Page 82 of 91
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
FIA_SOS.1
Login passwords for users can be registered only if these passwords meet the following conditions:
(1) Usable characters and types:
Upper-case letters: [A-Z] (26 letters)
Lower-case letters: [a-z] (26 letters)
Numbers: [0-9] (ten digits)
Symbols: SP (space) ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ (33 symbols)
(2) Registrable password length:
- For normal users
No less than the minimum character number for password (8-32 characters) specified by the MFP
administrator and no more than 128 characters.
- For MFP administrators and a supervisor
No less than the minimum character number for password (8-32 characters) specified by the MFP
administrator and no more than 32 characters.
(3) Combination of character types:
The number of combined character types specified by the MFP administrators (two types or more, or
three types or more).
FIA_UAU.2, FIA_UID.2, and FIA_USB.1
A certificate is a set of identification and authentication information of RC Gate.
When the TOE receives a certificate from an IT device to access the TOE via RC Gate communication
interface, the TOE checks if the certificate matches another certificate installed in the TOE. Only if the
certificate sent from the IT device matches the one installed in the TOE so that the IT device is identified as
RC Gate, the IT device whose user role is RC Gate is allowed to use the TOE.
FPT_FDI_EXP.1
The TOE inputs information after the TSF reliably identifies and authenticates the input information from the
Operation Panel or the client computer via LAN interface. Therefore, the input information cannot be
forwarded unless the TSF is not involved in information identification and authentication.
7.3 Document Access Control Function
The Document Access Control Function is to allow authorised TOE users to operate document data and user
jobs in accordance with the provided user role privilege or user privilege.
FDP_ACC.1(a) and FDP_ACF.1(a)
The TOE controls user operations for document data and user jobs in accordance with (1) access control rule
on document data and (2) access control rule on user jobs.
(1) Access control rule on document data
To Next Page
Loading...
