HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 89 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
The TOE uses a copy of the self-signed identity certificate it generates when first powered on as a CA
certificate (self-signed) and comes with other CA certificates pre-installed. The administrator must obtain
a CA certificate from the Operational Environment and install this certificate when setting up the
evaluated configuration. The TOE allows the administrator to add, replace, and delete CA certificates
used by IPsec.
This section maps to the following SFRs:
FCS_CKM.1
FCS_CKM.2
FCS_COP.1-ipsec
FMT_MTD.1-auth
FMT_SMF.1
FTP_ITC.1
7.1.8 User and access management
The TOE supports the following roles:
Administrators (U.ADMINISTRATOR)
Users (U.NORMAL)
Administrators maintain and configure the TOE and Operational Environment. Users perform the
standard print, copy, fax, etc. functions on the system.
In addition, the TOE performs many security management functions.
Only administrators can configure the list of Network Client Computers and the Administrative Computer
that are allowed to connect to the TOE and the list of other trusted IT products to which the TOE will
connect. Administrators do this by creating, modifying, and deleting IPsec/Firewall address templates,
service templates, and rules via the TOE. Similarly, only administrators can create, modify, and delete
address templates, service templates, and rules via the TOE for trusted IT products.
For each Control Panel application, an administrator can modify the association of a sign-in method to an
application. (For example, the administrator can associate LDAP Sign In method to the Retrieve from
Device Memory application). In addition, administrators control whether or not a Control Panel user must
use the administrator-selected sign-in method associated with the applications in order to access that
application. This latter feature is controlled through the "Allow users to choose alternate sign-in methods"
function.
Administrators can initialize, modify, and delete Device User Accounts in the Local Device Sign In
database.
It's worth noting that although the following security attributes are enforced by the TOE, the TOE does not
provide functionality to manage these attributes (i.e., the TOE cannot add, change, delete, or query these
attributes on an existing job) and the TOE does not provide default values for these attributes; therefore,
there are no management SFRs specified in this ST for these security attributes:
Job Encryption Password - The job is encrypted by the Operational Environment. The TOE does
not provide a mechanism to change or delete the password on the job.
Job PIN - A print job's Job PIN is set by the Operational Environment (i.e., Network Client
Computer). The TOE does not provide a mechanism to change or delete a Job PIN from a print
job.
This section maps to the following SFRs:
To Next Page
Loading...