CRP-C0179-01
Certification Report
Koji Nishigaki, Chairman
Information-technology Promotion Agency, Japan
Target of Evaluation
Application date/ID 2008-02-21 (ITC-8197)
Certification No. C0179
Sponsor TOSHIBA TEC CORPORATION
Name of TOE [Japanese] e-STUDIO352/452,
e-STUDIO353/453 System Software
[English] System Software for e-STUDIO352/452,
e-STUDIO353/453
Version of TOE V2.0
PP Conformance None
Conformed Claim EAL3
Developer TOSHIBA TEC CORPORATION
Evaluation Facility Electronic Commerce Security Technology
Laboratory Inc. Evaluation Center
This is to report that the evaluation result for the above TOE is certified as
follows.
2008-08-12
Hideji Suzuki, Technical Manager
Information Security Certification Office
IT Security Center
Evaluation Criteria, etc.: This TOE is evaluated in accordance with the following
criteria prescribed in the "IT Security Evaluation and
Certification Scheme".
- Common Criteria for Information Technology Security Evaluation Version 2.3
(ISO/IEC 15408:2005)
- Common Methodology for Information Technology Security Evaluation
Version 2.3 (ISO/IEC 18045:2005)
Evaluation Result: Pass
"[Japanese] e-STUDIO352/452,e-STUDIO353/453 System Software V2.0
[English] System Software for e-STUDIO352/452,e-STUDIO353/453 V2.0" has
been evaluated in accordance with the provision of the "IT Security Certification
Procedure" by Information-technology Promotion Agency, Japan, and has met
the specified assurance requirements.
CRP-C0179-01
Notice:
This document is the English translation version of the Certification Report
published by the Certification Body of Japan Information Technology Security
Evaluation and Certification Scheme.
CRP-C0179-01
Table of Contents
1. Executive Summary ............................................................................... 1
1.1 Introduction ..................................................................................... 1
1.2 Evaluated Product ............................................................................ 1
1.2.1 Name of Product ......................................................................... 1
1.2.2 Product Overview ........................................................................ 1
1.2.3 Scope of TOE and Overview of Operation ....................................... 1
1.2.4 TOE Functionality ....................................................................... 2
1.3 Conduct of Evaluation....................................................................... 5
1.4 Certificate of Evaluation .................................................................... 6
1.5 Overview of Report ............................................................................ 6
1.5.1 PP Conformance.......................................................................... 6
1.5.2 EAL ........................................................................................... 6
1.5.3 SOF ........................................................................................... 6
1.5.4 Security Functions ...................................................................... 6
1.5.5 Threat ........................................................................................ 7
1.5.6 Organisational Security Policy ..................................................... 7
1.5.7 Configuration Requirements ........................................................ 7
1.5.8 Assumptions for Operational Environment .................................... 7
1.5.9 Documents Attached to Product ................................................... 7
2. Conduct and Results of Evaluation by Evaluation Facility......................... 9
2.1 Evaluation Methods .......................................................................... 9
2.2 Overview of Evaluation Conducted ..................................................... 9
2.3 Product Testing ................................................................................ 9
2.3.1 Developer Testing........................................................................ 9
2.3.2 Evaluator Testing...................................................................... 11
2.4 Evaluation Result ........................................................................... 12
3. Conduct of Certification ....................................................................... 13
4. Conclusion.......................................................................................... 14
4.1 Certification Result ......................................................................... 14
4.2 Recommendations ........................................................................... 14
5. Glossary ............................................................................................. 15
6. Bibliography ....................................................................................... 16
CRP-C0179-01
1
1. Executive Summary
1.1 Introduction
This Certification Report describes the content of certification result in relation to IT
Security Evaluation of "[Japanese] e-STUDIO352/452,e-STUDIO353/453 System
Software V2.0 [English] System Software for e-STUDIO352/452,e-STUDIO353/453
V2.0" (hereinafter referred to as "the TOE") conducted by Electronic Commerce
Security Technology Laboratory Inc. Evaluation Center (hereinafter referred to as
"Evaluation Facility"), and it reports to the sponsor, TOSHIBA TEC CORPORATION.
The reader of the Certification Report is advised to read the corresponding ST and
manuals (please refer to "1.5.9 Documents Attached to Product" for further details)
attached to the TOE together with this report. The assumed environment,
corresponding security objectives, security functional and assurance requirements
needed for its implementation and their summary specifications are specifically
described in ST. The operational conditions and functional specifications are also
described in the document attached to the TOE.
Note that the Certification Report presents the certification result based on assurance
requirements conformed to the TOE, and does not certify individual IT product itself.
Note: In this Certification Report, IT Security Evaluation Criteria and IT
Security Evaluation Method prescribed by IT Security Evaluation and
Certification Scheme are named CC and CEM, respectively.
1.2 Evaluated Product
1.2.1 Name of Product
The target product by this Certificate is as follows:
Name of Product: [Japanese] e-STUDIO352/452, e-STUDIO353/453 System Software
[English] System Software for e-STUDIO352/452,
e-STUDIO353/453
Version: V2.0
Developer: TOSHIBA TEC CORPORATION
1.2.2 Product Overview
This product is the system software of the digital multi function device
"e-STUDIO352/452, e-STUDIO353/453" (hereafter referred to collectively as the
"MFP") manufactured by TOSHIBA TEC CORPORATION.
The system software provides general functions as a MFP as well as the function of
data overwrite and permanently erase on the user document data deleted from the
e-STUDIO352/452, e-STUDIO353/453 HDD.
The function of data overwrite and permanently erase includes the function to
collectively and completely delete all user document data from the HDD before the
HDD is disposed or replaced. This function also prevents unauthorized restore of data.
1.2.3 Scope of TOE and Overview of Operation
The TOE is the control software of MFP. Figure 1-2 depicts the relation to each part of
MFP. As shown in Figure 1-1 below, MFP is used as a terminal to send/receive data
CRP-C0179-01
2
to/from facsimiles, a terminal to send Email to Email servers, and a remote printer for
remote PCs in network environments as well as they are installed in general offices as
a standalone copier.
Figure 1-1 Typical operating environment of the TOE
The MFP is a digital copier which inputs, processes, and outputs user documents. Its
output processes are copy, print, scan, and fax reception and fax transmission. After
each process completes, user document data is deleted by the file delete function
provided by the operation system, except for the cases when the MFP user stores
his/her user document data stored in temporally area(*) in the HDD.
User document data stored in temporally area in the HDD are managed by each MFP
user based on importance and confidentiality of the user document data and deleted
using the operation system's file delete function as necessary.
*Caution) In this report, "e-Filing Box" and a shared folder are called temporally area
in the HDD.
1.2.4 TOE Functionality
The TOE has normal mode where MFP users operate these models in ordinary cases,
and self-diagnostic mode where service engineers perform maintenance services.
1.2.4.1 Normal Mode
Figure 1-2 shows the configuration of the MFP in normal mode.
LAN
Mail
server
PC
PSTN
FAX
Internet
CRP-C0179-01
3
Figure 1-2 Product Configuration in Normal Mode
This section describes the functionality of the TOE.
1) Process of GP-1060 Installation Information
This process checks whether or not the GP-1060 is installed.
In order to make the MFP users aware that the Data Delete Function is available,
the TOE name and TOE version are displayed on the LCD display of the control
panel.
2) Copy process
This process scans user document data using the scanner and writes the scanned
data in the HDD work area.
Then, this process reads the user document data in the work area and performs both
or either of the following processes, "Outputs the user document data to the printer"
and "Saves the user document data in the HDD temporary area specified by the MFP
user".
3) Print process
This process receives user document data from PC or reads a USB, and writes the
data in the HDD work area.
Then, this process reads the user document data in the work area and performs both
or either of the following processes, "Outputs the user document data to the printer"
and "Saves the user document data in the HDD temporary area specified by the MFP
user".
4) Scan process
This process scans user document data using the scanner and performs both or
either of the following processes, "Saves the user document data in the HDD
temporary area specified by the MFP user" and "Sends Email to a destination
specified by the MFP user".
5) Fax transmission process
This process scans user document data using the scanner and writes the scanned
data in the HDD work area.
PSTN
(FAX)
GP-1060
Scanner
Printer
LAN Line
(PC)
Control Panel
Display
User document
data deleted by
OS’s delete
function
HDD
USB
TOE Storage for assets to be protected
OS（VxWorks 5.5）
Data Delete Function
Overwrite Process
Registration of Overwrite Process
e-STUDIO General Functions (Job Management)
Copy Scan
Print FAX
Transmissi
on
FAX
Receptio
n
Deletion of
Documents in
e-Filing
Boxes
/ Shared
folder
Initialization Process (System Administration)
Process of GP-1060 installation information
CRP-C0179-01
4
Then, this process reads the user document data in the work area and sends the data
to facsimile(s). The data can also be saved in the HDD temporary area specified by
the MFP user
6) Fax reception process
This process receives user document data from a facsimile and writes the data in the
HDD work area.
Then, this process reads the user document data in the work area and performs both
or either of the following processes, "Outputs the user document data to the printer"
and "Saves the user document data in the HDD temporary area specified by the MFP
user".
7) HDD temporary Data delete process
This process deletes user document data saved in the HDD temporary area by
operating the control panel or PC.
8) Data Overwrite allocation process (Security Function)
- During each process of the MFP General Functions described above, this process
allocates an area in the dustbox where user document data in the work area, deleted
by the operation system's file delete function, is to be stored.
- When user document data is saved in and deleted from an e-Filing Box or a shared
folder in the HDD during Process (7) described above, this process allocates an area
in the dustbox where the user document data, deleted by the operation system's file
delete function, is to be stored.
9) Data Overwrite process (Security Function)
User document data has been allocated in the dustbox and if any, overwrite the areas
where the user document data has been allocated. While this process is being
executed, the message "ERASING DATA" is displayed on the control panel.
The MFP users must make sure that user document data has been permanently
erased from the HDD by checking that the "ERASING DATA" message on the LCD
display, if displayed on the control panel, has disappeared properly.
The MFP users check the message on the LCD display when collecting printout from
the MFP and confirm the area was overwritten.
1.2.4.2 Self-diagnostic Mode
Figure 1-3 shows the configuration of the MFP in self-diagnostic mode.
CRP-C0179-01
5
Figure 1-3 Product Configuration in Self-diagnostic Mode
This section describes the functionality of the TOE.
1) Process of GP-1060 Installation Information
This process checks whether or not the GP-1060 is installed.
In order to make the MFP users aware that the Data Delete Function is available,
the TOE name and TOE version are displayed on the LCD display of the control
panel.
2) Forcible Data Overwrite process (Security Function)
When HDD is disposed or replaced, this process overwrites all HDD areas where
user document data are saved in the HDD temporary area.
The service engineer operates forcible Data Overwrite function upon request from
the MFP administrator.
1.3 Conduct of Evaluation
Based on the IT Security Evaluation/Certification Program operated by the
Certification Body, TOE functionality and its assurance requirements are being
evaluated by evaluation facility in accordance with those publicized documents such as
"IT Security Evaluation and Certification Scheme"[2], "IT Security Certification
Procedure"[3] and "Evaluation Facility Approval Procedure"[4].
Scope of the evaluation is as follow.
- Security design of the TOE shall be adequate;
- Security functions of the TOE shall be satisfied with security functional
requirements described in the security design;
- This TOE shall be developed in accordance with the basic security design;
- Above mentioned three items shall be evaluated in accordance with the CC Part 3
and CEM.
More specific, the evaluation facility examined " e-STUDIO352/452,e-STUDIO353/453
System Software Security Target " as the basis design of security functions for the TOE
TOE Storage for assets to be protected
GP-1060 Data Delete Function
Initialization Process
(System Administration)
Control Panel
Display
Forcible Data Overwrite
e-Filing Box
Process of GP-1060
installation information
OS (VxWorks 5.5)
HDD
Shared Folder
CRP-C0179-01
6
(hereinafter referred to as "the ST")[1], the evaluation deliverables in relation to
development of the TOE and the development, manufacturing and shipping sites of the
TOE. The evaluation facility evaluated if the TOE is satisfied both Annex B of CC Part
1 (either of [5], [8] or [11]) and Functional Requirements of CC Part 2 (either of [6], [9]
or [12]) and also evaluated if the development, manufacturing and shipping
environments for the TOE is also satisfied with Assurance Requirements of CC Part 3
(either of [7], [10] or [13]) as its rationale. Such evaluation procedure and its result are
presented in "e-STUDIO352/452,e-STUDIO353/453 System Software V2.0, System
Software for e-STUDIO352/452,e-STUDIO353/453 V2.0 Evaluation Technical Report"
(hereinafter referred to as "the Evaluation Technical Report") [17]. Further, evaluation
methodology should comply with the CEM (either of [14], [15] or [16]).
1.4 Certification
The Certification Body verifies the Evaluation Technical Report and Observation
Report prepared by the evaluation facility and evaluation evidence materials, and
confirmed that the TOE evaluation is conducted in accordance with the prescribed
procedure. Certification review is also prepared for those concerns found in the
certification process. Evaluation is completed with the Evaluation Technical Report
dated 2008-07 submitted by the evaluation facility and those problems pointed out by
the Certification Body are fully resolved and confirmed that the TOE evaluation is
appropriately conducted in accordance with CC and CEM. The Certification Body
prepared this Certification Report based on the Evaluation Technical Report submitted
by the evaluation facility and concluded fully certification activities.
1.5 Overview of Report
1.5.1 PP Conformance
There is no PP to be conformed.
1.5.2 EAL
Evaluation Assurance Level of TOE defined by this ST is EAL3 conformance.
1.5.3 SOF
This ST claims "SOF-basic" as its minimum strength of function.
Although this TOE is utilized by being installed at generic offices and it is assumed
that attackers' attack capabilities are low. For this reason, the appropriate minimum
SOF is SOF-basic.
1.5.4 Security Functions
Security functions of the TOE are as follow.
SF.TEMPDATA_OVERWRITE
- In normal mode, register an area in the dustbox where user document data, deleted
from the HDD, is to be stored.
- Completely overwrite the registered areas in the dustbox where the user document
data, deleted from the HDD, is stored. Deleting is executed, according to
DoD5220.22-M.(0x00Fill+0xFF Fill+ random number and Fill + verification)
CRP-C0179-01
7
SF.STOREDATA_OVERWRITE
- In self-diagnostic mode, collectively and completely overwrite all areas of the HDD.
Deleting is executed, according to DoD5220.22-M.(0x00Fill+0xFF Fill+ random
number and Fill+ verification)
1.5.5 Threat
This TOE assumes such threats presented in Table 1-1 and provides functions for
countermeasure to them.
Table 1-1 Assumed Threats
Identifier Threat
T.TEMPDATA_ACCESS By using commercially available tools and by
means of reverse engineering of the areas where
residual user document data remains, a malicious
MFP user or non-privileged user may attempt to
recover or decode user document data, deleted
from the HDD of the MFP by the operation
system's file delete function.
T.STOREDATA_ACCESS Using commercially available tools, a malicious
MFP user or non-privileged user may attempt to
recover or decode the areas in the HDD of the MFP
where user document data, all of which were
deleted by the operation system's file delete
function, still remain.
1.5.6 Organisational Security Policy
There are no organizational security policies required for using the TOE.
1.5.7 Configuration Requirements
This TOE is the System Software installed on the TOSHIBA TEC CORPORATION's
digital copier.
This operating environment of the TOE is indicated below.
- Installing on e-STUDIO352/452, e-STUDIO353/453 with GP-1060.
- For Printer Driver, e-STUDIO452 Series Printer Driver Version 4.6.63.0 is utilized.
- For Fax Driver, e-STUDIO452 Series N/W-Fax Driver Version 4.9.60.0 is utilized.
- For Browser, InternetExplorer ver6.0 sp1 or Firefox ver2.0.0.14 is utilized.
- For Mailer, AL-MaiL32 Version1.13 or Thunderbird ver2.0.0.14 is utilized.
- For WIA Scan Driver Application, Windows FAX and Scan Version 6.0 are utilized.
1.5.8 Assumptions for Operational Environment
No assumptions required in environment using this TOE presents.
1.5.9 Documents Attached to Product
Documents attached to the TOE (Japanese Version) are listed below.
- e-STUDIO352/452, e-STUDIO353/453 Quick Start Guide, OMJ070096A0 01
- Data Overwrite Kit(Operator's Manual in six languages), OMM050034C0 03
- Operator's Manual <Common>, OMJ050096E0 05
CRP-C0179-01
8
- Operator's Manual<Setting/Registering>, OMJ050100E0 05
- GD-1170 Operator's Manual<Fax>, OMJ050059C0 03
- Printing Guide, OMJ050104D0 03
- Filing Box Guide, OMJ07010700 00
- TopAccess Guide, OMJ07010400 00
- Network Management Guide, OMJ07009800 03
- Network Fax Guide, OMJ07010000 03
- Scan Guide, OMJ07011000 00
Documents attached to the TOE (English Version) are listed below.
- e-STUDIO352/452, e-STUDIO353/453 Quick Start Guide, OME070095A0 02
- Data Overwrite Kit (Operator's Manuals in six languages), OMM050034C0 03
- Operator's Manual for Basic Function (North America), OME050097E 05
- Operator's Manual for Basic Function (Europe), OME050098E0 05
- Operator's Manual for Basic Function (Asia), OME050099E0 05
- User Functions Guide, OME050101E0 05
- GD-1170 Operator's Manual for Facsimile Function, OME0500060C0 03
- Printing Guide, OME050003D0 03
- e-Filing Guide, OME07010600 00
- TopAccess Guide, OME07010300 00
- Network Administration Guide, OME07009700 00
- Network Fax Guide, OME07009900 00
- Scanning Guide, OME07010900 00
CRP-C0179-01
9
2. Conduct and Results of Evaluation by Evaluation Facility
2.1 Evaluation Methods
Evaluation was conducted by using the evaluation methods prescribed in CEM in
accordance with the assurance requirements in CC Part 3. Details for evaluation
activities are report in the Evaluation Technical Report. It described the description of
overview of the TOE, and the contents and verdict evaluated by each work unit
prescribed in CEM.
2.2 Overview of Evaluation Conducted
The history of evaluation conducted was present in the Evaluation Technical Report as
follows.
Evaluation has started on 2008-02 and concluded by completion the Evaluation
Technical Report dated 2008-07. The evaluation facility received a full set of
evaluation deliverables necessary for evaluation provided by developer, and examined
the evidences in relation to a series of evaluation conducted. Additionally, the
evaluation facility directly visited the development and manufacturing sites on
2005-10,2005-11 and 2006-01 and examined procedural status conducted in relation to
each work unit for configuration management, delivery and operation and lifecycle by
investigating records and staff hearing. Further, the evaluation facility executed
sampling check of conducted testing by developer and evaluator testing by using
developer testing environment at developer site on 2008-05.
Concerns found in evaluation activities for each work unit were all issued as
Observation Report and were reported to developer. These concerns were reviewed by
developer and all problems were solved eventually.
As for concerns indicated during evaluation process by the Certification Body, the
certification review was sent to the evaluation facility. These were reflected to
evaluation after investigation conducted by the evaluation facility and the developer.
2.3 Product Testing
Overview of developer testing evaluated by evaluator and evaluator testing conducted
by evaluator are as follows.
2.3.1 Developer Testing
1) Developer Test Environment
Test configuration performed by the developer is showed in the Table 2-1.
CRP-C0179-01
10
Table 2-1: Developer test configuration
TOE Version
TOE V2.0 Item Japanese English
ROM T364SY0J329 T364SY0U329,
T364SY0E329
System Software VT358.900 VT358.900
UI data frame V0220.000 0 V0220.000 0
Equipments Specification
Digital Multi Function
Peripheral (MFP)
e-STUDIO452
Option of MFP GP-1060
PC for the tests OptiPlex GX100(DELL), OPTIPLEX 350(DELL)
Mail server SuperMicro 5013C-MT Model P4SCT+
Circuit board for debug,
Serial cable
Circuit board for serial communications connecting with
logic circuit board of digital multifunction peripheral
6LA70328000 PWB-F-SERIAL-IF-360 and DSUB9 pin
serial cross cable
FAX e-STUDIO350 with SuperG3 FAX
telephone exchange
emulator
EXCEL7000
Equipments Specification
WIA Scan Driver
Application
Windows FAX and Scan Version 6.0 (included in
Windows Vista)
Mailer AL-MaiL32 Version1.13
Web Browser Microsoft Internet Explorer Version 6.0 Service Pack 1
Printer Driver e-STUDIO452 Series Printer Driver Version 4.6.63.0
Fax Driver e-STUDIO452 Serires N/W-Fax Driver Version 4.9.60.0
2) Outlining of Developer Testing
Outlining of the testing performed by the developer is as follow.
a. Test configuration
Developer testing was performed at the same TOE testing environment with the
TOE configuration identified in ST.
b. Testing Approach
For the testing, following approach was used.
(1) Operation from Operation Panel + Monitoring of Programming Status
Confirming Key inputting operation on Operation Panel and Content of
Display, attaching special Hardware(JIG) to print board inside Product which
is communicated in RS232C(Serial Communication) is connected to PC. Only
CRP-C0179-01
11
Developer can construct it, and it provides various functions for an analyze
and it is possible to monitor the programming status. File making into HDD,
and File transforming, Overwriting Operation can be confirmed.
(2) Operation from Remote PC + Monitoring of Programming Status
Confirming operation from WEB Browser on Remote PC, or the result of
receiving FAX or E-mail. Additionally, attaching special Hardware(JIG) to
print board inside Product which is communicated in RS232C(Serial
Communication) is connected to PC. Only Developer can construct it, and it
provides various functions for an analyze and it is possible to monitor the
programming status. File making into HDD, and File transforming,
Overwriting Operation can be confirmed.
c. Scope of Testing Performed
Testing is performed about 105 items by the developer.
A coverage analysis was performed and verified that the security functions and
external interfaces described in the functional specification have been all
tested.
A depth analysis was performed and verified that the subsystems and subsystem
interfaces described in the high-level design have been all thoroughly tested.
d. Result
The developer testing results provide evidence that the expected test results
match the actual test results. The evaluator confirmed the legitimacy of the
developer testing approach and tested items, and consistencies between the
testing approaches described in the test plan and the actual test results.
2.3.2 Evaluator Testing
1) Evaluator Test Environment
The evaluator used the same test configuration as the test configuration used by
the developer, plus an additional tool for penetration testing against the developer
test configuration.
- Thunderbird 2.0.0.14 as for Mailer
- Firefox 2.0.0.14 as for Web Browser
- Nmap 4.65.0.0 as for Tool utilizing in penetration test
2) Outlining of Evaluator Testing
Outlining of testing performed by the evaluator is as follow.
a. Test configuration
Evaluator testing was performed at the same TOE testing environment with the
TOE configuration identified in ST.
b. Testing Approach
The same testing approaches as those of the developer testing were used.
c. Scope of Testing Performed
CRP-C0179-01
12
The evaluator performed a total of 31 test items, 6 test items uniquely devised
by the evaluator and 25 test items by sampling the developer testing.
The test items performed by the evaluator took the following into account.
(1) Covering all scenarios including the test items of the developer testing.
(2) Including one more tests in the test items for each interface at least.
The penetration testing comprised 4 tests to confirm that there were no
publicly-known vulnerabilities that the developer was not considering existed.
d. Result
The evaluator successfully completed all the tests and observed the behavior of
the TOE security functions. The evaluator confirmed that the actual test results
match the expected test results, and that there are no obvious exploitable
vulnerabilities in the TOE.
2.4 Evaluation Result
The evaluator had the conclusion that the TOE satisfies all work units prescribed in
CEM by submitting the Evaluation Technical Report.
CRP-C0179-01
13
3. Conduct of Certification
The following certification was conducted based on each materials submitted by
evaluation facility during evaluation process.
1. Contents pointed out in the Observation Report shall be adequate.
2. Contents pointed out in the Observation Report shall properly be reflected.
3. Evidential materials submitted were sampled, its contents were examined, and
related work units shall be evaluated as presented in the Evaluation Technical
Report.
4. Rationale of evaluation verdict by the evaluator presented in the Evaluation
Technical Report shall be adequate.
5. The Evaluator's evaluation methodology presented in the Evaluation Technical
Report shall conform to the CEM.
Concerns found in certification process were prepared as certification review, which
were sent to evaluation facility.
The Certification Body confirmed such concerns pointed out in Observation Report and
certification review were solved in the ST and the Evaluation Technical Report.
CRP-C0179-01
14
4. Conclusion
4.1 Certification Result
The Certification Body verified the Evaluation Technical Report, the Observation
Report and the related evaluation evidential materials submitted and confirmed that
all evaluator action elements required in CC Part 3 are conducted appropriately to the
TOE. The Certification Body verified the TOE is satisfied the EAL3 assurance
requirements prescribed in CC Part 3.
4.2 Recommendations
None
CRP-C0179-01
15
5. Glossary
The abbreviations used in this report are listed below.
CC: Common Criteria for Information Technology Security
Evaluation
CEM: Common Methodology for Information Technology Security
Evaluation
EAL: Evaluation Assurance Level
PP: Protection Profile
SOF: Strength of Function
ST: Security Target
TOE: Target of Evaluation
TSF: TOE Security Functions
The glossaries used in this report are listed below.
MFP (Multi Function Peripherals): Digital copier:
A single multi-functional peripheral device which integrates several
functions such as copy, print, and fax.
e-STUDIO: MFPs where the TOE is installed, i.e., e-STUDIO352/452,
e-STUDIO353/453.
HDD: Hard Disk Drive
User document data:
e-STUDIO user's document data digitized utilizing the e-STUDIO
General Functions. Note that data received by the e-STUDIO using
its fax function is not user document data of the e-STUDIO users but
the data of a person who has sent it.
e-Filing Box, Shared folder:
A temporary area where the e-STUDIO users stores and refers their
user document data. The e-STUDIO users delete user document data
stored themselves. Such user document data is automatically deleted
from an area after a specified effective period expires and this data is
no longer recognized as assets to be protected.
GP-1060: A product installed in the e-STUDIO352/452, e-STUDIO353/453 to
enable the Data Overwrite Function, a security function of the
System Software
Users: Users who utilize the e-STUDIO General Functions
Administrators:
Administrators make each setting of the e-STUDIO General
Functions (including copy, network, and fax settings) and ask service
engineers to execute the forcible Data Overwrite function to the
HDD.
Service Engineers:
Service engineers perform service maintenance operations such as
installation of the e-STUDIO (including installation of the GP-1060).
CRP-C0179-01
16
6. Bibliography
[1] e-STUDIO352/452,e-STUDIO353/453 System Software Security Target Version
2.3 (22 July,2008) TOSHIBA TEC CORPORATION
[2] IT Security Evaluation and Certification Scheme, May 2007,
Information-technology Promotion Agency, Japan CCS-01
[3] IT Security Certification Procedure, May 2007, Information-technology
Promotion Agency, Japan CCM-02
[4] Evaluation Facility Approval Procedure, May 2007, Information-technology
Promotion Agency, Japan CCM-03
[5] Common Criteria for Information Technology Security Evaluation Part 1:
Introduction and general model Version 2.3 August 2005 CCMB-2005-08-001
[6] Common Criteria for Information Technology Security Evaluation Part 2:
Security functional requirements Version 2.3 August 2005 CCMB-2005-08-002
[7] Common Criteria for Information Technology Security Evaluation Part 3:
Security assurance requirements Version 2.3 August 2005 CCMB-2005-08-003
[8] Common Criteria for Information Technology Security Evaluation Part 1:
Introduction and general model Version 2.3 August 2005 CCMB-2005-08-001
(Translation Version 1.0 December 2005)
[9] Common Criteria for Information Technology Security Evaluation Part 2:
Security functional requirements Version 2.3 August 2005 CCMB-2005-08-002
(Translation Version 1.0 December 2005)
[10] Common Criteria for Information Technology Security Evaluation Part 3:
Security assurance requirements Version 2.3 August 2005 CCMB-2005-08-003
(Translation Version 1.0 December 2005)
[11] ISO/IEC 15408-1:2005 - Information Technology - Security techniques -
Evaluation criteria for IT security - Part 1: Introduction and general model
[12] ISO/IEC 15408-2:2005 - Information technology - Security techniques -
Evaluation criteria for IT security - Part 2: Security functional requirements
[13] ISO/IEC 15408-3:2005 - Information technology - Security techniques -
Evaluation criteria for IT security - Part 3: Security assurance requirements
[14] Common Methodology for Information Technology Security Evaluation:
Evaluation Methodology Version 2.3 August 2005 CCMB-2005-08-004
[15] Common Methodology for Information Technology Security Evaluation:
Evaluation Methodology Version 2.3 August 2005 CCMB-2005-08-004
(Translation Version 1.0 December 2005)
[16] ISO/IEC 18045:2005 Information technology - Security techniques - Methodology
for IT security evaluation
[17] e-STUDIO352/452,e-STUDIO353/453 System Software V2.0, System Software for
CRP-C0179-01
17
e-STUDIO352/452,e-STUDIO353/453 V2.0 Evaluation Technical Report Version
1.1, July 24, 2008, Electronic Commerce Security Technology Laboratory Inc.
Evaluation Center
1/2
Issue Date: 2012-08-17
Document No.: SRP-C0179-01
This is to report that surveillance has been conducted on the following Target of Evaluation
(hereinafter referred to as “TOE”), based on IT Security Certification Procedure (CCM-02) 8.1.
It is recommended to use as a reference along with the Certification Report.
TOE:
Certification No. C0179
Sponsor TOSHIBA TEC CORPORATION
Name of the TOE [Japanese] e-STUDIO352/452,
e-STUDIO353/453 System Software
[English] System Software for e-STUDIO352/452,
e-STUDIO353/453
Version of the TOE V2.0
PP Conformance None
Assurance Package EAL3
Developer TOSHIBA TEC CORPORATION
Evaluation Facility Electronic Commerce Security Technology Laboratory Inc.
Evaluation Center
Surveillance Number: JISEC-SV12-001
Report on Surveillance Conducted:
 Surveillance Result
In regard to this surveillance, it is confirmed by the Evaluation Facility that consumers are
able to safely use the TOE; therefore, it is concluded that the certification of this TOE is
maintained.
 Surveillance Summary
As for the contents of the following “Announcement”, which was released by the developer
regarding this TOE, surveillance has been conducted from 2012-04 to 2012-07 in order to
determine whether it is appropriate to maintain its certification.
http://www.toshibatec.co.jp/page.jsp?id=2330
Surveillance Report
2/2
According to the “Announcement”, there is a possibility that the administrator page of the
web-based management utility “TopAccess” site could be accessed without passwords by
using the released vulnerability.
As a result of surveillance, it was verified in the previous evaluation under the
responsibility of the Evaluation Facility that the access to the administrator page of
“TopAccess” does not affect the security functions of the TOE.
The details are described as follows;
From the administrator page of “TopAccess”, it is possible to change the time and date of
MFP clock as well as the expiration date for storing user document data, etc. The previous
evaluation did not examine whether it is possible to change those by using the released
vulnerability when accessing the administrator page of “TopAccess”.
Although the TOE has a function to automatically delete the stored user document data
after passing the expiration date, it specifies that the residual data after being deleted is
no longer recognized as an asset to be protected.
As with other functions which can be used from the administrator page of “TopAccess”, it is
reported that the previous evaluation by the Evaluation Facility verified there was no
effect on the security functions of the Target of Evaluation.
Translation notes: English information can be found at:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1239