CRP-C0007-01
Certification Report
Target of Evaluation
Application date/ID July 9, 2003 (ITC-4020)
Certification No. C0007
Sponsor Konica-Minolta Business Technologies, Inc
Name of TOE Japan: 7145 System Control Software
Overseas: 7145 Control Software
Version of TOE 25.0000
PP Conformance None
Conformed Claim EAL3
TOE Developer Konica-Minolta Business Technologies, Inc
Evaluation Facility Japan Electronics and Information
Technology Industries Association,
Information Technology Security Center
This is to report that the evaluation result for the above TOE is certified as follows.
March 15, 2004
TABUCHI Haruki, Technical Manager
Information Security Certification Office
IT Security Center
Information-Technology Promotion Agency, Japan
Evaluation Criteria, etc.: This TOE is evaluated in accordance with the following
criteria prescribed in the “General Requirements for IT
Security Evaluation Facility”.
- Common Criteria for Information Technology Security Evaluation Version 2.1
(ISO/IEC 15408:1999)
- Common Methodology for Information Technology Security Evaluation Version
1.0
- CCIMB Interpretations-0210
CRP-C0007-01
Evaluation Result: Pass
“Japan: 7145 System Control Software 25.0000,Overseas: 7145 Control Software
25.0000” has been evaluated in accordance with the provision of the “General
Rules for IT Product Security Certification” by Information-Technology
Promotion Agency, Japan, and has met the specified assurance requirements.
CRP-C0007-01
Notice:
This document is the English translation version of the Certification Report
published by the Certification Body of Japan Information Technology Security
Evaluation and Certification Scheme.
CRP-C0007-01
Table of Contents
1. Executive Summary ...........................................................................................1
1.1 Introduction .................................................................................................1
1.2 Evaluated Product ........................................................................................1
1.2.1 Name of Product.....................................................................................1
1.2.2 Product Overview ...................................................................................2
1.2.3 Scope of TOE and Overview of Operation ...............................................2
1.2.4 TOE Functionality..................................................................................3
1.3 Conduct of Evaluation ..................................................................................5
1.4 Certificate of Evaluation ..............................................................................6
1.5 Overview of Report .......................................................................................6
1.5.1 PP Conformance .....................................................................................6
1.5.2 EAL........................................................................................................6
1.5.3 SOF........................................................................................................7
1.5.4 Security Functions .................................................................................7
1.5.5 Threat .................................................................................................. 10
1.5.6 Organisational Security Policy ............................................................. 10
1.5.7 Configuration Requirements................................................................. 11
1.5.8 Assumptions for Operational Environment ........................................... 11
1.5.9 Documents Attached to Product............................................................ 12
2. Conduct and Results of Evaluation by Evaluation Facility............................... 14
2.1 Evaluation Methods.................................................................................... 14
2.2 Overview of Evaluation Conducted ............................................................. 14
2.3 Product Testing .......................................................................................... 15
2.3.1 Developer Testing................................................................................. 15
2.3.2 Evaluator Testing................................................................................. 16
2.4 Evaluation Result....................................................................................... 18
3. Conduct of Certification................................................................................... 19
4. Conclusion....................................................................................................... 20
4.1 Certification Result .................................................................................... 20
4.2 Recommendations....................................................................................... 20
5. Glossary .......................................................................................................... 21
6. Bibliography .................................................................................................... 23
CRP-C0007-01
1
1. Executive Summary
1.1 Introduction
This Certification Report describes the content of certification result in relation to IT
Security Evaluation of “Japan: 7145 System Control Software 25.0000,Overseas: 7145
Control Software 25.0000” (hereinafter referred to as “the TOE”) conducted by Japan
Electronics and Information Technology Industries Association, Information
Technology Security Center (hereinafter referred to as “Evaluation Facility”), and it
reports to the sponsor, Konica-Minolta Business Technologies, Inc.
The reader of the Certification Report is advised to read the corresponding ST and
manuals (please refer to “1.5.9 Documents Attached to Product” for further details)
attached to the TOE together with this report. The assumed environment,
corresponding security objectives, security functional and assurance requirements
needed for its implementation and their summary specifications are specifically
described in ST. The operational conditions and functional specifications are also
described in the document attached to the TOE.
Note that the Certification Report presents the certification result based on assurance
requirements conformed to the TOE, and does not certify individual IT product itself.
Note: In this Certification Report, IT Security Evaluation Criteria and IT
Security Evaluation Method prescribed by IT Security Evaluation and
Certification Scheme are named CC and CEM, respectively.
1.2 Evaluated Product
1.2.1 Name of Product
The target product by this Certificate is as follows:
Name of Product: Japan: 7145 System Control Software
Overseas: 7145 Control Software
Version: 25.0000
Developer: Konica-Minolta Business Technologies, Inc.
CRP-C0007-01
2
1.2.2 Product Overview
This product (Japan: 7145 System Control Software and Overseas: 7145 Control
Software are identical but differ their names. Hereinafter collectively called “7145
System Control Software”.) is loaded into Konica-Minolta digital copiers (Sitios 7145
Series; hereafter called, 7145 Series)and is a software product intending to reduce
dangers related to disclosure and deletion of document data saved by each user.
7145 System Control Software possesses functions such as copying, printing, and
faxing (copy function, fax function, scan-to-email function, PC-fax save function, i-Fax
function). 7145 System Control Software is loaded into and offered with the 7145
Series.
Figure 1-1 illustrates a typical office environment using the 7145 Series.
Figure 1-1 7145 Series Operating Environment
The 7145 Series loaded with the TOE is connected to an internal network and public
telephone line network as shown in Figure 1-1.
1.2.3 Scope of TOE and Overview of Operation
The TOE is a part of the 7145 Series. Figure 1-2 illustrates the configuration of 7145
Series with TOE.
CRP-C0007-01
3
Figure 1-2 TOE Structure of 7145 Series
The 7145 Series is built up with hardware, OS, and 7145 System Control Software. The
TOE is the 7145 System Control Software and operates on the OS (VxWorks 5.4).
The shaded areas of Figure 1-2 show each function included in the TOE as well as the
User Box data extension area created by the TOE.
1.2.4 TOE Functionality
The TOE is consisted of Basic Functions, which operates document data stored in
document data files within the User Boxes, Control Functions, which is used by
administrators to setup TOE settings, and CE Functions, which is used by CE (*1) to
setup TOE initial settings (registration of administrator and installation of TOE).
(*1) Customer Engineer: Personnel who belong to the company entrusted to maintain
the 7145 Series.
1.2.4.1 Basic Functions
Basic functions are functions that operate through the User Box of the general user
for writing, reading, and deleting of document data (functions for storage are
included in basic functions). A User Box is identified by a User Box identifier, and a
User Box password is set for each User Box in order to confirm authorization of each
User Box owner. An overview of basic functions is shown in Figure 1-3 Details of each
function are explained below.
CRP-C0007-01
4
Figure 1-3 Basic Functions Processing Concepts
(1) Document Data Write Function
This function provides additional writing of document data in the User Box by
following three methods. (It cannot overwrite.)
1. Scanner Function
Being Operated from operation panel, takes data of paper documents from
scanner and converts them to document data, then saves the data in the User
Box.
2. PC Data Receive Function
Saves document data from a client PC to a User Box.
3. Fax Receive Function
Saves document data from a fax device, which is connected to a public telephone
line network, to a User Box.
(2) Document Data Read Function
This function provides a process to read document data registered in the User Box
by following four methods. This function can only be utilized from the operation
panel.
1. Print Function
Prints document data of a User Box.
2. Fax Send Function
Sends document data of a User Box to a fax device, which is connected to a
public telephone line network.
3. Email Function
CRP-C0007-01
5
Attaches document data of a User Box to an email and sends it to the mail
server.
4. FTP Function
Sends document data of a User Box to the FTP server.
(3) Document Data Delete Function
Deletes document data of a User Box.
1.2.4.2 Administrator Functions
Administrators use control functions to set TOE network information and operational
settings for TOE functions. In addition, control functions manage the control
information related to operation of the digital copier, such as to create/modify/delete
User Boxes, print log data, initialize HDD, manage number of printed copies, perform
troubleshooting, and manage toner shortage, etc.. Control functions are permitted to
use by administrators only when they have been successfully identified and
authenticated. Control functions can only be used from the operations panel.
1.2.4.3 CE Functions
The following functions are prepared for CEs to execute initial settings of the TOE.
• Service Setting Mode
Being Operated from operations panel, uses functions of service setting mode to
register and modify administrator passwords.
1.3 Conduct of Evaluation
Based on the IT Security Evaluation/Certification Program operated by the
Certification Body, TOE functionality and its assurance requirements are being
evaluated by evaluation facility in accordance with those publicized documents such as
“Guidance for IT Security Certification Application, etc.”[2], “General Requirements
for IT Security Evaluation Facility”[3] and “General Requirements for Sponsors and
Registrants of IT Security Certification”[4].
Scope of the evaluation is as follow.
- Security design of the TOE shall be adequate;
- Security functions of the TOE shall be satisfied with security functional
requirements described in the security design;
- This TOE shall be developed in accordance with the basic security design;
- Above mentioned three items shall be evaluated in accordance with the CC Part 3
and CEM.
CRP-C0007-01
6
More specific, the evaluation facility examined “Multi-Functional Printer (Digital
Copier) 7145 Series Security Target Version 13” as the basis design of security
functions for the TOE (hereinafter referred to as “the ST”)[1], the evaluation
deliverables in relation to development of the TOE and the development,
manufacturing and shipping sites of the TOE. The evaluation facility evaluated if the
TOE is satisfied both Annex C of CC Part 1 (either of [5], [8], [11] or [14]) and
Functional Requirements of CC Part 2 (either of [6], [9], [12] or [15]) and also
evaluated if the development, manufacturing and shipping environments for the TOE
is also satisfied with Assurance Requirements of CC Part 3 (either of [7], [10], [13] or
[16]) as its rationale. Such evaluation procedure and its result are presented in “7145
System Control Software Evaluation Technical Report” (hereinafter referred to as “the
Evaluation Technical Report”)[22]. Further, evaluation methodology should comply
with the CEM Part 2 (either of [17], [18] or [19]). In addition, the each part of CC and
CEM shall include contents of interpretations[20] and [21].
1.4 Certificate of Evaluation
The Certification Body verifies the Evaluation Technical Report and Observation
Report prepared by the evaluation facility and evaluation evidence materials, and
confirmed that the TOE evaluation is conducted in accordance with the prescribed
procedure. Certification review is also prepared for those problems found in the
certification process. Evaluation is completed with the Evaluation Technical Report
dated March, 2004 submitted by the evaluation facility and those problems pointed out
by the Certification Body are fully resolved and confirmed that the TOE evaluation is
appropriately conducted in accordance with CC and CEM. The Certification Body
prepared this Certification Report based on the Evaluation Technical Report submitted
by the evaluation facility and concluded fully certification activities.
1.5 Overview of Report
1.5.1 PP Conformance
There is no PP to be conformed.
1.5.2 EAL
CRP-C0007-01
7
Evaluation Assurance Level of TOE defined by this ST is EAL3 conformance.
1.5.3 SOF
This ST claims “SOF-basic” as its minimum strength of function.
It is assumed that the present TOE is operated under conditions where physical and
personnel conditions are secured adequately. Therefore, the threat agent can be
specified as low level personnel. Therefore, the “SOF-Basic”, which is a level that can
counteract against a low-level attack ,can fulfill the condition.
1.5.4 Security Functions
Security functions of the TOE are as follow.
(1) Identification and Authentication.
Function Name Security Function
Administrator
Registration
Only being operated by CE, registers administrators in the
TOE by registering administrator passwords.
Passwords are registered when they satisfy specifications,
but not registered when they do not satisfy specifications.
Administrator
Identification and
Authentication
Before an operation of TOE by operator, he/she must be
identified and authenticated as an administrator registered
in the TOE.
No operation of administrator functions is permitted before
identification and authentication as an administrator.
Operators are identified as administrators by access to an
administrator authentication interface, and they are
authenticated as administrators by the password input.
Access is prohibited for 5 seconds when authentication is
unsuccessful.
CRP-C0007-01
8
Function Name Security Function
CE Identification
and Authentication
Before an operation of TOE by operator, he/she must be
identified and authenticated as a CE registered in the TOE.
No operation of CE functions is permitted before
identification and authentication as a CE.
Operators are authenticated as CE by access to an CE
authentication interface and they are authenticated as CEs
by the password input.
Access is prohibited for 5 seconds when authentication is
unsuccessful.
Password
Modification
Modifies administrator passwords, CE passwords, and User
Box passwords.
Offers password modification interface and requires new
password input.
The following password modifications are possible
according to the user.
CE: CE passwords, Administrator
passwords
Administrators: User Box passwords
General users possessing a User Box: the User Box
password for the user’s own User Box.
Passwords are modified when they satisfy specifications,
but not modified when they do not satisfy specifications.
(2) Access Control
Function Name Security Function
General User
Access Rules and
Control
When a general user possessing a User Box is identified
and authenticated as the true user, restricts the possible
range of operation for general user by following access
rules.
Identifies and authenticates a general user possessing a
User Box by the User Box identifier and User Box
password, and permits the following operations on
document data within a User Box indicated by the User Box
identifier.
• Reading and printing of document data
• Reading and sending of document data to fax device
CRP-C0007-01
9
• Reading and sending of document data to FTP server
• Reading and sending of document data to mail server
• Deleting of document data
Access is prohibited for five seconds when identification
and authentication are unsuccessful.
(3) Remaining Data Protection
Function Name Security Function Specification
Remaining Data
Protection
Being always executed after deletion of TOE document
data, overwrites the document data stored region on HDD
with meaningless characters.
(4) Log(Audit)
Function Name Security Function Specification
Log Data Recording Records log data for the operations of security functions.
Events that become log data are shown below.
• Start and end of log function
• Successful and unsuccessful identification and
authentications for administrators, CE, and general
users possessing User Boxes
• Successful and unsuccessful password registration for
administrators and general users possessing User
Boxes
• Successful and unsuccessful password modification for
administrators, CE, and general users possessing User
Boxes
• Successful document data readings
• Successful document data deletions
Log area
Management
Manages the log storage area for creation and saving of log
data.
Overwrites log data starting from the head of the log
storage area again when the storage area of log data is
exhausted.
CRP-C0007-01
10
(5) Control Support
Function Name Security Function Specification
Setting of Security
Intensification Mode
Permits and executes only for administrators the function
(Security Intensification function) that makes all TOE security
functions in effect.
Control Support
Function
(Administrator)
Permits and executes only for administrators the following
processing.
• Creation of User Box, registration of User Box identifier,
and setting of User Box password
• Deletion of User Box identifier, elimination of all
document data in User Box , and deletion of User Box
*)Deletion of all User Box identifiers, elimination of all
document data for all User Boxes and deletion of all User Boxes
are the initialization of HDD.
• Log data query
Registers when User Box passwords satisfy specifications but
refuses registration when they do not satisfy specifications.
1.5.5 Threat
This TOE assumes such threats presented in Table 1-1 and provides functions for
countermeasure to them.
Table 1-1 Assumed Threats
Identifier Threat
Unauthorized Access There may be a threat for a general user to use, delete
or disclose the document data in a User Box belonging
to another general user through operations on the
operational panel.
1.5.6 Organisational Security Policy
Organisational security policy required in use of the TOE is presented in Table 1-2.
Table 1-2 Organisational Security Policy
Identifier Organisational Security Policy
Offering of TOE Developer of TOE offers the TOE to users through
CE of the retailer.
CRP-C0007-01
11
Processing of Used
Document Data
The TOE makes it impossible to reuse the document
data when they are once deleted and unnecessary
any more.
1.5.7 Configuration Requirements
The present TOE is a software product loaded into the 7145 Series.
The TOE is installed as a security function accessory product at time of 7145 Series
shipping, or it is installed by CE at the shipping site as an addition of the security
function to 7145 Series already in use.
1.5.8 Assumptions for Operational Environment
Assumptions required in environment using this TOE presents in the Table 1-3.
The effective performance of the TOE security functions are not assured unless these
preconditions are satisfied.
Table 1-3 Assumptions in Use of the TOE
Identifier Assumptions
TOE Installation
Condition
The TOE is connected to the internal network, and
it is installed in a physically protected area and
allowed to be used only by product related
personnel. (*2)
Chassis Protection The HDD storing the document data cannot be
removed by anyone other than CE.
Internal Network
Installation
Conditions
The TOE is connected to an internal network that
does not cause any disclosure of document data.
Trustworthy
Administrators
Administrators are personnel with sufficient skill
and trustworthiness for controlling the TOE, and
they do not engage in inappropriate actions.
CE Conditions CE does not engage in inappropriate actions.
Control of General
Users
Administrators control and encourage general users
to keep in proper operation from the security
viewpoint.
Execution of Security
Functions
Administrators always keep the security functions
in operation.
(*2) General users, administrators, and CEs.
CRP-C0007-01
12
1.5.9 Documents Attached to Product
Documents attached to the TOE are listed below.
• Japanese Version
[Manuals for CE]
• 7145 Main Unit Unpacking and Installation Manual, 40LA97222, 11/2003
Describes steps for installation at location for use of main unit.
• Instruction Manual: Service Handbook Field Service, Ver. 3.0, 11/2003
Describes hardware adjustment methods as well as registration of
administrators.
• ISW (In-System Writer) Service Handbook, Ver. 1.0, 12/1999
Describes ISW usage methods when updating the TOE and OS after 7145 Series
delivery.
[Manuals for Administrators and General Users]
• 7145 Instruction Manual: Copy, Ver. 4.0, 7/2003
Describes copy function operation methods.
• 7145 Instruction Manual: Network/Scanner, Ver. 3.0, 11/2003
Describes 7145 main unit’s operation methods when connected to a network and
when using the scanner function.
• 7145 Instruction Manual: Document Box, Ver. 1.0, 7/2003
Describes User Box operation methods.
• 7145 Instruction Manual: Security, Ver. 2.0, 2/2004
Describes 7145 System Control Software operation methods and functions that
can be used.
• Overseas Version
[Manuals for CE]
• 7145 Installation Manual, 40LE97222, 11/2003
Describes steps for installation at location for use of main unit.
• 7145 Service Manual Field Service, Ver. 3.0, 11/2003
Describes hardware adjustment methods as well as registration of
administrators.
• ISW (In-System Writer) Service Handbook, Ver. 1.0, 12/1999
Describes ISW usage methods when updating the TOE and OS after 7145 Series
delivery.
CRP-C0007-01
13
[Manuals for Administrators and General Users]
• 7145 Copier Instruction Manual, Ver. 6.0, 11/2003
Describes copy function operation methods.
• 7145 Network Setup and Scanner Operations Instruction Manual, Ver. 250, 11/2003
Describes 7145 main unit’s operation methods when connected to a network and
when using the scanner function.
• 7145 Security Instruction Manual, Ver. 2.0, 3/2004
Describes 7145 System Control Software operation methods and functions that
can be used.
• 7145 Document Folder Operations Instruction Manual, Ver. 3.0, 11/2003
Describes User Box operation methods.
CRP-C0007-01
14
2. Conduct and Results of Evaluation by Evaluation Facility
2.1 Evaluation Methods
Evaluation was conducted by using the evaluation methods prescribed in CEM Part 2
in accordance with the assurance requirements in CC Part 3. Details for evaluation
activities are report in the Evaluation Technical Report. It described the description of
overview of the TOE, and the contents and verdict evaluated by each work unit
prescribed in CEM Part 2.
2.2 Overview of Evaluation Conducted
The history of evaluation conducted was present in the Evaluation Technical Report as
follows.
Evaluation has started on September, 2003 and concluded by completion the
Evaluation Technical Report dated March, 2004. The evaluation facility received a full
set of evaluation deliverables necessary for evaluation provided by developer, and
examined the evidences in relation to a series of evaluation conducted. Additionally,
the evaluation facility directly visited the development and manufacturing sites on
September & October, 2003 and examined procedural status conducted in relation to
each work unit for configuration management, delivery and operation and lifecycle by
investigating records and staff hearing. Further, the evaluation facility executed
sampling check of conducted testing by developer and evaluator testing by using
developer testing environment at developer site on September & October 2003.
Problems found in evaluation activities for each work unit were all issued as
Observation Report and were reported to developer. These problems were reviewed by
developer and all problems were solved eventually.
As for problem indicated during evaluation process by the Certification Body, the
certification review was sent to the evaluation facility. These were reflected to
evaluation after investigation conducted by the evaluation facility and the developer.
CRP-C0007-01
15
2.3 Product Testing
Overview of developer testing evaluated by evaluator and evaluator testing conducted
by evaluator are as follows.
2.3.1 Developer Testing
(1) Developer Test Environment
Test configuration performed by the developer is showed in the Figure 2-1
Figure 2-1 Configuration of Developer Testing
(2) Outlining of Developer Testing
Outlining of the testing performed by the developer is as follow..
a. Test configuration
Test configuration performed by the developer is showed in the Figure 2-1.
[Test configuration Overview]
• Load TOE (25.000) into 7145 Series
• Connect 7145 units by PBX (public telephone line network)
• Connect 7145 unit to internal network (10baseT)
• Connect 7145 unit to PCs (Windows 2000 (SP2)) (client PCs, mail server, FTP
server) through the internal network
Developer testing was performed at the same TOE testing environment with the
TOE configuration identified in ST.
b. Test Approach
For the testing, following approach was used.
1. Confirm operation of security functions by the operation of TSFI.
CRP-C0007-01
16
2. For test item settings, set test items to encompass at least once the TSFI and
subsystem interface.
3. When testing of TSFI and subsystem interface can not be performed by
operation through an external interface directly connected to the 7145 Series,
execute tests with methods by indirectly stimulating that interface.
4. Compare the expected behavior with the actual test results obtained at test
execution, and judges whether test objects are achieved or not.
5. For observation of test behavior, confirm directly if it can be confirmed by
external TSFI; for test behavior that cannot be directly confirmed, attach the
debug tools to TOE for observation and observe the test results.
c. Scope of Testing Performed
Developer testing was set for the following test volume/coverage.
1. Set test items to encompass all security functions and TSFI, based on 7145
Function Specifications Manual.
2. Set test items to test all subsystems or at least once all subsystem interfaces
even if they are tested indirectly.
3. For set 58 test items, test directly 6 TSFI items of 10 TSF interfaces, and test
indirectly the remaining 4 TSF interfaces.
The evaluator decided that the number of developer tests was valid because they
included all security functions from the above test range.
d. Results
It is verified that the test results conducted by the developer was confirmed that
the expected test results and the actual test results were consistent.
The evaluator confirmed that the execution method of the developer test, the
legitimacy of the executed items, the execution method and the execution results
are consistent with those shown in the test plan.
2.3.2 Evaluator Testing
(1) Evaluator Test Environment
Test configuration performed by the evaluator is showed in the Figure 2-2
CRP-C0007-01
17
Figure 2-2 Configuration of evaluator Testing
(2) Outlining of Evaluator Testing
Outlining of testing performed by the evaluator is as follow.
a. Test configuration
Test configuration performed by the evaluator is showed in the Figure 2-2.
[Test Structure Overview]
• Load TOE (25.000) into 7145 Series
• Connect 7145 units by PBX (public telephone line network)
• Connect 7145 to internal network (10baseT)
• Connect 7145 to PCs (Windows 2000 (SP2)) (client PCs, mail server, FTP server)
through the internal network
Evaluator testing was performed at the same TOE testing environment with the
TOE configuration identified in ST.
b. Testing Approach
For the testing, following approach was used.
1. Confirm operation of security functions by the operation of TSFI.
2. Confirm correctness of developer test results by sampling of developer tests.
3. As for test items of test subset, choose important items and missing test items
after analyzing the items of Developer Test.
4. When testing of TSFI and subsystem interface can not be performed by
operation through an external interface directly connected to the 7145 Series,
execute tests with methods by indirectly stimulating that interface.
5. Compare the expected behavior with the actual test results obtained at test
execution, and judges whether test objects are achieved or not.
CRP-C0007-01
18
6. For observation of test behavior, confirm directly if it can be confirmed by
external TSFI; for test behavior that cannot be directly confirmed, attach the
debug tools to TOE for observation and observe the test results.
c. Scope of Testing Performed
Evaluator testing was set for the following test volume/coverage.
1. Verify execution results of tests executed by developer. (14 items)
Verify general TOE functions. Standards by sampling were as follows:
• Choose at least 1 item from 10 subsystems
• Choose at least 1 item from items related to all users and interfaces
• Choose items as being self-contained a series of related operations
2. Verify missing items in function tests executed by developer. (Evaluator added
items) (5 items)
• Set test items for a series of operation related to FTP server, mail server
• Set test items for operation related to on/off of Security Intensification Mode
• Set test items to confirm the writing condition of log data
d. Result
All evaluator testing conducted is completes correctly and could confirm the
behavior of the TOE. The evaluator also confirmed that all the test results are
consistent with the behavior.
2.4 Evaluation Result
The evaluator had the conclusion that the TOE satisfies all work units prescribed in
CEM Part 2 by submitting the Evaluation Technical Report.
CRP-C0007-01
19
3. Conduct of Certification
The following certification was conducted based on each materials submitted by
evaluation facility during evaluation process.
1. Contents pointed out in the Observation Report shall be adequate.
2. Contents pointed out in the Observation Report shall properly be reflected.
3. Evidential materials submitted were sampled, its contents were examined, and
related work units shall be evaluated as presented in the Evaluation Technical
Report.
4. Rationale of evaluation verdict by the evaluator presented in the Evaluation
Technical Report shall be adequate.
5. The Evaluator’s evaluation methodology presented in the Evaluation Technical
Report shall conform to the CEM.
Problems found in certification process were prepared as certification review, which
were sent to evaluation facility.
The Certification Body confirmed such problems pointed out in Observation Report and
certification review were solved in the ST and the Evaluation Technical Report.
CRP-C0007-01
20
4. Conclusion
4.1 Certification Result
The Certification Body verified the Evaluation Technical Report, the Observation
Report and the related evaluation evidential materials submitted and confirmed that
all evaluator action elements required in CC Part 3 are conducted appropriately to the
TOE. The Certification Body verified the TOE is satisfied the EAL3 assurance
requirements prescribed in CC Part 3.
4.2 Recommendations
None
CRP-C0007-01
21
5. Glossary
The abbreviations used in this report are listed below.
CC Common Criteria for Information Technology Security Evaluation
CEM Common Methodology for Information Technology Security
Evaluation
EAL Evaluation Assurance Level
PP Protection Profile
SOF Strength of Function
ST Security Target
TOE Target of Evaluation
TSF TOE Security Functions
The glossaries used in this report are listed below.
User BOX Directory storing document data.
Document Data Data for digitized information such as letters and figures.
Paper Documents Paper-based documents bearing information such as letters and
figures.
Operation Panel Touch panel display and operation buttons integrated into 7145
Series cabinet.
Internal Network Network as LAN in organization introducing 7145 Series.
Connected to the client PC and each server.
External
Network
Network other than the internal network. Internet, etc.
CRP-C0007-01
22
General Users General users belong to the organization introducing the 7145
Series and utilize the user functions such as copying, printing,
and faxing in 7145 Series.
Administrators Administrators belong to the organization introducing the 7145
Series and perform operational administration management of
the 7145 Series. Administrators use operational administration
functions provided by the 7145 Series.
Managers Managers belong to the organization introducing the 7145
Series and designate administrators.
CE CE belongs to the company entrusted to maintain the 7145
Series. CE use operational administration functions provided by
the 7145 Series. CE makes 7145 Series maintenance contracts
with managers and administrators.
product related
personnel
General users, administrators and CE
CRP-C0007-01
23
6. Bibliography
[1] Multi-Functional Printer (Digital Copier) 7145 Series Security Target Version 13
(March 1, 2004) Konica-Minolta Business Technologies, Inc.
[2] Guidance for IT Security Certification Application, etc. April 2004,
Information-Technology Promotion Agency, ITQM-23 (Revised on November 5,
2004)
[3] General Requirements for IT Security Evaluation Facility, April 2004,
Information-Technology Promotion Agency, ITQM-07
[4] General Requirements for Sponsors and Registrants of IT Security Certification,
April 2004, Information-Technology Promotion Agency, ITQM-08 (Revised on
November 5, 2004)
[5] Common Criteria for Information Technology Security Evaluation Part 1:
Introduction and general model Version 2.1 August 1999 CCIMB-00-031
[6] Common Criteria for Information Technology Security Evaluation Part 2:
Security functional requirements Version 2.1 August 1999 CCIMB-99-032
[7] Common Criteria for Information Technology Security Evaluation Part 3:
Security assurance requirements Version 2.1 August 1999 CCIMB-99-033
[8] Common Criteria for Information Technology Security Evaluation Part 1:
Introduction and general model Version 2.1 August 1999 CCIMB-99-031
(Translation Version 1.2 January 2001)
[9] Common Criteria for Information Technology Security Evaluation Part 2:
Security functional requirements Version 2.1 August 1999 CCIMB-99-032
(Translation Version 1.2 January 2001)
[10] Common Criteria for Information Technology Security Evaluation Part 3:
Security assurance requirements Version 2.1 August 1999 CCIMB-99-033
(Translation Version 1.2 January 2001)
[11] ISO/IEC15408-1: 1999 - Information Technology - Security techniques -
CRP-C0007-01
24
Evaluation criteria for IT security - Part 1: Introduction and general model JIS
[12] ISO/IEC 15408-2: 1999 - Information technology - Security techniques -
Evaluation criteria for IT security - Part 2: Security functional requirements
[13] ISO/IEC 15408-3:1999 - Information technology - Security techniques –
Evaluation criteria for IT security - Part 3: Security assurance requirements
[14] JIS X 5070-1: 2000 - Security techniques - Evaluation criteria for IT security -
Part 1: General Rules and general model
[15] JIS X 5070-2: 2000 - Security techniques - Evaluation criteria for IT security -
Part 2: Security functional requirements
[16] JIS X 5070-3: 2000 - Security techniques - Evaluation criteria for IT security -
Part 3: Security assurance requirements
[17] Common Methodology for Information Technology Security Evaluation
CEM-99/045 Part 2: Evaluation Methodology Version 1.0 August 1999
[18] Common Methodology for Information Technology Security Evaluation
CEM-99/045 Part 2: Evaluation Methodology Version 1.0 August 1999
(Translation Version 1.0 February 2001)
[19] JIS TR X 0049: 2001 – Common Methodology for Information Technology Security
Evaluation
[20] CCIMB Interpretations-0407 (December 2003)
[21] CCIMB Interpretations-0407 (December 2003)
(Translation Version 1.0 August 2004)
[22] 7145 System Control Software Evaluation Technical Report Version 9, March 4,
2004, Japan Electronics and Information Technology Industries Association,
Information Technology Security Center