HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 85 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
FDP_ACC.1-cac
FDP_ACF.1-cac
TOE function access control 7.1.4.5
The TOE controls Control Panel access to TOE functions through the use of Permission Sets. The home
screen sign-in process assigns the Permission Set to the authenticated user's session. This session
Permission Set becomes the user's User Role. Access to each TOE device function is configurable in a
Permission Set by an administrator. A user can perform any function permitted in the session Permission
Set. Control Panel applications (e.g., Copy, Fax, Retrieve from Device Memory) use the user's
Permission Set to determine which of the application's functions should be allowed or disallowed for the
user. A Control Panel user can perform the [PP2600.2] functions of F.CPY, F.DSR, F.FAX, F.PRT,
F.SCN, and F.SMI as determined by the user's Permission Set.
Each Control Panel application requires the user to have one or more specific permissions in their
session Permission Set in order to access that application. In addition, the TOE's administrator can map
sign-in methods to each Control Panel application and require the user to be authenticated to that sign-in
method in order to access that application. The individual applications only check and enforce
permissions. They do not check the sign-in methods. Instead, the TOE enforces the sign-in method
requirement at the time that the user signs in to the TOE by removing permissions from the user's session
Permission Set for each application in which the user's sign in method does not match the sign in method
required by the TOE. By removing the permissions required by each non-matching application, the TOE
limits the set of applications that the user can access.
Administrators can change/modify the sign-in method mapped to each application. In addition, the TOE
provides the feature “Allow users to choose alternate sign-in methods” which allows administrators to
select if the sign-in method application mappings are enforced or ignored by the TOE. It is a function in
the configuration settings which can be configured through the EWS (HTTP) or WS* web services. When
this function is disabled, the TOE enforces the "sign-in method to application" mappings and prunes
(reduces) the user's session Permission Set accordingly. When this function is enabled, the sign-in
method mappings are ignored by the TOE and the user's session Permission Set remains unchanged.
For IPsec users, the TOE uses the IPsec/Firewall to control access to the supported network service
protocols. The IPsec/Firewall contains the IP addresses of authorized client computers grouped into
address templates and the network service protocols grouped into service templates. The administrator
maps an address template to a service template using an IPsec/Firewall rule. Service templates,
therefore, act as the User Roles for IPsec users. IP addresses of computers not contained in a rule are
denied access to the TOE. The [PP2600.2] functions available to an authorized client computer are
F.DSR, F.PRT, and F.SMI.
This section maps to the following SFRs:
FDP_ACC.1-tfac
FDP_ACF.1-tfac
Residual information protection 7.1.4.6
When the TOE deletes an object defined in section 6.1.3.5, the contents of the object are no longer
available to TOE users.
This section maps to the following SFR:
FDP_RIP.1
To Next Page
Loading...