOR) to sign in. Prior to sign in, the Control Panel allows users to select a sign in
method, sign in to the TOE, or get help on various MFP functions.
The TOE contains a local user database for defining non-administrative (U.NORMAL, by default) device
user and administrative (U.ADMINISTRATOR) device user accounts used to support the Local Device
Sign In mechanism. Each device user account contains the following security attributes:
Access Code (8 digits)
Display Name
Permission Set
The Access Code is a number that serves as both the login user identifier and the authentication secret.
Each user's Access Code is unique from all other Local Device users. In the evaluated configuration, the
Access Code length must be 8 digits, which is the largest length for an Access Code allowed by the TOE.
The length of the Access Code is manually enforced by the administrator.
The one exception is the Local Device Administrator Access Code, also known as the Device
Administrator Password. While stored on the device, this password can be as long as 16 characters and
composed of letters, numbers, and special characters. The Device Administrator Password can also be
used to sign in to EWS or the Web Services interface from a remote computer in addition to signing in at
the Control Panel.
The Display Name is a unique name assigned to the account by the administrator. This name is a
security attribute because it is used in audit records to identify the user. (The Access Code is not written
in the audit records.)
To Next Page
Loading...