Canon
This docu
written in
n imag
6870i/
ument is a tr
n Japanese.
geRUN
/6870/
with F
Secur
Ver
20
Ca
ranslation o
1
NNER
/6860i/
Fax &
rity Ta
rsion 2.
22/07/2
non In
of the evalua
R ADV
/6860/6
PDL
arget
.06
27
nc.
ated and cer
D
Copyrig
VANCE
6855i
rtified secur
Date of Issue: 2
ght Canon Inc
E DX
rity target
2022/07/27
c. 2021
1 ST
1.1 S
1.2 T
1.3 T
1.3.1
1.3.2
1.3.3
1.4 T
1.4.1
1.4.2
1.5 T
2 Co
2.1 C
2.2 P
2.3 S
2.4 C
3 Sec
3.1 T
3.2 A
3.2.1
3.2.2
3.3 T
3.4 O
3.5 A
4 Sec
4.1 S
5 Ext
5.1 F
5.2 F
5.3 F
5.4 F
5.5 F
5.6 F
5.7 F
5.8 F
5.9 F
5.10 F
5.11 F
5.12 F
introduction
ST reference
TOE referen
TOE overvie
TOE Ty
Usage a
Require
TOE descrip
Physica
Logical
Terms and A
nformance cl
CC Conform
PP claim, Pa
SFR Package
Conformance
curity Proble
TOE Users.
Assets .......
User Da
TSF Da
Threats......
Organization
Assumptions
curity Object
Security Obj
tended comp
FAU_STG_EX
FCS_CKM_E
FCS_HTTPS
FCS_IPSEC_
FCS_KYC_EX
FCS_RBG_EX
FCS_SMC_E
FCS_TLS_EX
FDP_DSK_EX
FDP_FXS_EX
FIA_PMG_EX
FIA_PSK_EX
n ................
e...............
nce............
ew.............
ype ...........
and Major Se
d Non-TOE
ption..........
l scope of th
scope of the
Abbreviation
laims ..........
mance claims
ackage claim
es .............
e rationale..
m Definition
................
................
ata ............
ata.............
................
nal Security
s...............
tives...........
jectives for t
ponents defini
XT Extende
EXT Extende
S_EXT Exten
_EXT Extend
XT Extende
XT Extende
XT Extende
XT Extended
XT Extended
XT Extended
XT Extended
XT Extended
Tabl
..................
................
................
................
................
ecurity Featu
E Hardware a
................
he TOE......
e TOE .......
s ..............
..................
...............
................
................
................
.................
................
................
................
................
................
Policies .....
................
..................
the Operatio
ition ...........
d: External
ed: Cryptogr
nded: HTTPS
ded: IPsec se
d: Cryptogr
d: Cryptogra
d: Submask
d: TLS selec
d: Protectio
d: Fax Separ
d: Password
: Pre-Shared
2
e of Cont
..................
................
................
................
................
ures of the T
and Software
................
................
................
................
..................
................
................
................
................
..................
................
................
................
................
................
................
................
..................
onal environm
..................
Audit Trail S
raphic Key M
S selected ..
elected ......
aphic Opera
aphic Opera
Combining.
cted ...........
n of Data on
ration ........
Managemen
d Key Comp
tents
..................
................
................
................
................
TOE..........
e ...............
................
................
................
................
..................
................
................
................
................
..................
................
................
................
................
................
................
................
..................
ment .........
..................
Storage......
Management
................
................
ation (Key C
ation (Random
................
................
n Disk........
................
nt..............
position......
D
Copyrig
.................
................
................
................
................
................
................
................
................
................
................
.................
................
................
................
................
.................
................
................
................
................
................
................
................
.................
................
.................
................
................
................
................
haining).....
m Bit Gener
................
................
................
................
................
................
Date of Issue: 2
ght Canon Inc
.................
................
................
................
................
................
................
................
................
................
................
.................
................
................
................
................
.................
................
................
................
................
................
................
................
.................
................
.................
................
................
................
................
................
ration)........
................
................
................
................
................
................
2022/07/27
c. 2021
.........5
........ 5
........ 5
........ 5
........ 5
........ 5
........ 6
........ 7
........ 7
........ 8
...... 11
....... 14
...... 14
...... 14
...... 14
...... 14
....... 15
...... 15
...... 15
...... 15
...... 15
...... 17
...... 17
...... 17
....... 19
...... 19
....... 20
...... 20
...... 20
...... 21
...... 22
...... 24
...... 24
...... 25
...... 26
...... 28
...... 28
...... 29
...... 30
5.13 F
5.14 F
5.15 F
5.16 F
6 SE
6.1 N
6.2 S
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.1
6.2.1
6.3 S
6.4 S
6.4.1
7 TO
7.1 U
7.2 A
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.3 P
7.4 S
7.4.1
7.4.2
7.5 L
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5
7.6 S
FPT_KYP_EX
FPT_SKP_EX
FPT_TST_EX
FPT_TUD_EX
CURITY REQ
Notation ....
Security func
Class FA
Class F
Class F
4 Class F
Class F
6 Class F
Class F
Class F
Class F
0 Class F
1 Class F
Security Ass
Security func
The dep
OE Summary
User Authen
Access Cont
Print pr
Scan pr
Copy pr
4 Fax tran
Fax rec
6 Docume
PSTN Fax-N
SSD Encrypt
Encrypt
Cryptog
LAN Data P
IPSec E
IPSec C
TLS En
4 TLS Cry
DRBG F
Signature Ve
XT Extended
XT Extended
XT Extended
XT Extende
QUIREMENT
................
ctional requi
AU: Security
CO: Commu
CS: Cryptog
DP: User Da
IA: Identific
MT: Securit
PR: Privacy
PT: Protecti
RU: Resourc
TA: TOE A
TP: Trusted
surance Requ
ctional requi
pendencies o
specification
ntication Fun
trol Function
rocess contro
ocess contro
rocess contr
nsmission pr
eption proce
ent store and
Network Sep
tion Functio
tion/Decrypt
graphic key m
rotection Fu
Encription Fu
Cryptographi
cription Fun
yptographic
Function ....
erification an
d: Protection
d: Protection
d: TSF testin
d: Trusted U
TS ..............
................
irements ....
y Audit......
unication....
graphic Supp
ata Protectio
ation and Au
y Manageme
................
ion of the TS
ce Utilizatio
ccess ........
d Paths/Cha
uirements...
irements rat
of security re
.................
nction........
n ..............
ol function .
ol function..
rol function .
rocess contro
ess control .
d retrieve pr
aration Func
n..............
tion Functio
management
unction ......
unction ......
c key manag
nction ........
key manage
................
nd Generatio
3
n of Key and
n of TSF Dat
ng.............
Update.......
..................
................
................
................
................
port...........
on.............
uthentication
ent............
................
SF ............
n..............
................
nnels.........
................
ionale........
equirements
..................
................
................
................
................
................
ol .............
................
rocess contr
ction .........
................
on .............
t function ...
................
................
gement Func
................
ement Funct
................
on Function
d Key Mater
ta .............
................
................
..................
................
................
................
................
................
................
n ..............
................
................
................
................
................
................
................
................
................
..................
................
................
................
................
................
................
................
ol function .
................
................
................
................
................
................
ction..........
................
ion............
................
................
D
Copyrig
rial ............
................
................
................
.................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
.................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
Date of Issue: 2
ght Canon Inc
................
................
................
................
.................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
.................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
................
2022/07/27
c. 2021
...... 31
...... 32
...... 32
...... 33
....... 35
...... 35
...... 35
...... 35
...... 37
...... 37
...... 52
...... 56
...... 59
...... 62
...... 62
...... 63
...... 63
...... 64
...... 65
...... 66
...... 66
....... 70
...... 70
...... 71
...... 71
...... 73
...... 75
...... 77
...... 79
...... 81
...... 84
...... 84
...... 84
...... 85
...... 86
...... 86
...... 88
...... 90
...... 91
...... 92
...... 93
7.6.1
7.6.2
7.7 S
7.8 A
7.9 T
7.10 M
7.10.
7.10.
8 Ref
Trademark
- Canon
DX, im
- Micro
tradem
- All na
respec
TLS Sig
IPSec Si
Self-Testing
Audit Log F
Trusted Upd
Management
1 User Ma
2 Device
ferences......
k Notice
n, the Canon
magePRESS,
soft, Window
marks of Micr
ames of comp
ctive compani
gnature Gene
ignature Ver
Function...
unction......
date Functio
t Function ..
anagement F
Management
.................
logo, image
imagePRESS
ws, Windows
rosoft Corpor
panies and p
ies.
eration Func
rification/Ge
................
................
n..............
................
Function ....
t Function..
..................
eRUNNER, i
SLite are trad
Server 2012
ration in the U
roducts conta
4
ction..........
eneration Fu
................
................
................
................
................
................
..................
imageRUNN
demarks or reg
2, Windows 1
U.S. and othe
ained herein
................
unction ......
................
................
................
................
................
................
..................
NER ADVAN
gistered trade
10, Microsoft
er countries.
are trademar
D
Copyrig
................
................
................
................
................
................
................
................
.................
NCE, imageR
emarks of Can
t Edge are tra
rks or registe
Date of Issue: 2
ght Canon Inc
................
................
................
................
................
................
................
................
.................
RUNNER AD
non Inc.
ademarks or r
ered trademar
2022/07/27
c. 2021
...... 93
...... 93
...... 94
...... 94
...... 96
...... 96
...... 96
...... 98
......101
DVANCE
registered
rks of the
1 ST i
1.1 ST
This sectio
ST nam
Version
Issued b
Date of
1.2 TO
This sectio
TOE nam
Version
This TOE
The TOE c
informatio
of the fax,
below.
Type
inform
manuf
MFP b
firmwa
fax
page
langua
1.3 TO
1.3.1 T
The TOE i
and retriev
1.3.2 U
ntroductio
T reference
on provides th
e: Can
Sec
n: 2.0
by: Can
Issue: 202
OE referenc
on provides th
me: Can
n: 182
consists of th
can be confirm
on of the MFP
and the ident
of identifica
mation
facturer name
body
are
description
age processin
OE overview
TOE Type
is an MFP ha
val function.
Usage and
on
e
he Security T
non imageRU
curity Target
6
non Inc.
22/07/27
ce
he TOE ident
non imageRU
22
he MFP body
med by the id
P body, the id
tification info
Table 1 - Th
ation Japan
e [Cano
One o
[1822
[スーパ
ng
[PCL]
w
aving a print f
Major Sec
Target (ST) id
UNNER ADV
tification info
UNNER ADV
y, firmware, fa
dentification
dentification i
ormation of th
he identifica
nese
on]
of [iR-ADV 6
]
パーG3FAX
] and [PS]
function, a sc
curity Featu
5
dentification i
VANCE DX
ormation.
VANCE DX
fax, and page
information o
information o
he page descr
ation inform
6870], [iR-AD
ボード・AX]
an function, a
ures of the
nformation.
6870i/6870/6
6870i/6870/6
description la
of the manufa
of the firmwar
ription langua
mation of th
Eng
DV 6860], [iR
[Sup
a copy functi
TOE
D
Copyrig
6860i/6860/68
6860i/6860/68
anguage proc
acturer name,
re, the identif
age processin
he TOE
glish
R-ADV 6855]
per G3 FAX
on, a fax func
Date of Issue: 2
ght Canon Inc
855i with Fax
855i with Fax
cessing (see T
, the identific
fication infor
ng shown in T
]
Board-AX]
ction, and a S
2022/07/27
c. 2021
x & PDL
x & PDL
Table 3).
cation
rmation
Table 1
Storage
The TOE i
and retriev
TOE has a
for docum
encryption
verification
integrity o
function an
the TOE,
upugrade e
Figure 1 sh
1.3.3 R
The non-T
1) Time S
The TOE c
Standard E
2) Audit
An externa
Edition) fo
3) Client
Generic PC
and setting
correspond
(Microsoft
is an MFP ha
val function.
a user authen
ment data and
n function o
n/generation
of TSF execut
nd sends the m
a reliable up
execution cod
hows the assu
Required N
TOE hardware
Server
communicate
Edition.) to ob
Log Server
al audit log se
or storing TO
t PC
C running Wi
g a printer dri
ding to this T
t Edge is assu
aving a print
In order to p
ntication func
d functions b
of the TOE
function tha
tion codes at
monitoring re
pdate functio
de, and a man
umed operatio
Figure
Non-TOE H
e and softwar
es with SNTP
btain accurate
erver (This op
E-generated
indows 10. A
iver (In this o
TOE. In additi
umed in this c
function, a s
protect these
tion that iden
based on aut
embedded
at protect net
t startup, an a
esults (audit l
on that updat
nagement fun
onal environm
1 Operatio
ardware an
re configurati
P-enabled serv
e time.
peration assu
audit logs. Th
A user having
operation, the
ion to printing
case) to use m
6
scan function
documents fr
ntifies and au
thority, a PS
SSD, a LA
twork commu
audit log func
logs) to an au
te execution
nction that lim
ment when us
onal environ
nd Softwar
ions in Figure
vers (This op
umes SMB ser
he audit log s
an account in
printer drive
g, administra
management c
n, a copy func
from unautho
uthenticates th
STN fax-netw
AN data prot
unications, a
ction that mo
udit log server
code while
mits security s
sing the funct
nment of the
re
e 1 are shown
eration assum
rvers using W
server obtains
n TOE can se
er described in
ators can acce
capabilities o
D
Copyrig
ction, a fax fu
rized alterati
he user, an a
work separati
tection funct
a self-test fun
onitors the us
r, and stores a
confirming
settings to adm
tions of the T
e TOE
n below.
mes Windows
Windows Serv
s the audit log
end a print job
n Table 2 is a
ess TOE throu
f the TOE.
Date of Issue: 2
ght Canon Inc
unction, and
on and disclo
access control
ion function,
tion and a
nction that ch
se of the TOE
audit logs int
authenticity
ministrators.
TOE.
s Server 2012
ver 2012 R2 S
g in SMB.
b to TOE by
assumed.)
ugh a web bro
2022/07/27
c. 2021
a Storage
osure, the
l function
, an SSD
signature
hecks the
E security
ternally in
of TOE's
2 R2
Standard
installing
owser
Print
Gener
(Jap
Gener
Gener
4) File Se
Storage sp
Windows S
5) Firewa
A device th
Internet en
this TOE a
6) Fax
To transmi
expected.
1.4 TO
1.4.1 P
TOE is a d
The digital
designated
installed) a
PCL/PS fe
appropriate
MFP Bod
(Controll
imageRU
imageRU
imageRU
1
The purc
firmware e
er Driver
ric Plus UFRI
panese name:
ric Plus PS3 P
ric Plus PCL6
erver
pace when sen
Server 2012 R
all
hat protects t
nvironment. T
and does not a
it and receive
OE descript
Physical sc
digital multifu
l multifunctio
d Controller V
and page desc
eature). As Ta
e options to m
y
er Version 1
UNNER ADV
UNNER ADV
UNNER ADV
chase of the P
enabled. Ther
II Printer Driv
Generic Plus
Printer Driver
6 Printer Drive
nding scanned
R2 Standard
he internal ne
This indicates
assume any s
e a fax image
tion
cope of the
unction devic
on peripheral
Version opera
cription langu
able 3- Produ
match the sell
822)
VANCE DX
VANCE DX
VANCE DX
PCL option/P
re are no ship
Table 2 -
ver V2.50
LIPSLX Prin
V2.50
er V2.50
d documents
Edition.
etwork to wh
s that the envi
specific produ
via TOE and
e TOE
ce and guidan
constituting
ates, and has a
uage processi
uct Line-up , f
ling name in
Table 3 - P
Sa
X 6870i
X 6860i
X 6855i
A
Eu
A
O
5i
PS option prov
pments for thi
7
- Printer Dri
nter Driver V2
with TOE. T
hich a TOE co
ironment sati
uct.
d PSTN. Faxe
nce.
the TOE is an
a fax function
ing (If option
fax board, PC
the selling ar
Product Lin
ales area
Americas
urope/
Asia/
Oceania(685
i only)
vides an MFP
is option.
iver
2.50)
This operation
onnects from
sfies the Usa
es compatible
n MFP body
n (in the case
nal, purchase P
CL option, and
rea.
ne-up
fax board
Super G3
FAX
Board-AX
1
Super G3
FAX
Board-AX
1
P with the PC
D
Copyrig
n assumes an
unauthorized
ge Assumptio
e with the G3
in which the
of an option
PCL option, P
d PS option n
PCL option
Not required
(standard
equipment)
Not required
(standard
equipment)
CL/PS process
Date of Issue: 2
ght Canon Inc
SMB server u
d access from
ons A. NETW
standard are
firmware of
, a fax board
PS option to
need to procu
n1
PS option
d Not
required
(standard
equipmen
d PS Printe
Kit-BC1
sing function
2022/07/27
c. 2021
using
m the
WORK of
e
the
is
enable
ure the
n1
nt)
r
n of the
imageRU
imageRU
*i: PDL (op
A service e
(not direct
page descr
(not direct
Therefore,
identificati
and page d
The follow
guidance w
When acce
product to
(Japan
- im
セ
- im
[U
- im
ス
(Engli
- im
S
- im
[U
- im
G
- im
[U
- im
A
1.4.2 L
The logica
audit log s
UNNER ADV
UNNER ADV
ptional PDL e
engineer disp
ly distributed
ription langua
ly distributed
the delivere
ion informati
description lan
wing guidance
will be distrib
essing the we
obtain the gu
nese name)
mageRUNNE
セキュリティー
mageRUNNE
USRMA-681
mageRUNNE
ストレーターガ
ish name)
mageRUNNE
Security Settin
mageRUNNE
USRMA-681
mageRUNNE
Guide (for CC
mageRUNNE
USRMA-682
mageRUNNE
Administrator
Logical sco
al scope of the
ervers, client
VANCE DX
VANCE DX
enabled/i mod
patched from
d to consumer
age processin
d to consumer
d item is an
ion (MFP fron
nguage proce
e contained in
buted to TOE
ebsite, select y
uidance below
ER ADVANC
ー設定 アドミニ
ER ADVANC
15-01]
ER ADVANC
ガイド（CC 認証
ER ADVANC
ngs Administ
ER ADVANC
19-01] *USE
ER ADVANC
C certification
ER ADVANC
23-01] *APE
ER ADVANC
r Guide (for C
ope of the
e TOE is show
t PCs, faxes, a
X 6870
X 6860 Ja
K
del). The effec
a sales comp
rs) of a design
ng (PCL, PS)
rs), and provi
MFP body d
nt panel MFP
essing) descri
n the TOE is
consumers in
your region o
w.
CE DX 6800
ニストレーター
CE DX 6870
CE DX 6800
証参照用） [
CE DX 6800
trator Guide [
CE DX 6870i
Version
CE DX 6800
n reference) [U
CE DX 6870i
Version
CE DX C680
CC certificatio
TOE
wn in Figure
and time serv
Figure 2 TO
8
apan
Korea
tive PDL depe
pany attaches
nated control
to a valid sta
ides the MFP
delivered after
P name and M
ibed in Table
available at t
n a PDF file v
of purchase an
シリーズ用
ーガイド [US
/ 6860 ユーザ
シリーズ用
[USRMA-681
series Protec
[USRMA-68
i / 6860i / 685
series ACCE
USRMA-682
i / 6860i / 685
0 series ACC
on reference)
2 TOE Logic
vers). The sec
OE Logical
スーパーＧ
３ＦＡＸボ
ード・ＡＸ１
Super G3
FAX
Board-AX
1
ends on the sa
a fax board t
ller version br
ate according
P body to cons
r the above o
MFP operation
1.
the direction o
via the websi
nd select the
Protection Pr
RMA-6814-0
ザーズガイド
ACCESS MA
16-01]
ction Profile f
17-01 202206
55i User's Gu
ESS MANAG
21-01] *USE
55i User's Gu
CESS MANA
) [USRMA-6
cal Boundary
curity function
Boundary
D
Copyrig
ＰＣＬエミュレ
ーション拡張
キット・ＡＳ１
PCL Printer
Kit-BC1
ales area.
to the MFP bo
rought by the
to purchased
sumers.
operation, and
n panel MFP
of the service
ite (https://oip
appropriate m
rofile for Har
01 20220610
ド（CC 認証参
ANAGEMEN
for Hardcopy
610]
uide (for CC c
GEMENT SY
Version
uide (for CC c
AGEMENT SY
824-01] *AP
y (Excluding u
ns of the TOE
Date of Issue: 2
ght Canon Inc
レ
張
ＰＳ拡張キ
ット・ＢＦ１
r PS Printe
Kit-BC1
ody, installs f
e service engi
d license infor
d is identified
P body, firmw
e engineer. Th
p.manual.can
model of CC c
rdcopy Devic
]
参照用）
NT SYSTEM
Devices adap
certification r
YSTEM Admi
certification r
YSTEM
E Version
users, file ser
E are shown i
2022/07/27
c. 2021
キ
r
firmware
ineer, sets
rmation
d by each
ware, FAX,
he
on/).
certified
ces 対応
M アドミニ
ptive
reference)
inistrator
reference)
rvers,
in color.
TOE has th
– Print
This fu
transm
– Scan
This fu
in TIF
– Copy
This fu
– Fax fu
Fax Tra
This fu
Fax Re
This fu
the Inb
– Docu
Docum
scanne
(Print,
space
UI Func
Audit Log Se
LAN Data Prot
File Managem
Function
Audit Log
User A
Sel
Ma
Op
Di
TOE
he following
function
function prints
mitted from a
function
function trans
FF or PDF file
y function
function dupli
function
ansmission fu
function faxes
eception funct
function recei
box (system b
ument Storage
ment managem
er can be save
, send (system
or system bo
erver
tection
ment
Fi
LAN D
File Sh
DocDa
Print
Scan
Authentication Function
lf-Testing Function
anagement Function
perate/
isplay
digital multif
s an electroni
client PC on
mits an electr
e format.
icates a paper
unction
s an electroni
tion
ives an electr
box) without
e and Retriev
ment function
ed as an imag
m box docum
x.
LAN Data Protec
User
ile Server
Data Protection
hare Function
W
B
ata
Hardcopy
document
Out
Input Func
Fax
Copy
n Access Contro
Audit Log F
Trusted U
function mac
ic document i
paper.
ronic docume
r document by
c document g
ronic docume
being printed
al function
n of the adva
ge in the pers
ments only)), o
9
tion Function
Client PC
LAN Data Protection
Web
Browser
DocData
tput Func
Storage /
Retrieval
ol Function
Function
Sig
Ge
Hardcopy
document
Update
Printer
Driver
hine function
in a digital co
ent generated
y scanning an
generated by
ent via the PS
d.
nced box and
onal space of
or delete an el
SSD
Time Ser
Time Fun
TimeInfo
PSTN Fax-Network
Separation
SSD Encryption Fun
gnature Verification and
eneration Function
LAN Data Pr
ns.
omposite mac
d by scanning
nd printing th
scanning a pa
STN. When r
d the system b
f the advance
lectronic doc
D
Copyrig
rver
nction
nction
d
rotection
Docdata
chine or an el
a paper docu
he paper docu
aper documen
receiving a fa
box. A docum
d box. You c
ument stored
Date of Issue: 2
ght Canon Inc
Flow of data
FAX
PSTN
lectronic docu
ument to a fil
ument.
nt through the
fax, the file is
ment loaded b
can rename, re
d in your pers
2022/07/27
c. 2021
ument
e server
e PSTN.
s saved in
by a
etrieve
onal
The TOE h
– UI Fu
The ab
display
It also
brows
– Outpu
The ab
– Input
The ab
The TOE h
- User A
Perfor
require
remote
the pri
interna
previo
display
authen
authen
- Acces
Restric
- PSTN
To pre
- SSD E
A TO
TOE
cope
RAM
encry
unnec
- LAN D
To en
an ex
remot
embe
of the
- Signat
It has
comm
- Self-T
At bo
has the follow
unction
bility for the
y a screen on
o has a remot
er operation o
ut Function
bility of the T
Function
bility of TOE
has the follow
Authenticatio
rms authentic
es the user to
e UI, and con
inter driver be
al authenticat
ously assigned
yed by a spec
ntication fails
ntication.
s Control Fun
ct access to jo
Fax-Network
event the intru
Encryption Fu
OE built-in SS
built-in SSD
with the threa
M area of the
yption chip, a
cessary and e
Data Protecti
ncrypt LAN d
xternal device
te UI. The p
dded SSD an
e TOE and is
ture Verificat
s a function
munication of
Testing Functi
oot time, verif
wing general
e user to oper
n the operation
te UI function
of a client PC
TOE to print p
E to scan pape
wing security
n Function
ation on the u
o enter a user
nfirms that the
efore acceptin
tion to authen
d to the user.
cific characte
s, and a functi
nction
obs, electroni
k Separation
usion into a L
unction
SD is taken a
D is encrypted
at of reading
encryption c
and is manage
rased when th
on Function
data by IPSec
e and a remo
pre-shared k
nd protected.
erased when
tion and Gene
of verifying
f LAN data.
ion
fy firmware i
functions.
rate the TOE
n panel.
n for perform
C.
paper docume
er documents.
functions.
user, to preve
name and pa
e user is an au
ng a job from
nticate within
When authen
er. It has a fun
ion of automa
ic documents
LAN by limit
away and co
d by an encry
data recorded
chip when th
ed so as not
he power of t
c or TLS as a
ote UI, and T
ey and the
The key gen
the power of
eration Funct
g/generating a
ntegrity with
10
E using the o
ming TOE op
ents.
.
ent any unauth
ssword when
uthenticated u
m the printer d
n the TOE. Gi
ntication is pe
nction of restr
atically loggi
s, and features
ting the use o
nnected to an
yption chip b
d in the SSD.
he power of t
to be taken o
the TOE is tu
a sniffing cou
TLS is also av
server privat
nerated during
f the TOE is t
tion
a digital sign
h signature ve
operation pan
peration and m
horized acces
n operating fro
user. The use
driver. Verific
ive the authen
erformed, the
ricting access
ng out when
s based on ro
f a PSTN to a
nother body
built in the di
. The key use
the TOE is t
out to the out
urned off.
untermeasure
vailable whe
te key are e
g communica
turned off.
nature for ve
rification.
D
Copyrig
nel, and the a
management
ss to the TOE
om the opera
er name is aut
cation of user
nticated user
e inputted pas
s by a defined
no operation
ole.
a fax function
or a PC, and
igital multifu
ed for encrypt
turned on, an
tside. The en
e. IPsec is use
en an adminis
encrypted and
ation is gener
erifying the i
Date of Issue: 2
ght Canon Inc
ability for the
through a ne
E. User authen
ation panel or
thenticated th
r information
the privilege
ssword charac
d rule when
state continu
n.
d all data stor
unction devic
tion is genera
nd is used on
ncryption key
ed when conn
strator conne
d stored on
rated in the R
integrity of e
2022/07/27
c. 2021
e TOE to
etwork by
ntication
the
hrough
n supports
s
cter is
ues after
red in the
e body to
ated in the
nly in the
y becomes
necting to
ects to the
the TOE
RAM area
encrypted
- Audit
An au
of the
is rec
All sa
admin
comm
numb
new a
- Truste
When
digita
- Manag
User
functi
admin
1.5 Te
For terms u
Follow the
Ter
Abbrev
Multi-Func
Product (M
Control so
PDL
Control pa
Remote UI
SSD
Log Function
udit log is ge
e unit and the
orded using t
aved audit lo
nistrator cann
munication. T
ber of audit lo
audit log is re
ed Update Fun
n updating th
al signature in
gement Funct
management
ions for pro
nistrators only
erms and A
used in this S
e definition. D
rms /
viations
ction
MFP)
oftware
anel
I
n
nerated with
e operation of
the managem
ogs can only
not change th
There is a lim
ogs exceeds
etained.
nction
he TOE firmw
n order to con
tion
t functions f
operly opera
y
Abbreviatio
ST that are de
Definitions of
Ta
A machine
as copier, fa
facilitate su
Software th
It is a page
types. The p
description
One of the h
operation k
An interfac
allow the ac
operations,
administrato
A nonvolati
and protecte
the user nam
f the user can
ment function
be browsed
he audit log. T
mit on the nu
the maximum
ware, it has
nfirm that the
for registerin
ating variou
ns
efined in CC a
f other terms
ble 4 - Term
which incorp
ax, printer, an
uch capabilitie
hat runs on the
description la
print function
language and
hardware elem
eys, which pr
e that provide
cquisition of
and making v
ors.
ile storage de
ed assets are
11
me of the oper
n be audited, a
or the exact d
by the admi
The audit log
umber of aud
m number of
a function o
correct firmw
ng and delet
us security
and PP that a
are given in T
s and Abbr
D
porates the fu
nd Universal
es.
e hardware o
anguage expr
n converts pri
d prints the ge
ments of the
rovides the in
es access to th
operating sta
various settin
evice built int
stored.
rated user an
and is stored
date and time
nistrator via
g is stored in
dit logs in the
f retention, th
f verifying th
ware is used.
ting users an
functions, b
are claimed to
Table 4.
reviations
escription
unctionality of
Send, and co
f the device,
ressing print c
int data expre
enerated imag
MFP, consist
nterface for op
he MFP from
atus, perform j
ngs. This inter
to a digital mu
D
Copyrig
nd the set tim
in the TOE b
e synchronize
the remote U
an audit log
e TOE embe
he oldest aud
he firmware
nd roles and
both of whi
o be complian
f multiple dev
ontaining a lar
and controls
contents, and
essed in the co
ge on paper.
ting of a touc
peration of th
m a Web brow
job operation
rface is only
ultifunction d
Date of Issue: 2
ght Canon Inc
e so that the
built-in SSD.
d with the tim
UI. However
server using
edded SSD, a
it log is dele
by version d
d device man
ich are rest
nt in Section 2
vices in one,
rge capacity S
security func
d there are var
orresponding
ch panel and
he MFP.
wser via the L
ns or BOX
available to
device. Firmw
2022/07/27
c. 2021
operation
The time
me server.
r, even an
protected
and if the
eted and a
display or
nagement
tricted to
2,
such
SSD to
ctions.
rious
g page
LAN, to
ware
Ter
Abbrev
Roles
Administra
General us
Fax owner
Authentica
Jobs
Image file
Temporaly
Document
Mail Box
Advancesd
Firewall
Time serve
rms /
viations
ator
ser
r
ated users
y image file
t data
d Box
er
A user's per
associated w
In addition
custom role
The default
Administrat
The Admin
(administra
In this ST, a
U.ADMIN
U.NORMA
User assign
Equivalent
U.NORMA
General Us
A user who
among the U
from a Gen
All TOE-au
When a use
document, a
instructions
The operati
TX, Store, a
generation,
Image data
An image fi
unnecessary
User data p
Whether a g
printing fro
To provide
digital mult
document.
There is a p
*This TOE
Device or s
Internet.
Server that
Internet.
rmission used
with one role
to the predef
es that modify
t role has the
tor/Power Us
nistrator role i
ative permissi
a custom role
with the adm
AL without th
ned the Admin
to U.ADMIN
AL as defined
er role and th
o is authorized
U.NORMAL
eral User role
uthenticated u
er uses the fun
a Job is the in
s for processin
ions that can b
and Delete. T
execution, an
generated in
file that is gen
y when the jo
rocessed with
general user f
m a PC, data
an area for st
tifunction dev
private space
does not use
ystem design
uses the Netw
12
D
d by the acces
.
fined default r
y the access r
following rol
ser/General U
indicates the p
on).
e is defined ba
ministrative pe
e administrat
nistrator role
NISTRATOR
in PP. Belon
hat does not h
d by the admi
L defined in P
e and that doe
users, includin
nctions of the
ntended docu
ng those data
be performed
The processin
nd completio
the MFP by
nerated during
ob is complete
hin the MFP,
feeds data to
a can be stored
toring an elec
vice and capa
for each user
shared space
ned to protect
work Time Pr
escription
ss control fun
roles, it is pos
restrictions de
les
User/Limited U
permission to
ased on the A
ermission and
tive permissio
and has adm
R defined in th
ng to a custom
have administ
inistrator to a
PP. Belong to
es not have ad
ng administra
e TOE to exec
ument data co
a.
d on a docume
ng phases for
n.
reading, print
g a job, such
ed.
consisting of
the MFP dire
d here to be p
ctronic docum
able of printin
r and a shared
e.
t the internal L
rotocol to pro
D
Copyrig
nction and eac
ssible to crea
etermined by
User/Guest U
o use manage
Administrator
d the General
on.
ministrative pr
he PP.
m role that is c
trative privile
access the Fax
a custom role
dministrative
ators
cute an opera
mbined with
ent are: Scan
a Job issued b
ting, receivin
as copy/print
f image files
ectly, or speci
printed later.
ment read from
ng the stored
d space for all
LAN against
ovide the accu
Date of Issue: 2
ght Canon Inc
ch user is
ate new roles
the default ro
User
ement functio
r role to which
l User to whic
rivileges.
created from
eges.
x/I-Fax Inbox
e that is creat
e privileges.
ation on a
the user
n, Print, Copy
by the user ar
ng, etc.
t, and become
and print sett
ifies a docum
m a scanner i
electronic
l users to acc
threats from
urate time ov
2022/07/27
c. 2021
as
oles.
ns
h the
ch the
a
x
ted
, Fax
re:
es
ting.
ment for
in a
ess.
the
ver the
Ter
Abbrev
File server
Audit log s
[Print]
[Copy]
[Fax]
[Scan and
[Scan and
[Access St
[Fax/I-Fax
rms /
viations
r
server
Send]
Store]
tored Files]
x Inbox]
A file serve
control file
A server tha
protocol.
A button on
jobs.
A button on
A button on
A button on
function to
A button on
and save the
A button on
Box/Inbox.
A button on
documents
er that uses th
storage and a
at stores audi
n the control p
n the control p
n the control p
n an operation
send the load
n the control p
em to an adv
n the control p
n the operatio
saved in the s
13
D
he SMB proto
access
it log files tha
panel that act
panel that act
panel that act
n panel that lo
ded electronic
panel that act
anced box.
panel that allo
on panel that a
system box w
escription
ocol to share f
at TOE outpu
tivates the fun
tivates the Co
tivates the Fa
oads a paper
c document to
tivates the ab
ows the user
activates the
where receive
D
Copyrig
folders over t
uts over a LAN
nction to oper
opy function.
ax function.
document an
o a file server
ility to impor
to access file
function for o
ed fax docume
Date of Issue: 2
ght Canon Inc
the LAN and
N using the S
rate on-hold p
nd activates th
r.
rt paper docum
es stored in a
operating elec
ents are saved
2022/07/27
c. 2021
SMB
print
he
ments
Mail
ctronic
d.
2 Con
2.1 CC
This ST an
This ST co
-
-
2.2 PP
This ST an
-
-
2.3 SF
In this ST,
2.4 Co
The TOE c
Therefore,
- Required
P
- Condition
P
- Optional
I
nformance
C Conform
nd TOE claim
onforms to th
Common Cr
Common Cr
P claim, Pa
nd TOE claim
Title: P
V
Errata: P
FR Package
no package c
onformanc
conforms the
the TOE typ
d Uses
Printing, Scan
nally Mandat
PSTN faxing
Uses
Internal Audi
e claims
ance claim
m CC complia
e following C
riteria version
riteria confor
ckage claim
m exact confo
Protection Pro
Version: 1.0 d
Protection Pro
es
claims compl
e rationale
following re
pe is consisten
nning, Copyi
tory Uses
, Storage and
it Log Storag
ms
ance with bel
Common Crit
n: V
rmance: Pa
m
ormance to the
ofile for Hard
dated Septem
ofile for Hard
liance.
e
quirements d
nt with PP.
ng, Network
d retrieval, Fie
e
14
ow.
teria (CC).
Version 3.1 Re
art 2 extende
e following P
dcopy Device
mber 10, 2015
dcopy Device
defined in PP
communicati
eld-Replaceab
elease 5
d and Part 3 c
PP.
es
5
es - v1.0 Erra
and is Exact
ions, Admini
ble Nonvolat
D
Copyrig
conformant
ata #1, June 2
Conformanc
istration
tile Storage
Date of Issue: 2
ght Canon Inc
017
e as required
2022/07/27
c. 2021
by PP.
3 Secu
3.1 TO
TOE
Design
U.NORM
U.ADMIN
3.2 As
Two
Design
D.USER
D.TSF
3.2.1 U
User
Design
D.USER.D
D.USER.J
3.2.2 T
TSF
urity Prob
OE Users
E users are de
nation Ca
MAL No
N Ad
ssets
o asset classif
nation A
Us
TS
User Data
r data are cla
nation
DOC Us
JOB Us
TSF Data
F data are clas
blem Defin
efined in the f
ategory nam
ormal User
dministrator
fications are d
Asset catego
ser Data
SF Data
ssified into th
User Data
ser Document
ser Job Data
ssified into th
nition
following two
Table
me
A User
have an
A User
adminis
defined for as
Table
ory
Data c
the TS
Data c
of the
he following
Table 7
type
t Data In
h
In
P
he following t
15
o user catego
5 -TOE User
r who has be
n administrativ
r who has b
strative role
ssets.
e 6 - Assets
created by an
SF
created by an
TSF
two types.
7 - User Dat
nformation co
hardcopy form
nformation r
Processing Job
two types.
ories.
rs
Defin
een identified
ve role
been identifie
s
Defi
nd for Users t
nd for the TO
ta
D
ontained in a
m
related to a
b
D
Copyrig
nition
d and authen
ed and authe
inition
that do not a
OE that migh
efinition
a User's Docu
User's Docu
Date of Issue: 2
ght Canon Inc
nticated and
enticated and
affect the ope
ht affect the o
ument, in elec
ument or D
2022/07/27
c. 2021
does not
d has an
ration of
operation
ctronic or
Document
Design
D.TSF.PR
D.TSF.CO
TSF Data h
Type
D.TSF.PR
D.TSF.CO
nation
ROT Pro
ONF Co
handled in th
e TS
ROT User
Role
Lock
settin
Passw
polic
Auto
Time
Date/
settin
IPSec
TLS
Audi
expor
Time
settin
ONF Passw
SSD
key
Key S
LAN
Prote
Encry
Audi
TSF Data
otected TSF D
onfidential TS
his TOE are sh
Ta
SF Data
name
kout policy
ngs
word
y settings
Reset
e setting
/Time
ng
c settings
settings
t log
rt settings
e server
ng
word
encryption
Seed
N Data
ection
yption Key
t log
Table
type
Data T
d
se
SF Data T
w
m
hown below.
able 9 - Real
User identif
identificatio
Used by acc
functions tha
Settings for
of attempts b
Policy for t
such as m
characters, a
Timeout per
operation pa
logged out w
Specifies the
Settings for
Settings for
including th
LAN Data P
Configuratio
to external I
for synchro
external IT e
Password u
User Identif
Encryption k
The internal
used for AE
Encryption
function.
An operatio
logging faci
user name, r
16
e 8 - TSF Data
TSF Data for
data owner n
ecurity of the
TSF Data for
who is neithe
might affect th
lization of T
Descr
fication infor
n and authen
cess restrictio
at each user c
the lockout f
before lockou
the password
minimum pas
and combinat
riod before a
anel or the re
when the user
e date and tim
the LAN Dat
r the LAN D
he settings t
Protection fun
on informatio
T equipment
onizing TOE
equipment
used to authe
fication and A
key used for
l state of DR
S encryption
key used fo
onal record
ility. It inclu
result, operati
a
D
which altera
nor in an Ad
e TOE, but fo
which either
r the data ow
he security of
TSF Data
ription
rmation used
tication funct
n functions to
can use.
function, such
ut and the loc
d for user au
ssword leng
tion of charac
a user logged
mote UI is au
r is idle.
me that is set.
ta Protection
Data Protectio
o enable or
nction.
on for sendin
E time and
enticate the
Authentication
SSD encrypti
RBG and the
key generati
or LAN data
generated b
udes the dat
ion contents,
D
Copyrig
efinition
ation by a Us
dministrator r
or which discl
r disclosure o
wner nor in a
f the TOE
by the user
tion.
o restrict the
h as number
ckout time.
thentication,
th, allowed
cter types.
in from the
utomatically
function.
on function,
disable the
ng audit logs
date with
user in the
n function.
ion function
e seed value
on.
a protection
y the audit
te and time,
etc.
Date of Issue: 2
ght Canon Inc
ser who is ne
role might a
losure is acce
r alteration b
an Administr
Stored
SSD
SSD
SSD
SSD
SSD
RTC
SSD
SSD
SSD
SSD
SSD
RAM in th
encryption
FLASH me
in the encry
chip
SSD
SSD
2022/07/27
c. 2021
either the
affect the
eptable
by a User
rator role
d in
he
n chip
emory
yption
3.3 Th
Show
Designatio
T.UNAUT
T.TSF_CO
T.TSF_FA
T.UNAUT
T.NET_CO
3.4 Or
Show
Designat
P.AUTHO
P.AUDIT
P.COMMS
P.STORAG
P.KEY_M
P.FAX_FL
3.5 As
Show Assu
Assumptio
A.PHYSIC
A.NETWO
hreats
w threats in T
on
THORIZED_A
OMPROMISE
AILURE
THORIZED_U
OMPROMIS
rganization
w Organization
tion
ORIZATION
S_PROTECT
GE_ENCRY
MATERIAL
LOW
ssumptions
umptions in T
on
CAL
ORK
Table 10.
ACCESS
E
UPDATE
E
nal Security
nal Security P
Table
D
U
ad
Se
m
TION Th
YPTION If
Fi
da
C
co
N
m
th
If
be
s
Table 12.
Defini
Physic
stores
The O
public
Table
Definition
An attacker
or change (m
of the TOE'
An attacker
through one
A malfunctio
permitted to
An attacker
the TOE.
An attacker
security of t
y Policies
Policies in Ta
11- Organiz
Definition
Users must be
dministrative
ecurity-releva
must be protec
he TOE must
f the TOE sto
ield-Replacea
ata on those d
leartext keys
ontribute to th
Nonvolatile St
must be protec
hat storage de
f the TOE pro
etween the PS
Table 12
ition
cal security, c
or processes,
Operational En
c access to its
17
10 - Threat
may access (
modify or del
s interfaces.
may gain Un
e of the TOE's
on of the TSF
o operate.
may cause th
may access d
the TOE by m
able 11.
zational Secu
authorized b
functions.
ant activities
cted and trans
t be able to id
res User Doc
able Nonvola
devices.
, submasks, r
he creation of
torage of Use
cted from una
evice.
ovides a PSTN
STN fax line
- Assumpti
commensurat
, is assumed t
nvironment is
LAN interfa
s
(read, modify
lete) User Job
nauthorized A
s interfaces.
F may cause l
he installation
data in transit
monitoring or
urity Policies
efore perform
must be audi
smitted to an
dentify itself t
cument Data o
atile Storage D
random numb
f encryption k
er Document D
authorized acc
N fax functio
and the LAN
ions
e with the va
to be provide
s assumed to
ce.
D
Copyrig
, or delete) U
b Data in the
Access to TSF
loss of securi
n of unauthori
t or otherwise
r manipulating
s
ming Docume
ited and the lo
External IT E
to other devic
or Confidenti
Devices, it wi
bers, or any o
keys for Field
Data or Conf
cess and mus
n, it will ensu
N.
alue of the TO
ed by the envi
protect the T
Date of Issue: 2
ght Canon Inc
User Documen
TOE through
F Data in the T
ity if the TOE
ized software
e compromise
g
ent Processing
og of such ac
Entity.
ces on the LA
ial TSF Data
ill encrypt su
other values th
d-Replaceabl
fidential TSF
st not be store
ure separation
OE and the da
ironment.
TOE from dire
2022/07/27
c. 2021
nt Data
h one
TOE
E is
e on
e the
g and
ctions
AN.
on
uch
hat
e
Data
ed on
n
ata it
ect,
A.TRUSTE
A.TRAINE
ED_ADMIN
ED_USERS
N TOE A
securit
Autho
polici
Administrator
ty policies.
orized Users a
es.
18
rs are trusted
are trained to
to administe
use the TOE
D
Copyrig
r the TOE ac
E according to
Date of Issue: 2
ght Canon Inc
cording to sit
o site security
2022/07/27
c. 2021
te
y
4 Secu
4.1 Se
Show Secu
Desig
OE.PH
OE.NE
OE.AD
OE.US
OE.AD
urity Obje
ecurity Obj
urity Objectiv
Table 1
gnation
HYSICAL_PR
ETWORK_PR
DMIN_TRUS
SER_TRAIN
DMIN_TRAI
ectives
ectives for
ves for the Op
13- Security
ROTECTION
ROTECTION
ST
NING
INING
r the Opera
perational env
y Objectives
Definit
N The Ope
commen
or proce
N The Ope
protect t
The TO
not use t
The TO
security
The TO
site secu
manufac
protect p
19
ational env
vironment in
s for the Op
tion
erational Env
nsurate with t
esses.
erational Env
the TOE from
E Owner sha
their privileg
E Owner sha
y policies and
E Owner sha
urity policies
cturer's guida
passwords an
ironment
Table 13.
perational e
vironment sha
the value of th
vironment sha
m direct, publ
all establish tr
ges for malicio
all ensure that
have the com
all ensure that
and have the
ance to correc
nd keys accor
D
Copyrig
environmen
all provide ph
he TOE and t
all provide ne
lic access to i
rust that Adm
ous purposes
t Users are aw
mpetence to fo
t Administrat
e competence
ctly configure
rdingly.
Date of Issue: 2
ght Canon Inc
nｔ
hysical securi
the data it sto
etwork securi
ts LAN interf
ministrators w
.
ware of site
follow them.
ors are aware
to use
e the TOE and
2022/07/27
c. 2021
ity,
ores
ty to
face.
ill
e of
d
5 Exte
This ST de
in the PP s
5.1 FA
Family be
This family
External IT
Componen
FAU_STG
secure prot
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FAU_STG
Hiera
Depen
FAU_STG
using a tru
Rationale
The TSF is
non-TOE a
ability to a
that case. T
External IT
This exten
componen
5.2 FC
Family be
FAU
ended com
efines the foll
specified in S
AU_STG_EX
ehaviour:
y defines req
T Entity.
nt leveling:
G_EXT.1Ext
tocol.
ment:
wing actions c
he TSF shall
wing actions s
here are no au
G_EXT.1Ext
archical to:
ndencies:
G_EXT.1.1
usted channel
:
s required tha
audit server f
allow the adm
The Common
T Entity.
nded compone
nt.
CS_CKM_E
ehaviour:
U_STG_EXT
mponents
lowing securi
ection 2.2.
XT Exten
quirements for
ternal Audit T
could be cons
have the abil
should be aud
uditable even
tended: Prot
No othe
FAU_G
FTP_IT
The TSF sh
according to
at the transmi
for storage an
ministrator to
n Criteria doe
ent protects th
EXT Exten
T.1: Extended
definition
ity function r
nded: Exte
r the TSF to e
Trail Storage
sidered for the
ity to configu
ditable if FAU
nts foreseen.
tected Audit
er component
GEN.1 Aud
TC.1 Inte
hall be able t
FTP_ITC.1.
ission of gene
nd review of a
review these
es not provide
he audit recor
nded: Cryp
d: External Au
20
n
requirements.
ernal Audit
ensure that se
requires the
e managemen
ure the crypto
U_GEN Secu
Trail Storag
ts
dit data gener
er-TSF truste
to transmit the
erated audit d
audit records.
audit records
e a suitable SF
rds, and it is t
ptographic
udit Trail Sto
All of these
Trail Stora
ecure transmi
TSF to use a
nt functions i
ographic func
urity Audit Da
ge
ration,
d channel
e generated a
data to an Ext
. The storage
s is provided
FR for the tra
therefore plac
Key Manag
orage
D
Copyrig
extension com
age
ission of audi
trusted chann
n FMT:
ctionality.
ata Generatio
audit data to a
ternal IT Enti
of these audi
by the Opera
ansmission of
ced in the FA
gement
Date of Issue: 2
ght Canon Inc
mponents are
it data from T
nel implemen
n is included
an External IT
ity which reli
it records and
ational Enviro
f audit data to
AU class with
1
2022/07/27
c. 2021
e defined
TOE to an
nting a
d in the
T Entity
es on a
d the
onment in
o an
h a single
This family
intended fo
Componen
FCS_CKM
materials t
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
Rationale
Cryptograp
destroyed b
Cryptograp
This exten
therefore p
FCS_CKM
Hiera
Depen
FCS_CKM
cryptograp
Rationale
Cryptograp
destroyed b
Cryptograp
This exten
therefore p
5.3 FC
Family be
Componen
and a Secu
FCS_
y addresses th
or cryptograp
nt leveling:
M_EXT.4
that are no lon
ment:
wing actions c
here are no m
wing actions s
here are no au
:
phic Key Ma
by using an a
phic Key Ma
nded compone
placed in the F
M_EXT.4
archical to:
ndencies:
M_EXT.4.1
phic critical se
:
phic Key Ma
by using an a
phic Key Ma
nded compon
placed in the F
CS_HTTPS_
ehaviour:
nts in this fam
urity Adminis
_CKM_EXT.
he manageme
phic key destr
Crypto
nger needed a
could be cons
management a
should be aud
uditable even
terial Destruc
approved met
terial Destruc
ent protects th
FCS class wi
Exten
No othe
[FCS_C
FCS_C
FCS_C
The T
ecurity param
terial Destruc
approved met
terial Destruc
nent protects
FCS class wi
_EXT Exten
mily define re
strator. This f
.4 Extended:
ent aspects of
ruction.
ographic Key
are destroyed
sidered for the
actions forese
ditable if FAU
nts foreseen.
ction is to ens
thod, and the
ction.
he cryptograp
ith a single co
nded: Crypto
er component
CKM.1(a) C
KM.1(b) Cry
KM.4 Crypto
SF shall dest
meters when n
ction is to ens
thod, and the
ction.
s the cryptog
ith a single co
nded: HTTP
quirements fo
family describ
Cryptograph
21
f cryptograph
y Material De
d by using an
e managemen
een.
U_GEN Secu
sure the keys
Common Cri
phic key and
omponent.
ographic Key
ts
ryptographic
yptographic k
ographic key
troy all plaint
no longer nee
sure the keys
Common Cri
graphic key a
omponent.
PS selecte
for protecting
bes how HTT
ic Key Mater
hic keys. Espe
estruction ens
approved me
nt functions i
urity Audit Da
and key mat
iteria does no
key materials
y Material D
Key Generat
key generation
destruction
ext secret and
eded.
and key mat
iteria does no
and key mat
d
remote mana
TPS will be im
rial Destructio
D
Copyrig
ecially, this e
sures not only
ethod.
n FMT:
ata Generatio
erials that are
ot provide a s
s against expo
Destruction
tion (for asym
n (Symmetric
d private cryp
erials that are
ot provide a s
terials agains
agement sessi
mplemented.
on
Date of Issue: 2
ght Canon Inc
extended com
y keys but als
n is included
e no longer ne
uitable SFR f
osure, and it i
mmetric keys
c Keys)],
ptographic ke
e no longer ne
uitable SFR f
st exposure,
ions between
This is a new
4
2022/07/27
c. 2021
mponent is
o key
d in the
eeded are
for the
is
), or
eys and
eeded are
for the
and it is
n the TOE
w family
defined for
Componen
FCS_HTT
and suppor
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Fa
FCS_HTT
Hiera
Depen
FCS_HTT
FCS_HTT
Rationale
HTTPS is
SFR for th
This exten
therefore p
5.4 FC
Family be
This family
Componen
FCS_IPSE
Managem
The follow
 Th
Audit:
The follow
FCS_
FCS_
r the FCS Cla
nt leveling:
TPS_EXT.1
rts TLS.
ment:
wing actions c
here are no m
wing actions s
ailure of HTT
TPS_EXT.1
archical to:
ndencies:
TPS_EXT.1.
TPS_EXT.1.2
:
one of the se
he communica
nded compone
placed in the F
CS_IPSEC_
ehaviour:
y addresses r
nt leveling:
EC_EXT.1
ment:
wing actions c
here are no m
wing actions s
_HTTPS_EX
_IPSEC_EXT
ass.
HTTP
could be cons
management a
should be aud
TPS session e
Exten
No othe
FCS_TL
1 The T
2 The T
ecure commun
ation protoco
ent protects th
FCS class wi
_EXT Exten
requirements
IPsec
could be cons
management a
should be aud
XT.1 Extended
T.1 Extended
PS selected, re
sidered for the
actions forese
ditable if FAU
establishment
nded: HTTPS
er component
LS_EXT.1 E
SF shall impl
SF shall impl
nication proto
ols using cryp
he communic
ith a single co
nded: IPse
for protecting
requires that
sidered for the
actions forese
ditable if FAU
d: HTTPS sel
d: IPsec select
22
equires that H
e managemen
een.
U_GEN Secu
S selected
ts
Extended: TLS
lement the H
lement HTTP
ocols, and the
tographic alg
cation data us
omponent.
c selected
g communica
IPsec be imp
e managemen
een.
U_GEN Secu
lected
ted
HTTPS be im
nt functions i
urity Audit Da
S selected
TTPS protoc
PS using TLS
e Common C
gorithms.
sing cryptogra
ations using I
plemented as
nt functions i
urity Audit Da
D
Copyrig
mplemented ac
n FMT:
ata Generatio
ol that compl
S as specified
riteria does n
aphic algorith
Psec.
specified.
n FMT:
ata Generatio
Date of Issue: 2
ght Canon Inc
ccording to R
n is included
lies with RFC
d in FCS_TLS
not provide a
hms, and it is
n is included
1
1
2022/07/27
c. 2021
RFC 2818
d in the
C 2818.
S_EXT.1.
suitable
d in the
PP/ST:
 Fa
FCS_IPSE
Hiera
Depen
FCS_IPSE
FCS_IPSE
FCS_IPSE
that is othe
FCS_IPSE
using [sele
Secure Ha
Secure Ha
specified in
FCS_IPSE
Phase 1 ex
sequence n
functions,
traversal,
RFCs for h
FCS_IPSE
protocol u
[selection:
FCS_IPSE
FCS_IPSE
based on [
to: 24 hou
[selection:
hours for P
FCS_IPSE
(2048-bit M
(384-bit R
TOE], no o
FCS_IPSE
the [selecti
Rationale
IPsec is on
SFR for th
This exten
ailure to estab
EC_EXT.1
archical to:
ndencies:
EC_EXT.1.1
EC_EXT.1.2
EC_EXT.1.3
erwise unmat
EC_EXT.1.4
ection: the cr
ash Algorithm
ash Algorithm
n RFC 4106]
EC_EXT.1.5
xchanges,as d
numbers, RF
RFC 4868 fo
with mandat
hash function
EC_EXT.1.6
uses the crypt
AES-GCM-1
EC_EXT.1.7
EC_EXT.1.8
[selection: nu
rs for Phase
: number of p
Phase 1 SAs a
EC_EXT.1.9
MODP), and
Random ECP,
other DH gro
EC_EXT.1.1
ion: RSA, EC
:
ne of the secu
he communica
nded compone
blish an IPsec
Exten
No othe
FIA_PS
FCS_C
FCS_C
FCS_C
FCS_C
FCS_C
authent
FCS_R
Generat
1 The T
2 The T
3 The T
tched, and dis
4 The T
ryptographic
m (SHA)-base
m (SHA)-base
.
5 The T
defined in RF
FC 4304 for
or hash functi
tory support f
ns, RFC 4868
6 The T
tographic alg
128, AES-GC
7 The T
8 The T
umber of pack
1 SAs and 8
packets/numb
and 8 hours f
9 The T
d [selection: 2
, 5 (1536-bit
oups].
10 The T
CDSA] algorit
ure communic
ation protoco
ent protects th
c SA
nded: IPsec s
er component
SK_EXT.1 Ex
KM.1(a) Cry
OP.1(a) Cryp
OP.1(b) Cryp
OP.1(c) Cryp
OP.1(g) Cryp
tication)
RBG_EXT.1 E
tion)
SF shall impl
SF shall impl
TSF shall hav
scards it.
TSF shall im
algorithms A
ed HMAC, A
ed HMAC, AE
TSF shall imp
FCs 2407, 240
extended seq
ions]; IKEv2
for NAT trav
for hash func
TSF shall ens
gorithms AES
CM-256 as spe
SF shall ensu
TSF shall ens
kets/number o
hours for Ph
ber of bytes ;
for Phase 2 SA
TSF shall en
24 (2048-bit
t MODP)), [a
TSF shall ensu
thm and Pre-s
cation protoco
ols using cryp
he communic
23
selected
ts
xtended: Pre-
yptographic K
ptographic Op
ptographic Op
ptographic Op
ptographic Op
Extended: Cry
lement the IP
lement [selec
ve a nominal
mplement the
AES-CBC-12
AES-CBC-256
ES-GCM-128
lement the pr
08, 2409, RF
quence numb
as defined in
versal as spec
ctions]].
sure the encry
S-CBC-128,
ecified in RF
ure that IKEv
sure that [sel
of bytes; leng
hase 2 SAs]; I
length of tim
SAs]].
nsure that a
MODP with
assignment: o
ure that all IK
shared Keys.
ols, and the C
tographic alg
cation data us
-Shared Key
Key Generatio
peration (Sym
peration (for
peration (Has
peration (for
yptographic O
Psec architect
ction: tunnel m
, final entry
IPsec protoc
28 (as specifi
6 (as specifie
8 as specified
rotocol: [sele
FC 4109, [sele
bers], and [s
n RFCs 5996[
cified in sect
ypted payloa
AES-CBC-2
C 5282, no o
v1 Phase 1 exc
lection: IKEv
gth of time, w
IKEv1 SA life
me, where the
all IKE proto
h 256-bit PO
other DH gr
KE protocols
Common Crit
gorithms.
sing cryptogra
D
Copyrig
Composition
on (for asymm
mmetric encry
signature gen
sh Algorithm
keyed-hash m
Operation (Ra
ture as specifi
mode, transpo
in the SPD t
col ESP as d
fied by RFC 3
ed by RFC 3
d in RFC 41
ction: IKEv1,
ection: no oth
selection: no
[selection: wi
ion 2.23], an
d in the [sele
256 as specif
ther algorithm
changes use o
v2 SA lifetim
where the time
fetimes can be
e time values
ocols implem
OS), 19 (256-b
roups that ar
perform Peer
eria does not
aphic algorith
Date of Issue: 2
ght Canon Inc
n
metric keys)
yption/decryp
neration/verif
m)
message
andom Bit
fied in RFC 43
ort mode].
that matches
defined by R
3602) togeth
3602) togeth
06, AES-GCM
, using Main
her RFCs for
other RFCs
ith no suppor
nd [selection:
ection: IKEv1
fied in RFC
m].
only main mo
es can be es
e values can b
e established
s can be limit
ment DH G
bit Random E
re implemente
r Authenticat
provide a su
hms, and it is
2022/07/27
c. 2021
ption)
fication)
301.
anything
RFC 4303
her with a
er with a
M-256 as
Mode for
r extended
for hash
rt for NAT
: no other
1, IKEv2]
3602 and
ode.
stablished
be limited
d based on
ted to: 24
Groups 14
ECP), 20
ed by the
tion using
uitable
therefore p
5.5 FC
Family be
This family
secure the
Componen
FCS_KYC
of that cha
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FCS_KYC
Hiera
Depen
FCS_KYC
BEVor DE
following m
FCS_SMC
FCS_KDF
[selection:
Rationale
Key Chain
chain. How
layers of e
This exten
the FCS cl
5.6 FC
FCS_
placed in the F
CS_KYC_EX
ehaviour:
y provides th
protected dat
nt leveling:
C_EXT Key
ain.
ment:
wing actions c
here are no m
wing actions s
here are no au
C_EXT.1
archical to:
ndencies:
C_EXT.1.1
EK; intermed
method(s): [s
C_EXT.1, key
F_EXT.1, key
128 bits, 256
:
ning ensures t
wever, the Co
ncryption key
nded compone
lass with a sin
CS_RBG_E
_KYC_EXT
FCS class wi
XT Exten
he specificatio
ta encrypted o
y Chaining, r
could be cons
management a
should be aud
uditable even
Exten
No othe
[FCS_C
FCS_SM
FCS_C
FCS_K
and/or
FCS_C
The T
diate keys or
selection: key
y encryption
transport as
6 bits].
that the TSF m
ommon Criter
y to protect e
ent protects th
ngle compone
EXT Exten
Key Chainin
ith a single co
nded: Cryp
on to be used
on the storag
requires the T
sidered for the
actions forese
ditable if FAU
nts foreseen.
nded: Key Ch
er component
COP.1(e) Cry
MC_EXT.1 E
OP.1(i) Cryp
KDF_EXT.1 C
OP.1(f) Cryp
TSF shall mai
iginating fro
y wrapping as
n as specif
s specified in
maintains the
ria does not p
encrypted data
he TSF data u
ent.
nded: Cryp
ng
24
omponent.
ptographic
for using mu
e.
TSF to mainta
e managemen
een.
U_GEN Secu
haining
ts
yptographic o
Extended: Su
ptographic op
Cryptographic
ptographic op
ntain a key c
om one or mo
s specified in
fied in FCS
FCS_COP.1
e key chain, a
provide a suit
a.
using cryptog
ptographic
Operation
ultiple layers
ain a key chai
nt functions i
urity Audit Da
peration (Key
ubmask Comb
eration (Key
c Operation (
peration (Key
chain of: [sele
ore submask
n FCS_COP.1
S_COP.1(f),
1(i)]] while m
and also speci
able SFR for
graphic algori
Operation
D
Copyrig
(Key Chai
of encryption
in and specifi
n FMT:
ata Generatio
y Wrapping),
bining,
Transport),
(Key Derivati
Encryption)]
ection: one, u
k(s) to the BE
1(e), key com
key derivat
maintaining an
ifies the chara
the managem
ithms, and it
(Random
Date of Issue: 2
ght Canon Inc
ning)
n keys to ultim
ies the charac
n is included
,
ion),
].
using a subma
EV or DEK
mbining as sp
tion as spe
n effective st
acteristics of
ment of multi
is therefore p
Bit Genera
1
2022/07/27
c. 2021
mately
cteristics
d in the
ask as the
using the
pecified in
ecified in
trength of
that
ple
placed in
ation)
Family be
This family
selected st
Componen
FCS_RBG
with select
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Fa
FCS_RBG
Hiera
Depen
FCS_RBG
accordance
HMAC_DR
FCS_RBG
entropy fro
[assignmen
[selection:
18031:201
generate.
Rationale
Random b
does not pr
This exten
with a sing
5.7 FC
Family be
This family
submask b
Componen
FCS_
FCS_
ehaviour:
y defines req
andards and s
nt leveling:
G_EXT.1 Ran
ted standards
ment:
wing actions c
here are no m
wing actions s
ailure of HTT
G_EXT.1
archical to:
ndencies:
G_EXT.1.1
e with [selec
RBG (any), C
G_EXT.1.2
om [selection
nt: number o
128 bits, 256
11 Table C.1
:
its/number w
rovide a suita
nded compone
gle componen
CS_SMC_E
ehaviour:
y defines the
being used to
nt leveling:
_RBG_EXT.
_SMC_EXT.1
quirements for
seeded by an
ndom Bit Ge
and seeded b
could be cons
management a
should be aud
TPS session e
Exten
No othe
No dep
The T
ction: ISO/IEC
CTR_DRBG (A
The d
n: [assignme
of hardware-
6 bits] of entr
1 "Security s
will be used by
able SFR for
ent ensures th
nt.
EXT Exten
means by wh
derive or pro
1 Extended: R
Extended: Su
r random bit
entropy sour
neration requ
by an entropy
sidered for the
actions forese
ditable if FAU
establishment
nded: Random
er component
endencies.
TSF shall pe
C 18031:201
(AES)].
eterministic R
ent: number o
-based sourc
ropy at least
strength table
y the SFRs fo
the random b
he strength of
nded: Subm
hich submask
otect the BEV
Random Bit
ubmask Comb
25
generation to
rce.
uires random
y source.
e managemen
een.
U_GEN Secu
m Bit Gener
ts
erform all de
11, NIST SP
RBG shall be
of software-b
ces] hardwar
equal to the g
e for hash fu
or key genera
bit generation
f encryption k
mask Com
ks are combin
V.
Generation
bining
o ensure that i
bit generation
nt functions i
urity Audit Da
ration
eterministic r
800-90A] usi
e seeded by a
based sources
re-based nois
greatest secur
unctions", of
ation and dest
n.
keys, and it is
bining
ned, if the TO
D
Copyrig
it is performe
n to be perfor
n FMT:
ata Generatio
random bit g
ing [selection
an entropy so
s] software-b
se source(s)]
rity strength,
f the keys an
truction, and t
s therefore pla
OE supports m
Date of Issue: 2
ght Canon Inc
ed in accordan
rmed in accor
n is included
generation se
n: Hash_DRB
ource that acc
based noise s
] with a min
according to
nd hashes th
the Common
aced in the FC
more than one
1
1
2022/07/27
c. 2021
nce with
rdance
d in the
ervices in
BG (any),
cumulates
source(s),
nimum of
o ISO/IEC
hat it will
Criteria
CS class
e
FCS_SMC
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FCS_SMC
Hiera
Depen
FCS_SMC
exclusive O
Rationale
Submask C
This exten
the FCS cl
5.8 FC
Family be
This family
the server
Componen
FCS_TLS
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Fa
FCS_TLS
Hiera
Depen
FCS
C_EXT.1Sub
ment:
wing actions c
here are no m
wing actions s
here are no au
C_EXT.1Ext
archical to:
ndencies:
C_EXT.1.1
OR (XOR), S
:
Combining is
nded compone
lass with a sin
CS_TLS_EX
ehaviour:
y addresses th
using the TL
nt leveling:
S_EXT.1 TLS
ment:
wing actions c
here are no m
wing actions
ailure of TLS
S_EXT.1 Ext
archical to:
ndencies:
S_TLS_EXT.
bmask combi
could be cons
management a
should be aud
uditable even
tended: Subm
No othe
FCS_C
The T
SHA-256, SH
s to ensure the
ent protects t
ngle compone
XT Exten
he ability for
S protocol.
S selected, req
could be cons
management a
should be au
session estab
tended: TLS
No othe
FCS_C
FCS_C
1 Extended: T
ning requires
sidered for the
actions forese
ditable if FAU
nts foreseen.
mask Combi
er component
OP.1(c) Cryp
TSF shall co
HA-512] to ge
e TSF combin
the TSF data
ent.
nded: TLS
r a server and/
quires the TL
sidered for the
actions forese
uditable if FA
blishment
S selected
er component
KM.1(a) Cry
OP.1(a) Cryp
TLS selected
26
s the TSF to c
e managemen
een.
U_GEN Secu
ining
ts.
ptographic op
ombine subm
enerate an int
ne the subma
using crypto
selected
/or a client to
LS protocol im
e managemen
een.
AU_GEN Sec
ts
yptographic K
ptographic Op
d
combine the s
nt functions i
urity Audit Da
peration (Hash
masks using
ermediary ke
asks in order t
graphic algor
o use TLS to p
mplemented a
nt functions i
curity Audit D
Key Generatio
peration (Sym
D
Copyrig
submasks in a
n FMT:
ata Generatio
h Algorithm)
the followin
ey or BEV.
to derive or p
rithms, and it
protect data b
as specified.
n FMT:
Data Generat
on (for asymm
mmetric encry
Date of Issue: 2
ght Canon Inc
a predictable
n is included
) dependencie
ng method [
protect the BE
t is therefore
between a clie
tion is includ
metric keys)
yption/decryp
1
2022/07/27
c. 2021
fashion.
d in the
es.
selection:
EV.
placed in
ent and
ded in the
ption)
FCS_TLS
TLS 1.0 (R
Mandatory
• TLS_RS
Optional C
[selection:
• None
• TLS_RSA
• TLS_DH
• TLS_DH
• TLS_RSA
• TLS_RSA
• TLS_DH
• TLS_DH
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
• TLS_EC
].
Rationale
TLS is one
SFR for th
This exten
therefore p
S_EXT.1.1
RFC 2246), TL
y Ciphersuite
SA_WITH_A
Ciphersuites:
:
A_WITH_AE
HE_RSA_WIT
HE_RSA_WIT
A_WITH_AE
A_WITH_AE
HE_RSA_WIT
HE_RSA_WIT
CDHE_RSA_W
CDHE_RSA_W
CDHE_ECDSA
CDHE_ECDSA
CDHE_RSA_W
CDHE_RSA_W
CDHE_RSA_W
CDHE_RSA_W
CDHE_ECDSA
CDHE_ECDSA
CDHE_ECDSA
CDHE_ECDSA
:
e of the secur
he communica
nded compon
placed in the F
FCS_C
FCS_C
FCS_C
authent
FCS_R
Generat
The T
TLS 1.1 (RFC
es:
AES_128_CB
ES_256_CBC_
TH_AES_128_
TH_AES_256_
ES_128_CBC_
ES_256_CBC_
TH_AES_128_
TH_AES_256_
WITH_AES_1
WITH_AES_2
SA_WITH_AE
SA_WITH_AE
WITH_AES_1
WITH_AES_2
WITH_AES_1
WITH_AES_2
SA_WITH_AE
SA_WITH_AE
SA_WITH_AE
SA_WITH_AE
re communica
ation protoco
nent protects
FCS class wi
OP.1(b) Cryp
OP.1(c) Cryp
OP.1(g) Cryp
tication)
RBG_EXT.1 E
tion)
SF shall impl
4346), TLS 1
C_SHA
_SHA
_CBC_SHA
6_CBC_SHA
_SHA256
_ SHA256
_CBC_ SHA2
6_CBC_ SHA2
128_CBC_SH
256_CBC_SH
ES_128_CBC_
ES_256_CBC_
128_CBC_SH
256_CBC_SH
128_GCM_SH
256_GCM_SH
ES_128_GCM
ES_256_GCM
ES_128_CBC_
ES_256_CBC_
ation protoco
ols using cryp
s the comm
ith a single co
27
ptographic Op
ptographic Op
ptographic Op
Extended: Cry
lement one o
1.2 (RFC 524
256
256
HA
HA
C_SHA
C_SHA
HA256
HA384
HA256
HA384
M_SHA256
M_SHA384
C_SHA256
C_SHA384
ls, and the Co
tographic alg
munication da
omponent.
peration (for
peration (Has
peration (for
yptographic O
r more of the
46)] supportin
ommon Crite
gorithms.
ata using cry
D
Copyrig
signature gen
sh Algorithm
keyed-hash m
Operation (Ra
e following pr
ng the followi
eria does not p
yptographic
Date of Issue: 2
ght Canon Inc
neration/verif
m)
message
andom Bit
rotocols [sele
ing ciphersuit
provide a suit
algorithms,
2022/07/27
c. 2021
fication)
ection:
tes:
table
and it is
5.9 FD
Family be
This family
Componen
FDP_DSK
TSF and U
these data
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FDP_DSK
Hiera
Depen
FDP_DSK
FCS_COP
certified to
contains no
FDP_DSK
Rationale
Extended:
interventio
This exten
componen
5.10 FD
Family be
This family
connected.
Componen
FDP
DP_DSK_EX
ehaviour:
y is to manda
nt leveling:
K_EXT.1 Ext
User Data stor
in plaintext o
ment:
wing actions c
here are no m
wing actions
here are no au
K_EXT.1 Ext
archical to:
ndencies:
K_EXT.1.1
P.1(d), use a s
o conform to t
o plaintext U
K_EXT.1.2
:
Protection of
on, and the Co
nded compone
nt.
DP_FXS_EX
ehaviour:
y addresses th
.
nt leveling:
P_DSK_EXT
XT Exten
ate the encryp
tended: Prote
red on the Fie
on the devices
could be cons
management a
should be au
uditable even
tended: Prot
No othe
FCS_C
The T
self-encryptin
the FDE EE c
User Documen
The T
f Data on Dis
ommon Crite
ent protects t
XT Exten
he requireme
.1 Extended:
nded: Prote
ption of all pr
ection of Data
eld-Replaceab
s.
sidered for the
actions forese
uditable if FA
nts foreseen.
tection of Da
er component
OP.1(d) Cryp
SF shall [sele
ng Field-Repl
cPP] such tha
nt Data and no
SF shall encr
sk is to specif
eria does not p
the Data on D
nded: Fax S
ents for separa
Protection of
28
ection of D
rotected data
a on Disk, req
ble Nonvolati
e managemen
een.
AU_GEN Sec
ata on Disk
ts
ptographic op
ection: perfor
laceable Nonv
at any Field-R
o plaintext co
rypt all protec
fy that encryp
provide a suit
Disk, and it is
Separation
ation between
f Data on Dis
Data on Dis
written to the
quires the TSF
ile Storage D
nt functions i
curity Audit D
peration (AES
rm encryption
volatile Stora
Replaceable N
onfidential TS
cted data with
ption of any c
table SFR for
s therefore pla
n
n Fax PSTN l
sk
D
Copyrig
sk
e storage.
F to encrypt a
Devices in ord
n FMT:
Data Generat
S Data Encry
n in accordan
age Device th
Nonvolatile S
SF Data.
hout user inte
confidential d
r the Protectio
aced in the F
line and the L
Date of Issue: 2
ght Canon Inc
all the Confid
der to avoid st
tion is includ
yption/Decryp
nce with
hat is separate
Storage Devic
ervention.
data without u
on of Data on
DP class with
LAN to which
1
2022/07/27
c. 2021
dential
toring
ded in the
ption)
ely CC
ce
user
n Disk.
h a single
h TOE is
FDP_FXS
between a
Managem
The follow

Audit:
The follow
PP/ST:

FDP_FXS
Hiera
Depen
FDP_FXS
receiving U
Rationale
Fax Separa
provide a s
This exten
with a sing
5.11 FIA
Family be
This family
strong pass
Componen
FIA_PMG
requiremen
Managem
The follow
 Th
Audit:
The follow
PP/ST:
FDP
FIA_
S_EXT.1 Fax
PSTN and a
ment:
wing actions c
There are no
wing actions
There are no
S_EXT.1 Ext
archical to:
ndencies:
S_EXT.1.1
User Data usi
:
ation is to pro
suitable SFR
nded compon
gle componen
A_PMG_EX
ehaviour:
y defines req
swords and p
nt leveling:
G _EXT.1 Pa
nts, minimum
ment:
wing actions c
here are no m
wing actions
P_FXS_EXT.
_PMG _EXT
x Separation,
LAN to whic
could be cons
o managemen
should be au
o auditable ev
tended: Fax
No othe
No dep
The TSF sh
ing fax protoc
otect a LAN a
for the Prote
nent protects
nt.
XT Exten
quirements for
passphrases ca
assword mana
m lengths, ma
could be cons
management a
should be au
.1 Extended:
T.1 Extended:
requires the f
ch TOE is con
sidered for the
nt actions fore
uditable if FA
vents foreseen
separation
er component
endencies.
hall prohibit c
cols.
against attack
ction of TSF
the TSF Dat
nded: Pass
r the attribute
an be chosen
agement requ
aximum lifetim
sidered for the
actions forese
uditable if FA
Fax Separatio
: Password M
29
fax interface
nnected.
e managemen
eseen.
AU_GEN Sec
n.
ts
communicatio
k from PSTN
or User Data
ta or User Da
sword Man
es of passwor
and maintain
uires the TSF
me, and simil
e managemen
een.
AU_GEN Sec
on
Management
cannot be use
nt functions i
curity Audit D
on via the fax
line, and the
a.
ata, and it is
agement
rds used by ad
ned.
to support pa
larity constra
nt functions i
curity Audit D
D
Copyrig
ed to create a
n FMT:
Data Generat
x interface, ex
Common Cr
therefore pla
dministrative
asswords with
aints.
n FMT:
Data Generat
Date of Issue: 2
ght Canon Inc
a network brid
tion is includ
xcept transmi
riteria does no
aced in the F
e users to ensu
h varying com
tion is includ
1
1
2022/07/27
c. 2021
dge
ded in the
itting or
ot
FDP class
ure that
mposition
ded in the
 Th
FIA_PMG
Hiera
Depen
FIA_PMG
passwords
 P
n
 M
p
Rationale
Password M
the Comm
This exten
the FIA cla
5.12 FIA
Family be
This family
Componen
FIA_PSK_
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FIA_PSK_
Hiera
Depen
FIA_PSK
FIA_PSK_
 2
FIA_
here are no au
G _EXT.1
archical to:
ndencies:
G _EXT.1.1
:
Passwords sh
numbers, and
"(", ")", [assi
Minimum pa
passwords of
:
Management
mon Criteria d
nded compone
ass with a sin
A_PSK_EX
ehaviour:
y defines req
nt leveling:
K_EXT.1 Pre-
ment:
wing actions c
here are no m
wing actions
here are no au
K_EXT.1
archical to:
ndencies:
K_EXT.1.1
K_EXT.1.2
22 characters
_PSK_EXT.1
uditable even
Exten
No othe
No dep
The TSF s
hall be able to
d the followin
gnment: othe
assword length
f 15 character
t is to ensure t
oes not provi
ent protects t
ngle compone
XT Exten
quirements for
-Shared Key C
could be cons
management a
should be au
uditable even
Exten
No othe
FCS_R
Generat
The TSF sh
The TSF sh
s in length an
1 Extended: P
nts foreseen.
nded: Passwo
er component
endencies.
shall provide
o be compose
ng special cha
er characters]
h shall be set
rs or greater.
the strong au
ide a suitable
the TOE by m
ent.
nded: Pre-S
r the TSF to e
Composition
sidered for the
actions forese
uditable if FA
nts foreseen.
nded: Pre-Sh
er component
RBG_EXT.1 E
tion).
hall be able to
all be able to
d [selection:
Pre-Shared K
30
ord managem
ts
the following
ed of any com
aracters: [sele
]];
ttable by an A
uthentication b
SFR for the
means of pass
Shared Key
ensure the ab
, ensures auth
e managemen
een.
AU_GEN Sec
hared Key Co
ts
Extended: Cry
o use pre-shar
accept text-b
[assignment:
Key Composit
ment
g password m
mbination of u
ection: "!", "@
Administrator
between the e
Password Ma
sword manag
y Composi
ility to use pr
henticity and
nt functions i
curity Audit D
omposition
yptographic O
red keys for I
based pre-sha
other suppor
tion
D
Copyrig
management c
upper and low
@", "#", "$",
r, and have th
endpoints of c
anagement.
gement, and it
ition
re-shared key
access contro
n FMT:
Data Generat
Operation (Ra
Psec.
ared keys that
rted lengths],
Date of Issue: 2
ght Canon Inc
capabilities fo
wer case letter
"%", "^", "&
he capability t
communicati
t is therefore
ys for IPsec.
ol for updates
tion is includ
andom Bit
t are.
no other leng
1
2022/07/27
c. 2021
or User
rs,
&", "*",
to require
on, and
placed in
s.
ded in the
gths];
 c
(
FIA_PSK
SHA-256,
pre-shared
generator
Rationale
Pre-shared
and the Co
This exten
the FIA cla
5.13 FP
Family be
This family
nonvolatile
Componen
FPT_ KY
plaintext k
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FPT_ KY
Hiera
Depen
FPT_ KY
FCS_KYC
key on a d
Rationale
Protection
nonvolatile
key materi
This exten
componen
FPT
composed of
(that include:
K_EXT.1.3
SHA-512, [as
d keys; accep
specified in F
:
d Key Compo
ommon Criter
nded compon
ass with a sin
PT_KYP_EX
ehaviour:
y addresses th
e storage.
nt leveling:
P _EXT.1 Ex
key or key ma
ment:
wing actions c
here are no m
wing actions
here are no au
P _EXT.1
archical to:
ndencies:
YP _EXT.1.1
C_EXT.1 in a
evice that use
:
of Key and K
e storage, and
ial.
nded compon
nt.
T_ KYP _EXT
f any combina
: "!", "@", "#
The TSF sh
ssignment: m
t bit-based pr
FCS_RBG_EX
osition is to en
ria does not p
ent protects t
ngle compone
XT Exten
he requireme
xtended: Prot
aterials are wr
could be cons
management a
should be au
uditable even
Exten
No othe
No dep
The TSF
any Field-Rep
es the key for
Key Material
d the Commo
nent protects
T.1 Protection
ation of upper
#", "$", "%", "
hall condition
ethod of cond
re-shared key
XT.1].
nsure the stro
provide a suit
the TOE by m
ent.
nded: Prote
ents for keys a
tection of key
ritten to nonv
sidered for the
actions forese
uditable if FA
nts foreseen.
nded: Protect
er component
endencies.
shall not stor
placeable Non
r its encryptio
is to ensure t
on Criteria do
the TSF data
n of key and k
31
r and lower c
"^", "&", "*",
the text-base
ditioning text
ys; generate b
ong authentic
able SFR for
means of stro
ection of K
and key mate
y and key mat
volatile storag
e managemen
een.
AU_GEN Sec
tion of Key a
ts
re plaintext ke
nvolatile Stor
on.
that no plaint
oes not provid
a, and it is th
key material
case letters, nu
, "(", and ")")
ed pre-shared
t string]] and
bit-based pre
ation between
the Pre-share
ong authentic
Key and Ke
erials to be pr
terial, require
ge.
nt functions i
curity Audit D
and Key Mat
eys that are p
rage Device, a
text key or ke
de a suitable S
herefore plac
D
Copyrig
umbers, and s
).
d keys by usin
be able to [se
-shared keys
n the endpoin
ed Key Comp
cation, and it
y Material
rotected if and
es the TSF to
n FMT:
Data Generat
terial
part of the key
and not store
ey material ar
SFR for the p
ced in the FP
Date of Issue: 2
ght Canon Inc
special chara
ng [selection:
election: use
using the ran
nts of commu
position.
t is therefore
d when writte
ensure that n
tion is includ
ychain specifi
any such pla
re written to
protection of k
PT class with
1
2022/07/27
c. 2021
acters
SHA-1,
no other
ndom bit
unications,
placed in
en to
no
ded in the
fied by
aintext
key and
h a single
5.14 FP
Family be
This family
keys. This
Componen
FPT_SKP
keys from
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FPT_SKP
Hiera
Depen
FPT_SKP
keys.
Rationale
Protection
securely, a
This exten
therefore p
5.15 FP
Family be
This family
Componen
FPT_TST
demonstra
Managem
FPT
FPT
PT_SKP_EX
ehaviour:
y addresses th
is a new fam
nt leveling:
P_EXT.1 Pro
being read by
ment:
wing actions c
here are no m
wing actions
here are no au
P_EXT.1 Ext
archical to:
ndencies:
P_EXT.1.1
:
of TSF Data
and the Comm
nded compone
placed in the F
PT_TST_EX
ehaviour:
y addresses th
nt leveling:
T_EXT.1 TSF
ate correct ope
ment:
T_SKP_EXT.
T_TST_EXT.
XT Exten
he requireme
mily modelled
tection of TS
y any user or
could be cons
management a
should be au
uditable even
tended: Exte
No othe
No dep
The TSF sh
a is to ensure t
mon Criteria d
ent protects th
FPT class wi
XT Exten
he requireme
F testing requ
eration of the
1 Extended: P
1 Extended: T
nded: Prote
ents for mana
d as the FPT C
SF Data (for r
r subject. It is
sidered for the
actions forese
uditable if FA
nts foreseen.
ended: Prote
er component
endencies.
hall prevent r
the pre-share
does not prov
he TOE by m
th a single co
nded: TSF
ents for self-te
uires a suite o
e TSF.
Protection of
TSF testing
32
ection of T
ging and prot
Class.
reading all sym
the only com
e managemen
een.
AU_GEN Sec
ection of TSF
ts
eading of all
ed keys, symm
vide a suitable
means of stron
omponent.
testing
esting the TS
f self-testing
f TSF Data
TSF Data
tecting the TS
mmetric keys
mponent of th
nt functions i
curity Audit D
F Data
pre-shared ke
metric keys an
e SFR for the
ng authenticat
F for selected
to be run dur
D
Copyrig
SF data, such
s), requires pr
his family.
n FMT:
Data Generat
eys, symmetr
nd private key
e protection o
tion using Pr
d correct oper
ring initial sta
Date of Issue: 2
ght Canon Inc
h as cryptogra
reventing sym
tion is includ
ric keys, and
ys are protect
of such TSF d
e-shared Key
ration.
art-up in orde
1
1
2022/07/27
c. 2021
aphic
mmetric
ded in the
private
ted
data.
y, and it is
er to
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FPT_TST
Hiera
Depen
FPT_TST
demonstra
Rationale
TSF testin
suitable SF
This exten
componen
5.16 FP
Family be
This family
firmware/s
Componen
FPT_TUD
Managem
The follow
 Th
Audit:
The follow
PP/ST:
 Th
FPT_TUD
FPT_TUD
Hiera
FPT
wing actions c
here are no m
wing actions
here are no au
T_EXT.1 Ext
archical to:
ndencies:
T_EXT.1.1
ate the correct
:
g is to ensure
FR for the TS
nded compon
nt.
PT_TUD_EX
ehaviour:
y defines req
software, and
nt leveling:
D_EXT.1 Tru
ment:
wing actions c
here are no m
wing actions
here are no au
D_EXT.1 Tru
Hiera
Depen
D_EXT.1 Tru
archical to:
T_TUD_EXT
could be cons
management a
should be au
uditable even
tended: TSF
No othe
No dep
The TSF sh
t operation of
e the TSF can
SF testing. In
nent protects
XT Exten
quirements for
d that such firm
usted Update,
could be cons
management a
should be au
uditable even
usted Update
archical to:
ndencies:
usted Update
No othe
.1 Extended:
sidered for the
actions forese
uditable if FA
nts foreseen.
testing
er component
endencies.
hall run a suit
f the TSF.
n be operated
particular, th
s the TOE, a
nded: Trus
r the TSF to e
mware/softw
, ensures auth
sidered for the
actions forese
uditable if FA
nts foreseen.
e
No oth
FCS_C
genera
FCS_C
e
er component
Trusted Upd
33
e managemen
een.
AU_GEN Sec
ts
te of self-tests
correctly, an
here is no SFR
and it is the
sted Update
ensure that on
ware is authent
henticity and
e managemen
een.
AU_GEN Sec
her componen
COP.1(b) Cry
ation/verifica
COP.1(c) Cry
ts
date
nt functions i
curity Audit D
s during initia
nd the Commo
R defined for
erefore placed
e
nly administr
tic.
access contro
nt functions i
curity Audit D
nts
yptographic O
ation),
yptographic o
D
Copyrig
n FMT:
Data Generat
al start-up (an
on Criteria do
TSF testing.
d in the FPT
rators can upd
ol for updates
n FMT:
Data Generat
Operation (fo
operation (Ha
Date of Issue: 2
ght Canon Inc
tion is includ
nd power on)
oes not provid
T class with
date the TOE
s.
tion is includ
or signature
ash Algorithm
1
2022/07/27
c. 2021
ded in the
to
de a
h a single
ded in the
m).
Depen
FPT_TUD
version of
FPT_TUD
TOE firmw
FPT_TUD
using a dig
those upda
Rationale
Firmware/
manageme
This exten
componen
ndencies:
D_EXT.1.1
the TOE firm
D_EXT.1.2
ware/software
D_EXT.1.3
gital signature
ates.
:
/software is a
ent of firmwa
nded compon
nt.
FCS_C
FCS_C
The TSF sh
mware/softwa
The TSF sh
e.
The TSF sh
e mechanism
form of TSF
are/software. I
nent protects
OP.1(b) Cryp
OP.1(c) Cryp
hall provide a
are.
hall provide a
hall provide a
and [selectio
F Data, and th
In particular,
s the TOE, a
34
ptographic Op
ptographic op
authorized ad
authorized ad
a means to ve
on: published
he Common C
there is no S
and it is the
peration (for
peration (Hash
dministrators
dministrators
erify firmwar
d hash, no oth
Criteria does n
SFR defined f
erefore placed
D
Copyrig
signature gen
h Algorithm)
the ability to
the ability to
re/software up
er functions]
not provide a
for importing
d in the FPT
Date of Issue: 2
ght Canon Inc
neration/verif
).
query the cu
initiate upda
pdates to the
prior to insta
a suitable SFR
TSF Data.
T class with
2022/07/27
c. 2021
fication),
urrent
ates to
TOE
alling
R for the
h a single
6 SEC
6.1 No
- Bold typ
to the origi
- Italic typ
- Bold itali
PP and ind
- [] indicat
in this ST
- A charac
defined in
6.2 Se
6.2.1 C
FAU_GE
FAU_GEN
FAU_GEN
CURITY RE
otation
peface indicat
inal SFR defi
eface indicat
ic typeface in
dicates the tex
tes the portio
is shown afte
cter in (), for
HCD PP. To
ecurity func
Class FAU
EN.1 Audi
Hierar
Depen
N.1.1 The TS
a)
b)
c)
[assign
–
N.1.2 The TS
a)
b)
[assign
–
EQUIREME
tes the portio
inition in Com
es the text wi
ndicates the p
xt within an S
on indicating
er the [] part i
r example, an
o repeat furthe
ctional req
: Security A
t data gen
rchical to:
ndencies:
SF shall be ab
Start-up and s
All auditable
All auditable
auditable eve
nment: other s
None
SF shall recor
Date and time
(success or fa
For each audi
components i
[assignment:
nment: other a
None
ENTS
on of an SFR
mmon Criteri
ithin an SFR
portion of an S
SFR that mus
"Assignment
is extracted af
n SFR compo
er in ST, defi
uirements
Audit
eration
No oth
FPT_S
ble to generate
shutdown of t
events for the
e events speci
ents].
specifically de
rd within each
e of the event
ailure) of the e
it event type, b
included in th
other audit re
audit relevant
Table 14 - A
35
that has been
ia Part 2 or to
that must be
SFR that has
t be selected
t" or "Selecti
fter the text.
onent follow
ne as (a) (ssd
her componen
STM.1 Reliab
e an audit reco
the audit funct
e not specified
ified in Table
efined auditab
h audit record
, type of even
event; and
based on the a
e PP/ST, addi
elevant inform
t information]
Auditable E
n "completed
o its Extended
selected and/
been partiall
and/or comp
ion". The resu
ed by (a) and
d).
nts.
le time stamp
ord of the follo
tions;
d level of aud
e 14, [assignm
ble events].
at least the fol
nt, subject iden
auditable even
itional inform
mation].
Events
D
Copyrig
d" or "refined
d Component
/or completed
y "completed
leted in this S
ult of "Assig
d (b), indicat
s
owing auditab
dit; and
ment: other spe
llowing inform
ntity (if applic
nt definitions o
mation specifi
Date of Issue: 2
ght Canon Inc
d" in HCD PP
t Definition.
d in this ST.
d" or "refined
ST.
gnment" or "S
tes that repet
ble events:
ecifically defin
mation:
cable), and the
of the function
fied in Table 1
2022/07/27
c. 2021
P, relative
d" in HCD
Selection"
tition was
ned
e outcome
nal
14,
FAU_GE
FAU_GEN
FAU_SA
FAU_SAR
FAU_SAR
FAU_SA
FAU_SAR
Audit
Job co
Unsuc
Unsuc
Use o
Modi
are pa
Chang
Failur
EN.2 User
Hierar
Depen
N.2.1 For au
auditab
AR.1 Audi
Hierar
Depen
R.1.1 The TS
from th
[assign
–
R.1.2 The TS
inform
AR.2 Rest
Hierar
Depen
R.2.1 The TS
table event
ompletion
ccessful User
ccessful User
of managemen
fication to the
art of a role
ges to the time
re to establish
r identity a
rchical to:
ndencies:
udit events resu
ble event with
t review
rchical to:
ndencies:
SF shall provi
he audit recor
nment: an Ad
U. ADMIN
SF shall provi
mation.
ricted aud
rchical to:
ndencies:
SF shall prohi
authentication
identification
nt functions
e group of Use
e
h session
ssociation
No oth
FAU_
FIA_U
ulting from ac
h the identity o
No oth
FAU_
ide [assignmen
rds.
dministrator]
N
ide the audit r
dit review
No oth
FAU_
ibit all users re
36
Rel
FDP
n FIA
n FIA
FM
ers that FM
FPT
FTP
FTP
FTP
n
her componen
_GEN.1 A
UID.1 T
ctions of ident
of the user tha
her componen
_GEN.1 A
nt: an Admin
ecords in a ma
her componen
_SAR.1 A
ead access to
levant SFR
P_ACF.1
A_UAU.1
A_UID.1
MT_SMF.1
MT_SMR.1
T_STM.1
P_ITC.1,
P_TRP.1(a),
P_TRP.1(b)
nts
Audit data gene
iming of iden
tified users, th
at caused the e
nts.
Audit data gene
istrator] with
anner suitable
nts
Audit review
the audit reco
D
Copyrig
eration
ntification
he TSF shall b
event.
eration
the capability
e for the user t
ords, except th
Date of Issue: 2
ght Canon Inc
Additional
informatio
Type of job
None
None
None
None
None
Reason for
be able to asso
y to read all re
to interpret the
hose users that
2022/07/27
c. 2021
l
n
b
failure
ociate each
ecords
e
t have
FAU_ST
FAU_STG
FAU_STG
FAU_ST
FAU_STG
FAU_ST
FAU_STG
6.2.2 C
Th
6.2.3 C
FCS_CK
been g
TG.1 Prote
Hierar
Depen
G.1.1 The TS
G.1.2 The TS
audit tr
TG.4 Preve
Hierar
Depen
G.4.1 Refinem
taken b
and [as
full.
[select
with
–
[assign
–
TG_EXT.1
Hierar
Depen
G_EXT.1.1
using a
Class FCO
here are no cl
Class FCS
KM.1(a)
Hierar
Depen
granted explici
ected audi
rchical to:
ndencies:
SF shall prote
SF shall be ab
rail.
ention of a
rchical to:
ndencies:
ment: The TS
by the authori
ssignment: oth
tion, choose o
h special rights
"overwrite
nment: other a
None
Exten
rchical to:
ndencies:
The TS
a trusted chan
O: Commun
lass FCO req
: Cryptogra
Cryp
rchical to:
ndencies:
it read-access
t trail stor
No oth
FAU_
ect the stored a
ble to prevent
audit data
FAU_
FAU_
SF shall [selec
ised user with
her actions to
one of: "preven
s", "overwrite
e the oldest st
actions to be t
nded: Exte
No oth
FAU_
FTP_I
SF shall be ab
nnel according
nication
quirements.
aphic Supp
ptographic
No oth
[FCS_C
FCS_C
verifica
FCS_C
37
.
rage
her componen
_GEN.1 A
audit records i
t unauthorised
loss
_STG.3 A
_STG.1 Pr
ction, choose
special rights
be taken in c
nt audited eve
e the oldest sto
tored audit rec
taken in case o
ernal Audi
her componen
_GEN.1 A
ITC.1 In
ble to transmit
g to FTP_ITC.
port
Key Gene
er component
CKM.2 Crypt
COP.1(b) Cryp
ation),
COP.1(i) Cryp
nts
Audit data gene
in the audit tra
d modification
Action in case o
rotected audit
one of: "preve
s", "overwrite
ase of audit st
ents, except th
ored audit rec
cords"
of audit storag
t Trail Sto
nts
Audit data gene
nter-TSF trust
t the generated
1.
eration (for
ts.
tographic key
ptographic Op
tographic ope
D
Copyrig
eration
ail from unaut
ns to the stored
of possible au
trail storage
ent audited ev
e the oldest sto
torage failure
hose taken by t
cords"]
ge failure]
rage
eration,
ted channel.
d audit data to
r asymmet
distribution, o
peration (for si
eration (Key T
Date of Issue: 2
ght Canon Inc
thorised deleti
d audit records
udit data loss
vents, except t
ored audit rec
e] if the audit t
the authorised
o an External I
tric keys)
or
ignature gener
Transport)]
2022/07/27
c. 2021
ion.
s in the
those
cords"]
trail is
d user
IT Entity
ration/
FCS_CKM
M.1.1(a) Refin
establi



] and
stren
[select



]



[select
–
nement:
ishment in ac
NIST Specia
Establishmen
key establish
NIST Specia
Establishmen
curve-based k
and [selection
Signature Sta
NIST Specia
Establishmen
establishmen
specified cry
ngth of 112 b
tion:
NIST Specia
Establishmen
key establish
NIST Specia
Establishmen
curve-based k
and [selection
Signature Sta
NIST Specia
Establishmen
establishmen
NIST Spec
Establishme
field-based k
NIST Spec
Establishme
curve-based
P-384 and
"Digital Sign
NIST Spec
Establishme
key establish
tion: P-521, n
no other cu
FCS_C
Destruc
The TSF
ccordance with
l Publication
nt Schemes U
ment schemes
l Publication
nt Schemes U
key establishm
n: P-521, no o
andard")
l Publication
nt Schemes U
nt schemes
yptographic k
bits.
l Publication
nt Schemes U
ment schemes
l Publication
nt Schemes U
key establishm
n: P-521, no o
andard")
l Publication
nt Schemes U
nt schemes
cial Publica
ent Schemes
key establishm
cial Publica
ent Schemes
d key establis
[selection: P
nature Standa
cial Publica
ent Schemes
hment schem
no other curve
urves
38
CKM_EXT.4 E
ction
shall generate
h [selection:
800-56A, "R
Using Discrete
s;
800-56A, "R
Using Discrete
ment schemes
other curves]
800-56B, "R
Using Integer F
key sizes equiv
800-56A, "R
Using Discrete
s;
800-56A, "R
Using Discrete
ment schemes
other curves]
800-56B, "R
Using Integer F
ation 800-56
s Using Di
ment scheme
ation 800-56
Using Dis
shment schem
P-521, no oth
ard")
ation 800-56
Using Intege
mes
es]
Extended: Cry
e asymmetric
Recommendati
e Logarithm C
Recommendati
e Logarithm C
s and impleme
] (as defined in
Recommendati
Factorization
valent to, or
Recommendati
e Logarithm C
Recommendati
e Logarithm C
s and impleme
] (as defined in
Recommendati
Factorization
6A, "Recom
iscrete Loga
es;
6A, "Recom
screte Logar
mes and imp
her curves]
6B, "Recom
er Factorizati
D
Copyrig
yptographic K
c cryptographi
ion for Pair-W
Cryptography
ion for Pair-W
Cryptography
enting "NIST
n FIPS PUB
ion for Pair-W
n Cryptograph
greater than,
ion for Pair-W
Cryptography
ion for Pair-W
Cryptography
enting "NIST
n FIPS PUB
ion for Pair-W
n Cryptograph
mmendation
arithm Cryp
mmendation
rithm Crypto
plementing "
(as defined
mmendation
ion Cryptogr
Date of Issue: 2
ght Canon Inc
Key Material
ic keys used f
Wise Key
" for finite fie
Wise Key
" for elliptic
T curves" P-2
186-4, "Digit
Wise Key
hy" for RSA-b
, a symmetric
Wise Key
" for finite fie
Wise Key
" for elliptic
T curves" P-2
186-4, "Digit
Wise Key
hy" for RSA-b
for Pair-W
ptography" f
for Pair-W
ography" fo
"NIST curve
in FIPS PU
for Pair-W
raphy" for R
2022/07/27
c. 2021
for key
eld-based
256, P-384
tal
based key
c key
eld-based
256, P-384
tal
based key
Wise Key
for finite
Wise Key
r elliptic
s" P-256,
UB 186-4,
Wise Key
SA-based
FCS_CK
FCS_CKM
FCS_CK
FCS_CKM
FCS_CK
FCS_CKM
KM.1(b)
Hierar
Depen
M.1.1(b) Refin
Bit Ge
[select
[select
–
KM_EXT.4
Hierar
Depen
M_EXT.4.1
crypto
KM.4
Hierar
Depend
M.4.1 Refinem
crypto
For v
[assig
For n
Cryp
rchical to:
ndencies:
nement:
enerator as sp
tion: 128 bit, 2
tion: 128 bit,
128 bit, 25
Exten
rchical to:
ndencies:
The TS
graphic critica
Cryp
rchical to:
dencies:
ment:
graphic key d
volatile memo
gnment: othe
nonvolatile st
ptographic
No oth
[FCS_
FCS_C
encryp
FCS_C
Encryp
FCS_C
FCS_C
FCS_C
authen
FCS_C
authen
FCS_C
Destru
FCS_R
Genera
The TSF
pecified in FC
256 bit] that m
256 bit]
56 bit
nded: Cryp
No oth
[FCS_C
keys), o
FCS_C
FCS_C
SF shall destro
al security par
ptographic
No oth
[FCS_C
keys), o
FCS_C
The TSF
destruction me
ory, the destru
er mechanism
torage, the des
39
key gener
her componen
_CKM.2 Cryp
COP.1(a) Cryp
ption/decryptio
COP.1(d) Cry
ption/Decrypt
COP.1(e) Cryp
COP.1(f) Cryp
COP.1(g) Cry
ntication)
COP.1(h) Cry
ntication)]
CKM_EXT.4
uction
RBG_EXT.1 E
ation)
shall generate
CS_RBG_EX
meet the follo
ptographic
er component
CKM.1(a) Cry
or
CKM.1(b) Cry
CKM.4 Crypto
oy all plaintex
rameters when
key destr
er component
CKM.1(a) Cry
or
CKM.1(b) Cry
shall destroy
ethod [selectio
uction shall be
that ensures
struction shal
ration (Sym
nts.
tographic key
ptographic Op
on)
yptographic Op
tion)
ptographic Op
ptographic op
yptographic Op
yptographic Op
Extended: Cr
Extended: Cry
e symmetric c
XT.1 and spec
owing: No St
c Key Mate
ts.
yptographic K
yptographic ke
ographic key d
xt secret and p
n no longer ne
uction
ts.
yptographic K
yptographic ke
cryptographic
on:
e executed by
keys are dest
ll be executed
D
Copyrig
mmetric K
y distribution,
peration (Sym
peration (AES
peration (Key
eration (Key E
peration (for k
peration (for k
ryptographic K
yptographic O
cryptographic
cified cryptog
andard.
erial Destr
Key Generation
ey generation
destruction
private cryptog
eeded.
Key Generation
ey generation
c keys in acco
y [selection: po
troyed]].
d by a [selectio
Date of Issue: 2
ght Canon Inc
Keys)
or
mmetric
S Data
Wrapping)
Encryption)
keyed-hash m
keyed-hash m
Key Material
Operation (Ran
keys using a
graphic key s
ruction
n (for asymm
(Symmetric K
graphic keys a
n (for asymm
(Symmetric K
rdance with a
owering off a
on: single, thr
2022/07/27
c. 2021
essage
essage
ndom Bit
Random
izes
etric
Keys)],
and
etric
Keys)]
a specified
a device,
ree or
FCS_CO
FCS_COP
more
patte
by a [
proce
] that m
[select
For vo
[assi
For no
mor
rand
follo
fails
]
–
–
[sele
destr
–
[select
–
[select
a sta
[select
–
[select
–
OP.1(a) Cry
Hierar
Depen
P.1.1(a) Refin
specifi
crypto
e times] overw
ern using the T
[selection: rea
ess shall be re
meets the foll
tion:
olatile memo
ignment: oth
onvolatile sto
re times] overw
dom pattern u
owed by a [se
s, the process
For volatil
device, [as
For nonvo
three or m
a pseudo r
a static pat
the overwr
ction: poweri
royed]]
powering o
tion: single, t
single
tion: a pseudo
atic pattern]
– a st
tion: read-ver
none
tion: NIST SP
no standard
yptograph
rchical to:
ndencies:
ement:
ied cryptograp
graphic key si
write of key da
TSF's RBG (a
ad-verify, non
epeated again
owing: [select
ry, the destru
er mechanism
orage, the des
write of key d
using the TSF
election: read-
shall be repe
le memory, th
ssignment: oth
olatile storage
more times] ov
random patter
ttern], follow
ritten data fai
ing off a devic
off a device
three or more
do random pat
atic pattern
rify, none]
P800-88, no s
d
hic Operati
No oth
[FDP_I
FDP_IT
FCS_C
FCS_C
Destruc
The TSF
phic algorithm
izes 128-bits
40
ata storage loc
(as specified in
ne]. If read-ve
n;
tion: NIST SP
uction shall b
m that ensures
struction shal
data storage
F's RBG (as sp
-verify, none]
eated again;
he destruction
her mechanis
e, the destruc
verwrite of ke
rn using the T
wed by a [sele
ils, the proces
ce, [assignme
times]
ttern using th
standard]
ion (Symm
er component
ITC.1 Import
TC.2 Import o
CKM.1(b) Cry
CKM_EXT.4 E
ction
shall perform
m AES operat
and 256-bits
cation consist
n FCS_RBG_
erification of
P800-88, no s
be executed b
s keys are des
ll be executed
location cons
pecified in FC
. If read-veri
n shall be exe
sm that ensur
ction shall be
ey data storag
TSF's RBG (a
ection: read-v
ss shall be rep
ent: other mec
e TSF's RBG
metric encr
ts.
of user data w
of user data w
yptographic ke
Extended: Cry
m encryption a
ting in [assign
that meets the
D
Copyrig
ting of [select
_EXT.1), a sta
the overwritte
standard].
y [selection: p
stroyed]].
d by a [selecti
sisting of [sele
CS_RBG_EX
ification of th
ecuted by [sel
es keys are d
e executed b
ge location co
as specified i
verify, none].
peated again;
chanism that
G (as specified
ryption/dec
without securit
with security at
ey generation
yptographic K
and decryptio
nment: one or
e following:
Date of Issue: 2
ght Canon Inc
tion: a pseudo
atic pattern], f
en data fails,
powering off
ion: single, th
ection: a pseu
XT.1), a static p
he overwritte
lection: powe
destroyed]].
by a [selectio
onsisting of [
in FCS_RBG
If read-verif
ensures keys
d in FCS_RBG
cryption)
ty attributes, o
ttributes, or
(Symmetric K
Key Material
on in accordan
r more modes
2022/07/27
c. 2021
o random
followed
the
f a device,
hree or
udo
pattern],
n data
ering off a
on: single,
selection:
G_EXT.1),
fication of
are
G_EXT.1),
or
Keys)]
nce with a
] and
FCS_CO
FCS_COP


[assig
–
[Selec
–
OP.1(b) (up
gene
Hierar
Depen
P.1.1(b) (upda
with a



that m
C
C
C
]
[selec

FIPS PUB 19
[Selection: N
800-38D]
gnment: one
CBC, GCM
ction: NIST S
NIST SP 8
pdate)
eration/ver
rchical to:
ndencies:
ate) Refineme
[selection:
Digital Signa
or greater],
RSA Digital S
2048 bits or g
Elliptic Curv
bits or greate
meets the follow
Case: Digital S
 F
Case: RSA Dig
 F
Case: Elliptic
 F
 T
n
S
ction:
Digital Signa
97, "Advance
NIST SP 800-3
or more mod
M
SP 800-38A, N
800-38A, NIS
Crypto
rification)
No oth
[FDP_
FDP_I
FCS_C
FCS_C
keys)]
FCS_C
Destru
ent: The TSF
ature Algorith
Signature Alg
greater], or
ve Digital Sign
er]]
wing [selectio
Signature Alg
FIPS PUB 186
igital Signatur
FIPS PUB 186
Curve Digita
FIPS PUB 186
The TSF shall
no other curve
Standard").
ature Algorith
41
ed Encryptio
38A, NIST SP
des]
NIST SP 800-3
ST SP 800-38
graphic O
her componen
_ITC.1 Import
ITC.2 Import
CKM.1 Crypto
CKM.1(a) Cr
]
CKM_EXT.4
uction
shall perform
hm (DSA) with
gorithm (rDSA
nature Algori
on:
gorithm
6-4, "Digital
re Algorithm
6-4, "Digital
al Signature A
6-4, "Digital
l implement "
es] (as defined
hm (DSA) with
n Standard (
P 800-38B, NI
38B, NIST SP
8D
peration (f
nts.
t of user data w
of user data w
ographic key
ryptographic
Extended: Cr
m cryptograph
h key sizes (m
SA) with key si
ithm (ECDSA)
Signature Sta
Signature Sta
Algorithm
Signature Sta
"NIST curves
d in FIPS PU
h key sizes (m
D
Copyrig
(AES)"
NIST SP 800-3
P 800-38C, NI
for signatu
without secur
with security a
generation
Key Generat
ryptographic K
hic signature
modulus) of [a
izes (modulus
A) with key siz
andard"
andard"
andard"
" P-256, P384
UB 186-4, "Dig
modulus) of [a
Date of Issue: 2
ght Canon Inc
38C, NIST SP
NIST SP 800-3
ure
ity attributes,
attributes, or
tion (for asym
Key Material
services in ac
assignment: 2
s) of [assignm
zes of [assignm
4 and [selecti
igital Signatur
assignment: 2
2022/07/27
c. 2021
P
38D]
or
mmetric
ccordance
2048 bits
ment:
ment: 256
ion: P521,
re
2048 bits
FCS_CO
FCS_COP


–
[assig
–
[select
C
C
C
]
–
OP.1(b)(tls)
gene
Hierar
Depen
P.1.1(b)(tls) R
with a



or greater],
RSA Digital S
2048 bits or g
Elliptic Curv
bits or greate
RSA Digit
2048 bits o
nment: 2048
2048 bits
tion:
Case: Digital S
 F
Case: RSA Dig
 F
Case: Elliptic
 F
 T
n
S
Case: RSA
 F
) Cryp
eration/ver
rchical to:
ndencies:
Refinement:
[selection:
Digital Signa
or greater],
RSA Digital S
2048 bits or g
Elliptic Curv
Signature Alg
greater], or
ve Digital Sign
er]]
tal Signature
or greater]
bits or greate
Signature Alg
FIPS PUB 186
igital Signatur
FIPS PUB 186
Curve Digita
FIPS PUB 186
The TSF shall
no other curve
Standard").
A Digital Sign
FIPS PUB 186
ptographic
rification)
No oth
[FDP_
FDP_I
FCS_C
FCS_C
keys)]
FCS_C
Destru
The TSF
ature Algorith
Signature Alg
greater], or
ve Digital Sign
42
gorithm (rDSA
nature Algori
Algorithm (r
er]
gorithm
6-4, "Digital
re Algorithm
6-4, "Digital
al Signature A
6-4, "Digital
l implement "
es] (as defined
nature Algori
6-4, "Digital S
Operation
er component
_ITC.1 Import
ITC.2 Import
CKM.1 Crypto
CKM.1(a) Cr
]
CKM_EXT.4
uction
shall perform
hm (DSA) with
gorithm (rDSA
nature Algori
SA) with key si
ithm (ECDSA)
rDSA) with k
Signature Sta
Signature Sta
Algorithm
Signature Sta
"NIST curves
d in FIPS PU
thm
Signature Stan
n (for signa
ts.
t of user data w
of user data w
ographic key
ryptographic
Extended: Cr
m cryptograph
h key sizes (m
SA) with key si
ithm (ECDSA)
D
Copyrig
izes (modulus
A) with key siz
key sizes (mo
andard"
andard"
andard"
" P-256, P384
UB 186-4, "Dig
ndard"
ature
without secur
with security a
generation
Key Generat
ryptographic K
hic signature
modulus) of [a
izes (modulus
A) with key siz
Date of Issue: 2
ght Canon Inc
s) of [assignm
zes of [assignm
dulus) of [ass
4 and [selecti
igital Signatur
ity attributes,
attributes, or
tion (for asym
Key Material
services in ac
assignment: 2
s) of [assignm
zes of [assignm
2022/07/27
c. 2021
ment:
ment: 256
signment:
ion: P521,
re
or
mmetric
ccordance
2048 bits
ment:
ment: 256
that m
C
C
C
]
[sele



–
–
[assi
–
[assig
–
[sele
C
C
C
]
–
–
bits or greate
meets the follow
Case: Digital S
 F
Case: RSA Dig
 F
Case: Elliptic
 F
 T
n
S
ection:
Digital Signa
or greater],
RSA Digital S
2048 bits or g
Elliptic Curv
bits or greate
RSA Digit
2048 bits o
Elliptic C
[assignmen
gnment: 2048
2048 bits
nment: 256 b
256 bits, 3
ction:
Case: Digital S
 F
Case: RSA Dig
 F
Case: Elliptic
 F
 T
n
S
Case: RSA
 FIPS P
Case: Ellip
er]]
wing [selectio
Signature Alg
FIPS PUB 186
igital Signatur
FIPS PUB 186
Curve Digita
FIPS PUB 186
The TSF shall
no other curve
Standard").
ature Algorith
Signature Alg
greater], or
ve Digital Sign
er]]
tal Signature
or greater]
Curve Digita
nt: 256 bits o
8 bits or great
bits or greater
84bits
Signature Alg
FIPS PUB 186
igital Signatur
FIPS PUB 186
Curve Digita
FIPS PUB 186
The TSF shall
no other curve
Standard").
A Digital Sign
PUB 186-4, "
ptic Curve Di
43
on:
gorithm
6-4, "Digital
re Algorithm
6-4, "Digital
al Signature A
6-4, "Digital
l implement "
es] (as defined
hm (DSA) with
gorithm (rDSA
nature Algori
Algorithm (r
al Signature
or greater]
ter]
r]
gorithm
6-4, "Digital
re Algorithm
6-4, "Digital
al Signature A
6-4, "Digital
l implement "
es] (as defined
nature Algori
"Digital Signa
igital Signatu
Signature Sta
Signature Sta
Algorithm
Signature Sta
"NIST curves
d in FIPS PU
h key sizes (m
SA) with key si
ithm (ECDSA)
rDSA) with k
e Algorithm
Signature Sta
Signature Sta
Algorithm
Signature Sta
"NIST curves
d in FIPS PU
thm
ature Standar
ure Algorithm
D
Copyrig
andard"
andard"
andard"
" P-256, P384
UB 186-4, "Dig
modulus) of [a
izes (modulus
A) with key siz
key sizes (mo
(ECDSA)
andard"
andard"
andard"
" P-256, P384
UB 186-4, "Dig
rd"
m
Date of Issue: 2
ght Canon Inc
4 and [selecti
igital Signatur
assignment: 2
s) of [assignm
zes of [assignm
dulus) of [ass
with key
4 and [selecti
igital Signatur
2022/07/27
c. 2021
ion: P521,
re
2048 bits
ment:
ment: 256
signment:
sizes of
ion: P521,
re
FCS_CO
FCS_COP
[sele
–
OP.1(b)(ips
gene
Hierar
Depend
P.1.1(b)(ipsec)
with a



that m
C
C
C
]
[sele


 FIPS P
 The T
other c
ction: P521, n
no other cu
sec) Cryp
eration/ver
rchical to:
dencies:
) Refinement
[selection:
Digital Signa
or greater],
RSA Digital S
2048 bits or g
Elliptic Curv
bits or greate
meets the follow
Case: Digital S
 F
Case: RSA Dig
 F
Case: Elliptic
 F
 T
n
S
ection:
Digital Signa
or greater],
RSA Digital S
PUB 186-4, “
TSF shall imp
curves] (as de
no other curv
urves
ptographic
rification)
No oth
[FDP_I
FDP_IT
FCS_C
FCS_C
keys)]
FCS_C
Destruc
t: The TSF
ature Algorith
Signature Alg
greater], or
ve Digital Sign
er]]
wing [selectio
Signature Alg
FIPS PUB 186
igital Signatur
FIPS PUB 186
Curve Digita
FIPS PUB 186
The TSF shall
no other curve
Standard").
ature Algorith
Signature Alg
44
“Digital Signa
plement “NIS
efined in FIP
ves]
Operation
er component
ITC.1 Import
TC.2 Import o
CKM.1 Crypto
CKM.1(a) Cry
CKM_EXT.4 E
ction
shall perform
hm (DSA) with
gorithm (rDSA
nature Algori
on:
gorithm
6-4, "Digital
re Algorithm
6-4, "Digital
al Signature A
6-4, "Digital
l implement "
es] (as defined
hm (DSA) with
gorithm (rDSA
ature Standar
T curves” P-2
S PUB 186-4
n (for signa
ts.
of user data w
of user data w
ographic key g
yptographic K
Extended: Cry
m cryptograph
h key sizes (m
SA) with key si
ithm (ECDSA)
Signature Sta
Signature Sta
Algorithm
Signature Sta
"NIST curves
d in FIPS PU
h key sizes (m
SA) with key si
D
Copyrig
rd”
256, P384 an
4, “Digital Sig
ature
without securit
with security at
generation
Key Generati
yptographic K
hic signature
modulus) of [a
izes (modulus
A) with key siz
andard"
andard"
andard"
" P-256, P384
UB 186-4, "Dig
modulus) of [a
izes (modulus
Date of Issue: 2
ght Canon Inc
nd [selection:
gnature Stand
ty attributes, o
ttributes, or
ion (for asym
Key Material
services in ac
assignment: 2
s) of [assignm
zes of [assignm
4 and [selecti
igital Signatur
assignment: 2
s) of [assignm
2022/07/27
c. 2021
P521, no
dard”).
or
mmetric
ccordance
2048 bits
ment:
ment: 256
ion: P521,
re
2048 bits
ment:
FCS_CO
FCS_COP
FCS_CO

–
–
[assig
–
[assig
–
[select
C
C
C
]
–
–
[select
–
OP.1(c) Cry
Hierar
Depen
P.1.1(c) Refine
with [s
10118-
[select
–
OP.1(d) Cry
Hierar
2048 bits or g
Elliptic Curv
bits or greate
RSA Digit
2048 bits o
Elliptic C
[assignmen
nment: 2048
2048 bits
nment: 256 b
256 bits, 3
tion:
Case: Digital S
 F
Case: RSA Dig
 F
Case: Elliptic
 F
 T
n
S
Case: RSA
 FIPS P
Case: Ellip
 FIPS P
 The T
other c
tion: P521, no
no other cu
yptograph
rchical to:
ndencies:
ement:
selection: SHA
-3:2004].
tion: SHA-1, S
SHA-1, SH
yptograph
rchical to:
greater], or
ve Digital Sign
er]]
tal Signature
or greater]
Curve Digita
nt: 256 bits o
bits or greate
bits or greater
84 bits
Signature Alg
FIPS PUB 186
igital Signatur
FIPS PUB 186
Curve Digita
FIPS PUB 186
The TSF shall
no other curve
Standard").
A Digital Sign
PUB 186-4, "
ptic Curve Di
PUB 186-4, "
TSF shall imp
curves] (as de
o other curves
urves
hic operatio
No oth
No dep
The TSF
A-1, SHA-256
SHA-256, SH
HA-256, SHA
hic operatio
No oth
45
nature Algori
Algorithm (r
al Signature
or greater]
er]
r]
gorithm
6-4, "Digital
re Algorithm
6-4, "Digital
al Signature A
6-4, "Digital
l implement "
es] (as defined
nature Algori
"Digital Signa
igital Signatu
"Digital Signa
plement "NIS
efined in FIP
]
on (Hash A
her componen
pendencies
shall perform
6, SHA-384, S
HA-384, SHA-
A-384, SHA-5
on (AES D
her componen
ithm (ECDSA)
rDSA) with k
e Algorithm
Signature Sta
Signature Sta
Algorithm
Signature Sta
"NIST curves
d in FIPS PU
thm
ature Standar
ure Algorithm
ature Standar
T curves" P-2
S PUB 186-4
Algorithm)
nts.
m cryptograph
SHA-512] tha
-512]
512
Data Encry
nts.
D
Copyrig
A) with key siz
key sizes (mo
(ECDSA)
andard"
andard"
andard"
" P-256, P384
UB 186-4, "Dig
rd"
m
rd"
256, P384 an
4, "Digital Sig
)
hic hashing se
at meet the foll
ption/Decr
Date of Issue: 2
ght Canon Inc
zes of [assignm
dulus) of [ass
with key
4 and [selecti
igital Signatur
nd [selection:
gnature Stand
ervices in acc
lowing: [ISO/
ryption)
2022/07/27
c. 2021
ment: 256
signment:
sizes of
ion: P521,
re
P521, no
dard").
ordance
/IEC
FCS_COP
FCS_CO
FCS_COP
FCS_HT
FCS_HTT
FCS_HTT
FCS_IPS
Depen
P.1.1(d) The
crypto
key siz
18033-
and X
[select
–
[select
–
[select
XTS
–
OP.1(g) Cry
Hierar
Depend
P.1.1(g) Refin
accord
SHA-2
messa
PUB 1
"Secu
[select
–
[assign
–
[select
–
TTPS_EXT.
Hierar
Depen
TPS_EXT.1.1
TPS_EXT.1.2
SEC_EXT.1
ndencies:
e TSF shall pe
graphic algori
zes [selection
-3, [selection
XTS as specifie
tion: CBC, G
XTS
tion: 128 bits,
256 bits
tion: CBC as
S as specified
XTS as sp
yptograph
rchical to:
dencies:
ement:
dance with a sp
256, SHA-384
ge digest size
198-1, "The K
re Hash Stan
tion: SHA-1, S
SHA-1, SH
nment: key si
160, 256, 3
tion: 160, 224
160, 256, 3
.1 Exten
rchical to:
ndencies:
The TS
The TS
1 Exten
FCS_C
FCS_C
Destru
erform data en
ithm AES use
: 128 bits, 256
: CBC as spec
ed in IEEE 16
GCM, XTS]
, 256 bits]
specified in I
in IEEE 1619
ecified in IEE
hic Operati
No oth
FCS_C
FCS_C
Destruc
The TSF
pecified crypt
4, SHA-512],
es [selection:
Keyed-Hash M
ndard."
SHA-224, SH
HA-256, SHA
ze (in bits) us
384 bits
4, 256, 384, 51
384
nded: HTT
No oth
FCS_T
SF shall imple
SF shall imple
nded: IPse
46
CKM.1(b) Cry
CKM_EXT.4
uction
ncryption an
ed in [selectio
6 bits] that me
cified in ISO/
619].
ISO/IEC 1011
9]
EE 1619
ion (for key
er component
CKM.1(b) Cry
CKM_EXT.4 E
ction
shall perform
tographic algo
key size [assi
160, 224, 256
Message Auth
HA-256, SHA-
A-384
sed in HMAC
12]
TPS select
her componen
TLS_EXT.1 E
ement the HT
ement HTTPS
ec selected
yptographic k
Extended: Cr
d decryption
on: CBC, GCM
eet the followi
/IEC 10116, G
16, GCM as sp
yed-hash
ts.
yptographic ke
Extended: Cry
m keyed-hash
orithm HMAC
ignment: key s
6, 384, 512] bi
hentication C
-384, SHA-51
C]
ed
nts.
Extended: TLS
TPS protocol
S using TLS a
d
D
Copyrig
key generation
ryptographic K
in accordanc
M, XTS] mod
ing: AES as s
GCM as specif
pecified in IS
message a
ey generation
yptographic K
message auth
C-[selection: S
size (in bits) u
its that meet th
Code, and FIP
12]
S selected
that complies
s specified in
Date of Issue: 2
ght Canon Inc
n (Symmetric K
Key Material
e with a speci
de and cryptog
specified in IS
ified in ISO/IE
SO/IEC 19772
authentica
(Symmetric K
Key Material
hentication in
SHA-1, SHA-
used in HMA
he following:
PS PUB 180-3
s with RFC 28
FCS_TLS_EX
2022/07/27
c. 2021
Keys)
ified
graphic
SO/IEC
IEC 19772,
2, and
ation)
Keys)
n
-224,
AC], and
FIPS
3,
818.
XT.1.
FCS_IPSE
FCS_IPSE
FCS_IPSE
FCS_IPSE
FCS_IPSE
Hierar
Depen
EC_EXT.1.1
EC_EXT.1.2
[select
–
EC_EXT.1.3
otherw
EC_EXT.1.4
[select
with a
togethe
RFC 4
[select
with
3602
spec
–
EC_EXT.1.5
Phase
for ext
other R
[select
specifi
functio
[select
2409
exten
hash
trave
[sele
–
rchical to:
ndencies:
The TS
The TS
tion: tunnel m
transport m
The TS
wise unmatche
The TS
tion: the crypt
Secure Hash
er with a Secu
4106, AES-GC
tion: the crypt
h a Secure Has
2) together wi
cified in RFC 4
the crypto
with a Sec
by RFC 3
AES-GCM
The TS
1 exchanges,
tended sequen
RFCs for hash
tion: with no s
ied in section
ons]].
tion: IKEv1, u
9, RFC 4109,
nded sequenc
h functions]; IK
ersal, with ma
ection: no othe
IKEv1, us
No oth
FIA_P
FCS_C
keys)
FCS_C
encryp
FCS_C
genera
FCS_C
FCS_C
authen
FCS_R
Genera
SF shall imple
SF shall imple
mode, transpor
mode
SF shall have
ed, and discard
SF shall imple
tographic algo
Algorithm (SH
ure Hash Algo
CM-256 as spe
tographic algo
sh Algorithm
ith a Secure H
4106, AES-GC
graphic algor
cure Hash Al
3602) togeth
M-128 as speci
SF shall imple
as defined in
nce numbers, R
h functions, RF
support for NA
2.23], and [se
using Main Mo
[selection: no
e numbers], a
KEv2 as defin
andatory supp
er RFCs for h
ing Main Mo
47
her componen
PSK_EXT.1 E
CKM.1(a) Cry
COP.1(a) Cryp
ption/decryptio
COP.1(b) Cry
ation/verificati
COP.1(c) Cryp
COP.1(g) Cry
ntication)
RBG_EXT.1 E
ation)
ement the IPse
ement [selecti
rt mode]
a nominal, fin
ds it.
ement the IPse
orithms AES-C
HA)-based HM
orithm (SHA)-
ecified in RFC
orithms AES-C
(SHA)-based H
Hash Algorithm
CM-256 as sp
rithms AES-C
lgorithm (SH
her with a S
fied in RFC 4
ement the prot
RFCs 2407, 2
RFC 4304 for
FC 4868 for h
AT traversal, w
election: no oth
Mode for Phase
o other RFCs f
and [selection:
ned in RFCs 5
port for NAT tr
hash functions,
ode for Phase
nts.
Extended: Pre-
yptographic K
ptographic Op
on)
yptographic Op
ion)
ptographic Op
yptographic Op
Extended: Cry
ec architecture
ion: tunnel mo
nal entry in th
ec protocol ES
CBC-128 (as s
MAC, AES-CB
-based HMAC
C 4106].
CBC-128 (as
HMAC, AES-
m (SHA)-base
pecified in RFC
CBC-128 (as
HA)-based HM
Secure Hash
4106, AES-GC
tocol: [selecti
2408, 2409, R
extended sequ
hash functions
with mandator
her RFCs for
e 1 exchanges,
for extended s
no other RFC
5996, [selectio
raversal as sp
, RFC 4868 fo
e 1 exchange
D
Copyrig
-Shared Key C
Key Generation
peration (Sym
peration (for s
peration (Hash
peration (for k
yptographic O
e as specified
ode, transport
he SPD that m
SP as defined
specified by R
BC-256 (as sp
C, AES-GCM-1
specified by R
CBC-256 (as
ed HMAC, AES
C 4106]
s specified by
MAC, AES-C
Algorithm (
CM-256 as spe
on: IKEv1, us
RFC 4109, [sel
uence number
s]; IKEv2 as d
ry support for
hash function
, as defined in
sequence num
Cs for hash fu
on: with no sup
pecified in sec
or hash functio
es, as defined
Date of Issue: 2
ght Canon Inc
Composition
n (for asymme
mmetric
signature
h Algorithm)
keyed-hash m
Operation (Ran
in RFC 4301
mode].
matches anythin
by RFC 4303
RFC 3602) tog
pecified by RF
128 as specifi
RFC 3602) tog
specified by R
S-GCM-128 a
y RFC 3602)
CBC-256 (as
(SHA)-based
ecified in RFC
sing Main Mod
lection: no oth
rs], and [selec
defined in RFC
r NAT traversa
ns, RFC 4868 f
n RFCs 2407,
bers, RFC 43
unctions, RFC
pport for NAT
ction 2.23], an
ons]]
d in RFCs 24
2022/07/27
c. 2021
etric
essage
ndom Bit
.
ng that is
3 using
gether
FC 3602)
ed in
gether
RFC
as
) together
specified
d HMAC,
C 4106
de for
her RFCs
ction: no
Cs 5996,
al as
for hash
2408,
04 for
4868 for
T
d
407, 2408,
FCS_IPSE
FCS_IPSE
FCS_IPSE
FCS_IPSE
FCS_IPSE
[select
num
–
[select
–
EC_EXT.1.6
protoc
3602 a
algorit
[select
–
[select
–
EC_EXT.1.7
EC_EXT.1.8
on [sel
limited
establi
time va
[select
pack
Phas
[sele
limit
–
[select
limit
–
EC_EXT.1.9
MODP
(384-b
implem
[select
Rand
the T
–
EC_EXT.1.10
[select
2409, RFC
4304 for e
functions,
tion: no other
mbers]
RFC 4304
tion: no other
RFC 4868
The TS
ol uses the cry
and [selection
thm].
tion: IKEv1, IK
IKEv1
tion: AES-GC
no other al
The TS
The TS
lection: numb
d to: 24 hours
ished based on
alues can be l
tion: IKEv2 SA
kets/number of
se 1 SAs and 8
ection: numbe
ted to: 24 hou
IKEv1 SA
packets/nu
24 hours fo
tion: number o
ted to: 24 hou
length of t
and 8 hour
The TS
P), and [select
bit Random EC
mented by the
tion: 24 (2048
dom ECP, 5 (
TOE], no othe
19 (256-bi
0 The TS
tion: RSA, ECD
C 4109, [sele
extended seq
RFC 4868 fo
r RFCs for ext
for extended
r RFCs for has
for hash func
SF shall ensur
yptographic a
: AES-GCM-1
IKEv2]
CM-128, AES-G
lgorithm
SF shall ensur
SF shall ensur
er of packets/n
for Phase 1 S
n [selection: n
limited to: 24
A lifetimes ca
of bytes; length
8 hours for Ph
er of packets/n
urs for Phase 1
A lifetimes
umber of byte
for Phase 1 SA
of packets/num
urs for Phase 1
time, where t
rs for Phase 2
SF shall ensur
tion: 24 (2048
CP, 5 (1536-b
TOE], no oth
8-bit MODP w
(1536-bit MOD
er DH groups]
it Random EC
SF shall ensur
CDSA] algorith
48
ction: no oth
quence numb
or hash functi
ended sequen
d sequence nu
sh functions, R
ctions
re the encrypt
lgorithms AE
128, AES-GCM
GCM-256 as s
re that IKEv1
re that [selecti
/number of byt
SAs and 8 hou
number of pac
hours for Pha
n be establish
h of time, whe
hase 2 SAs]; IK
number of byte
1 SAs and 8 h
can be es
es ; length of
As and 8 hou
mber of bytes;
1 SAs and 8 h
the time valu
2 SAs
re that all IKE
8-bit MODP w
bit MODP)), [a
her DH groups
with 256-bit P
DP)), [assignm
]
CP), 20 (384-
re that all IKE
hm and Pre-sh
her RFCs for
bers], and [se
ons]
ce numbers, R
umbers
RFC 4868 for
ed payload in
S-CBC-128, A
M-256 as spec
specified in R
Phase 1 exch
ion: IKEv2 SA
tes; length of
urs for Phase 2
ckets/number o
ase 1 SAs and
hed based on [
ere the time va
IKEv1 SA lifet
es ; length of t
ours for Phas
stablished b
f time, where
rs for Phase
; length of tim
ours for Phas
ues can be lim
E protocols im
with 256-bit PO
assignment: o
s].
OS), 19 (256-
ment: other DH
-bit Random E
E protocols per
hared Keys.
D
Copyrig
extended seq
election: no
RFC 4304 for
hash function
the [selection
AES-CBC-25
cified in RFC
RFC 5282, no o
hanges use onl
A lifetimes can
time, where th
2 SAs]; IKEv1
of bytes ; leng
8 hours for P
[selection: num
alues can be li
times can be e
time, where th
se 2 SAs]]
based on [s
the time val
2 SAs]
me, where the t
se 2 SAs]
mited to: 24 h
mplement DH G
OS), 19 (256-b
ther DH group
-bit Random E
DH groups that
ECP)
rform Peer Au
Date of Issue: 2
ght Canon Inc
quence numb
other RFCs
extended sequ
ns]
n: IKEv1, IKE
6 as specified
5282, no othe
other algorith
ly main mode.
n be establishe
he time values
1 SA lifetimes
gth of time, wh
Phase 2 SAs]].
mber of
imited to: 24 h
established bas
he time values
selection: nu
lues can be li
time values ca
hours for Pha
Groups 14 (20
bit Random E
ups that are
ECP), 20 (384
t are impleme
uthentication u
2022/07/27
c. 2021
bers, RFC
for hash
uence
Ev2]
d in RFC
er
hm]
.
ed based
s can be
can be
here the
hours for
sed on
can be
umber of
imited to:
an be
ase 1 SAs
048-bit
ECP), 20
-bit
ented by
using the
FCS_KY
FCS_KYC
FCS_RB
FCS_RBG
[select
–
YC_EXT.1
Hierar
Depend
C_EXT.1.1
BEV o
using t
combin
deriva
mainta
[select
more
as sp
encr
key t
–
[select
FCS
in F
–
[sele
–
BG_EXT.1
Gene
Hierar
Depen
G_EXT.1.1(ne
in acco
Hash_
[select
–
[select
–
tion: RSA, EC
RSA, ECD
Exten
rchical to:
dencies:
The TS
or DEK; interm
the following
ning as specif
tion as specifi
aining an effec
tion: one, usin
e submask(s)
pecified in FC
ryption as spec
transport as sp
intermedia
using the
FCS_COP
specified i
transport a
tion: key wrap
S_SMC_EXT.1
FCS_KDF_EX
key combi
ction: 128 bits
256 bits
(network)
eration)
rchical to:
ndencies:
etwork):
ordance with [
_DRBG (any),
tion: ISO/IEC
NIST SP 8
tion: Hash_DR
CTR_DRB
CDSA]
DSA
nded: Key
No oth
[FCS_C
FCS_S
FCS_C
FCS_K
FCS_C
SF shall main
mediate keys o
method(s): [se
fied in FCS_SM
fied in FCS_KD
ctive strength
ng a submask
to the BEV or
CS_COP.1(e),
cified in FCS_
specified in FC
ate keys origi
e following
P.1(e), key com
in FCS_COP
as specified in
pping as specif
1, key encrypt
XT.1, key transp
ining as speci
s, 256 bits]
Extend
No oth
No dep
The TSF
[selection: ISO
HMAC_DRB
C 18031:2011,
800-90A
RBG (any), H
BG (AES)
49
y Chaining
er component
COP.1(e) Cry
SMC_EXT.1 E
COP.1(f) Cryp
KDF_EXT.1 C
COP.1(i) Cryp
ntain a key cha
originating fro
election: key w
MC_EXT.1, k
KDF_EXT.1, ke
of [selection:
as the BEV or
r DEK using th
key combinin
_COP.1(f), key
CS_COP.1(i)]
inating from
method(s):
mbining as sp
P.1(f), key de
n FCS_COP.
ified in FCS_C
ion as specifie
sport as specif
ified in FCS_
ded: Crypto
her componen
pendencies.
shall perform
O/IEC 18031:
BG (any), CTR
NIST SP 800
HMAC_DRBG
ts.
yptographic op
Extended: Sub
ptographic ope
Cryptographic
tographic ope
ain of: [selecti
om one or mor
wrapping as sp
key encryption
ey transport a
128 bits, 256
r DEK; interm
he following m
ng as specified
ey derivation a
]
one or more
[selection:
pecified in FC
rivation as sp
1(i)]
COP.1(e), key
ed in FCS_CO
fied in FCS_C
_SMC_EXT.1
ographic O
nts.
m all determini
2011, NIST SP
R_DRBG (AES
0-90A]
G (any), CTR_D
D
Copyrig
peration (Key
bmask Combin
eration (Key E
Operation (K
eration (Key T
ion: one, using
re submask(s)
specified in FC
n as specified i
as specified in
6 bits].
mediate keys o
method(s): [se
d in FCS_SMC
as specified in
e submask(s)
key wrapp
CS_SMC_EX
specified in F
y combining as
OP.1(f), key de
COP.1(i)]
1
Operation
stic random b
SP 800-90A] u
S)].
DRBG (AES)]
Date of Issue: 2
ght Canon Inc
Wrapping),
ning,
Encryption),
Key Derivation
Transport)]
g a submask a
) to the BEV o
CS_COP.1(e),
in FCS_COP.
FCS_COP.1(
originating fro
election: key w
C_EXT.1, key
n FCS_KDF_E
) to the BEV
ing as spe
XT.1, key encr
FCS_KDF_EX
s specified in
erivation as sp
(Random B
bit generation
using [selection
]
2022/07/27
c. 2021
n), and/or
as the
or DEK
, key
1(f), key
(i)]] while
om one or
wrapping
EXT.1,
V or DEK
ecified in
ryption as
XT.1, key
pecified
Bit
services
n:
FCS_RBG
FCS_RB
FCS_RBG
FCS_RBG
FCS_SM
G_EXT.1.2(ne
that ac
softwa
hardwa
least e
"Secur
[select
[assi
–
[assign
–
[select
–
BG_EXT.1(s
Hierar
Depen
G_EXT.1.1(ss
accord
Hash_
[select
–
[select
–
G_EXT.1.2(ss
accum
softwa
hardwa
least e
"Secur
[select
[assi
[assign
–
[select
–
MC_EXT.1
Hierar
Depen
etwork):
ccumulates ent
are-based nois
are-based nois
qual to the gre
rity Strength T
tion: [assignm
ignment: num
[assignmen
nment: numbe
1
tion: 128 bits,
256 bits
ssd) Exten
rchical to:
ndencies:
d): The TS
dance with [se
_DRBG (any),
tion: ISO/IEC
NIST SP 8
tion: Hash_DR
Hash_DRB
d): The de
mulates entropy
are-based nois
are-based nois
qual to the gre
rity Strength T
tion: [assignm
ignment: num
– [ass
sou
nment: numbe
1
tion: 128 bits,
256 bits
Exten
rchical to:
ndencies:
The deter
tropy from [se
se source(s), [a
se source(s)] w
eatest security
Table for Hash
ment: number o
mber of hardwa
nt: number of
er of hardwar
256 bits]
nded: Cryp
No oth
No dep
SF shall perfo
lection: ISO/I
HMAC_DRB
C 18031:2011,
800-90A
RBG (any), H
BG (SHA-25
eterministic R
y from [select
se source(s), [a
se source(s)] w
eatest security
Table for Hash
ment: number o
mber of hardwa
signment: nu
rce(s)
er of hardwar
256 bits]
nded: Sub
No oth
FCS_C
50
rministic RBG
election: [assi
assignment: n
with a minimu
y strength, acc
h Functions",
of software-ba
are-based sou
f hardware-b
re-based sourc
ptographic
her componen
pendencies.
orm all determ
IEC 18031:20
BG (any), CTR
NIST SP 800
HMAC_DRBG
6)
RBG shall be s
tion: [assignm
assignment: n
with a minimu
y strength, acc
h Functions",
of software-ba
are-based sou
umber of ha
re-based sourc
bmask Com
her componen
COP.1(c) Cryp
G shall be seed
gnment: numb
umber of hard
um of [selecti
cording to ISO
of the keys an
ased sources]
urces] hardwar
ased sources
ces]
c Operatio
nts.
ministic random
011, NIST SP 8
R_DRBG (AES
0-90A]
G (any), CTR_D
eeded by at le
ment: number o
umber of hard
um of [selecti
cording to ISO
of the keys an
ased sources]
urces] hardwar
ardware-base
ces]
mbining
nts.
ptographic op
D
Copyrig
ded by at least
ber of softwar
dware-based s
on: 128 bits, 2
O/IEC 18031:2
nd hashes that
software-base
re-based noise
s] hardware-b
n (Random
m bit generatio
800-90A] usin
S)].
DRBG (AES)]
east one entrop
of software-ba
dware-based s
on: 128 bits, 2
O/IEC 18031:2
nd hashes that
software-base
re-based noise
d sources] h
peration (Hash
Date of Issue: 2
ght Canon Inc
t one entropy
re-based sourc
sources]
256 bits] of en
2011 Table C.
t it will genera
ed noise sourc
e source(s)]
based noise so
m Bit Gene
on services in
ng [selection:
]
py source that
ased sources]
sources]
256 bits] of en
2011 Table C.
t it will genera
ed noise sourc
e source(s)]
hardware-bas
h Algorithm)
2022/07/27
c. 2021
source
ces]
ntropy at
.1
ate.
ce(s),
ource(s)
eration)
n
t
ntropy at
.1
ate.
ce(s),
sed noise
FCS_SMC
FCS_TL
FCS_TLS_
C_EXT.1.1:
OR (X
[select
S_EXT.1
Hierar
Depend
_EXT.1.1The
2246),
Manda

Option
[select
The TS
XOR), SHA-25
tion: exclusive
– SHA
Exten
rchical to:
dencies:
e TSF shall im
TLS 1.1 (RFC
atory Ciphersu
TLS_RSA
nal Ciphersuit
tion:
None
TLS_RSA
TLS_DH
TLS_DH
TLS_RSA
TLS_RSA
TLS_DH
TLS_DH
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
SF shall comb
6, SHA-512] t
e OR (XOR), S
A-256
nded: TLS
No oth
FCS_C
FCS_C
encrypt
FCS_C
generat
FCS_C
FCS_C
authent
FCS_R
Genera
mplement one
C 4346), TLS
uites:
A_WITH_AE
tes:
A_WITH_AE
HE_RSA_WIT
HE_RSA_WIT
A_WITH_AE
A_WITH_AE
HE_RSA_WIT
HE_RSA_WIT
DHE_RSA_W
DHE_RSA_W
DHE_ECDSA
DHE_ECDSA
DHE_RSA_W
DHE_RSA_W
DHE_RSA_W
DHE_RSA_W
DHE_ECDSA
DHE_ECDSA
51
bine submasks
to generate an
SHA-256, SHA
S selected
er component
CKM.1(a) Cry
COP.1(a) Cryp
tion/decryptio
COP.1(b) Cryp
tion/verificatio
COP.1(c) Cryp
COP.1(g) Cryp
tication)
RBG_EXT.1 E
ation)
or more of the
1.2 (RFC 524
ES_128_CBC_
ES_256_CBC
TH_AES_128
TH_AES_256
ES_128_CBC
ES_256_CBC
TH_AES_128
TH_AES_256
WITH_AES_
WITH_AES_
A_WITH_AE
A_WITH_AE
WITH_AES_
WITH_AES_
WITH_AES_
WITH_AES_
A_WITH_AE
A_WITH_AE
s using the fol
n intermediary
A-512 ]
ts.
yptographic Ke
ptographic Op
on)
ptographic Op
on)
ptographic Op
ptographic Op
Extended: Cry
e following pr
46)] supportin
_SHA
C_SHA
8_CBC_SHA
6_CBC_SHA
C_SHA256
C_ SHA256
8_CBC_ SHA
6_CBC_ SHA
_128_CBC_S
_256_CBC_S
ES_128_CBC
ES_256_CBC
_128_CBC_S
_256_CBC_S
_128_GCM_S
_256_GCM_S
ES_128_GCM
ES_256_GCM
D
Copyrig
llowing metho
y key or BEV.
ey Generation
peration (Symm
peration (for si
peration (Hash
peration (for k
yptographic Op
rotocols [selec
g the followin
A
A
A256
A256
SHA
SHA
C_SHA
C_SHA
SHA256
SHA384
SHA256
SHA384
M_SHA256
M_SHA384
Date of Issue: 2
ght Canon Inc
od [selection:
n (for asymme
metric
ignature
h Algorithm)
keyed-hash me
peration (Ran
ction: TLS 1.0
ng ciphersuite
2022/07/27
c. 2021
exclusive
etric keys)
essage
ndom Bit
0 (RFC
s:
6.2.4 C
FDP_AC
].
[select
–
[select
].
Class FDP
CC.1 Subs
Hierar
Depen
TLS_ECD
TLS_ECD
tion: TLS 1.0
TLS 1.2 (R
tion:
None
TLS_RSA
TLS_DH
TLS_DH
TLS_RSA
TLS_RSA
TLS_DH
TLS_DH
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_RSA
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
TLS_ECD
: User Data
set access
rchical to:
ndencies:
DHE_ECDSA
DHE_ECDSA
(RFC 2246), T
RFC 5246)
A_WITH_AE
HE_RSA_WIT
HE_RSA_WIT
A_WITH_AE
A_WITH_AE
HE_RSA_WIT
HE_RSA_WIT
DHE_RSA_W
DHE_RSA_W
DHE_ECDSA
DHE_ECDSA
DHE_RSA_W
DHE_RSA_W
DHE_RSA_W
DHE_RSA_W
DHE_ECDSA
DHE_ECDSA
DHE_ECDSA
DHE_ECDSA
A_WITH_AE
DHE_RSA_W
DHE_RSA_W
DHE_RSA_W
DHE_RSA_W
DHE_ECDSA
DHE_ECDSA
a Protectio
s control
No oth
FDP_A
52
A_WITH_AE
A_WITH_AE
TLS 1.1 (RFC
ES_256_CBC
TH_AES_128
TH_AES_256
ES_128_CBC
ES_256_CBC
TH_AES_128
TH_AES_256
WITH_AES_
WITH_AES_
A_WITH_AE
A_WITH_AE
WITH_AES_
WITH_AES_
WITH_AES_
WITH_AES_
A_WITH_AE
A_WITH_AE
A_WITH_AE
A_WITH_AE
ES_256_CBC
WITH_AES_
WITH_AES_
WITH_AES_
WITH_AES_
A_WITH_AE
A_WITH_AE
on
her componen
ACF.1 Securit
ES_128_CBC
ES_256_CBC
C 4346), TLS 1
C_SHA
8_CBC_SHA
6_CBC_SHA
C_SHA256
C_ SHA256
8_CBC_ SHA
6_CBC_ SHA
_128_CBC_S
_256_CBC_S
ES_128_CBC
ES_256_CBC
_128_CBC_S
_256_CBC_S
_128_GCM_S
_256_GCM_S
ES_128_GCM
ES_256_GCM
ES_128_CBC
ES_256_CBC
C_SHA
_128_CBC_S
_256_CBC_S
_128_GCM_S
_256_GCM_S
ES_128_GCM
ES_256_GCM
nts.
ty attribute ba
D
Copyrig
C_SHA256
C_SHA384
1.2 (RFC 5246
A
A
A256
A256
SHA
SHA
C_SHA
C_SHA
SHA256
SHA384
SHA256
SHA384
M_SHA256
M_SHA384
C_SHA256
C_SHA384
SHA
SHA
SHA256
SHA384
M_SHA256
M_SHA384
ased access co
Date of Issue: 2
ght Canon Inc
6)]
ontrol
2022/07/27
c. 2021
FDP_ACC
FDP_AC
FDP_ACF
FDP_ACF
FDP_ACF
FDP_ACF
Prin
Sca
C.1.1 Refinem
and op
CF.1 Secu
Hierar
Depend
F.1.1 Refinem
follow
F.1.2 Refinem
contro
subjec
Table
F.1.3 Refinem
follow
Contro
objects
[assign
secu
–
F.1.4 Refinem
additio
based
[assign
secu
–
nt Job ow
U.ADM
U.NOR
Unauth
an Job ow
U.ADM
U.NOR
ment: The TS
perations amon
urity attribu
rchical to:
dencies:
ment: The TS
wing: subjects,
ment: The TS
lled subjects a
cts and contro
15 and Table
ment: The TS
wing additional
ol SFP, based
s].
nment: rules t
urity attributes
None
ment: The TS
onal rules: [as
on security at
nment: rules t
urity attributes
None
Table 15
Operation:
wner
MIN
RMAL
henticated
Operation:
wner
MIN
RMAL
SF shall enfor
ng subjects an
ute based
No oth
FDP_A
FMT_M
SF shall enfor
objects, and a
SF shall enfor
and controlled
olled objects u
e 16.
SF shall expli
l rules: [assign
d on security a
that do not co
s, that explicit
SF shall expli
signment: rul
ttributes, that
that do not co
s, that explicit
- D.USER.D
"Create
Submit
document t
printed
(note 1
allowed
allowed
allowed
denied
Submit
document
scannin
(note 2
allowed
allowed
allowed
53
rce the User D
nd objects spe
access co
er component
ACC.1 Subset
MSA.3 Static
rce the User D
attributes spec
rce the follow
d objects is all
using controlle
icitly authorise
nment: rules t
attributes, that
onflict with th
tly authorise a
icitly deny acc
les that do not
explicitly deny
onflict with th
tly deny acces
DOC Acces
e" "R
a
to be
d
View
or R
pri
ou
)
d
allo
d de
d de
d de
a
t for
ng
View s
im
)
d
allo
d de
d de
Data Access C
cified in Tabl
ontrol
ts.
access contro
c attribute init
Data Access C
cified in Tabl
ing rules to de
lowed: rules g
ed operations
e access of sub
that do not co
t explicitly au
e User Data A
access of subje
cess of subject
t conflict with
ny access of su
e User Data A
ss of subjects t
ss Control S
Read"
w image
Release
inted
utput
M
owed
enied
enied
enied
scanned
mage
M
owed
enied
enied
D
Copyrig
Control SFP o
le 15 and Tab
ol
tialization
Control SFP t
e 15 and Tab
etermine if an
governing acc
s on controlled
bjects to objec
onflict with th
thorise access
Access Contro
ects to objects
ts to objects b
h the User Da
ubjects to obje
Access Contro
to objects]
SFP
"Modify"
Modify stored
document
allowed
denied
denied
denied
Modify stored
image
allowed
denied
denied
Date of Issue: 2
ght Canon Inc
on subjects, ob
ble 16.
to objects base
ble 16.
n operation am
cess among co
d objects spec
cts based on th
e User Data A
s of subjects to
ol SFP, based
s]
based on the fo
ata Access Con
ects].
ol SFP, based
"Delete"
Delete stor
documen
allowed
allowed
denied
denied
Delete stor
image
allowed
allowed
denied
2022/07/27
c. 2021
bjects,
ed on the
mong
ontrolled
cified in
he
Access
o
d on
ollowing
ntrol SFP,
d on
"
red
nt
red
Cop
Fax se
Fax
recei
Stora
retrie
Prin
Unauth
py
Job ow
U.ADM
U.NOR
Unauth
end Job ow
U.ADM
U.NOR
Unauth
x
ive
Fax ow
U.ADM
U.NOR
Unauth
ge /
eval
Job ow
U.ADM
U.NOR
Unauth
nt
Job ow
henticated
Operation:
wner
MIN
RMAL
henticated
Operation:
wner
MIN
RMAL
henticated
Operation:
wner
MIN
RMAL
henticated
Operation:
wner
MIN
RMAL
henticated
Table 16
Operation:
wner
denied
Submit a
document f
copying
(note 2
allowed
allowed
allowed
denied
Submit
documen
send as a f
(note 2
allowed
allowed
allowed
denied
Receive a f
and store it
(note 3
allowed
(note 4
allowed
(note 4
allowed
allowed
Store
document
(note 1
allowed
allowed
allowed
denied
- D.USER.J
"Create"
Create pri
job
(note 1)
allowed
54
d de
for
View s
image
Releas
printe
outpu
)
d
allo
d de
d de
d de
a
t to
fax
View s
im
)
d
allo
d de
d de
d de
fax
t
View f
image
Releas
printe
outpu
)
d
allo
)
d
allo
)
d
de
d de
Retrie
stored
docum
)
d
allo
d allo
d de
d de
JOB Acces
" * "R
int View
queu
)
d
allo
enied
scanned
e or
se
ed copy
t
Mo
im
owed
enied
enied
enied
scanned
mage
M
owed
enied
enied
enied
fax
e or
se
ed fax
t
Mo
of
fax
owed
owed
enied
enied
eve
d
ment
Mo
do
owed
owed
enied
enied
ss Control S
ead" "
w print
ue / log
M
owed
D
Copyrig
denied
Modify stored
mage
allowed
denied
denied
denied
Modify stored
image
allowed
denied
denied
denied
Modify image
f received
x
allowed
allowed
denied
denied
Modify stored
ocument
allowed
denied
denied
denied
SFP
"Modify"
Modify print
job
allowed
Date of Issue: 2
ght Canon Inc
denied
Delete store
image
allowed
allowed
denied
denied
Delete stor
image
allowed
allowed
denied
denied
Delete imag
of received
fax
allowed
allowed
denied
denied
Delete store
document
allowed
allowed
denied
denied
"Delete"
Cancel prin
job
allowed
2022/07/27
c. 2021
ed
red
ge
ed
nt
Sca
Cop
Fax se
Fax
recei
Stora
retrie
Applica
The fol
Note 1:
U.ADM
U.NOR
Unaut
an
Job ow
U.ADM
U.NOR
Unaut
py
Job ow
U.ADM
U.NOR
Unaut
end
Op
Job ow
U.ADM
U.NOR
Unaut
x
ive
Fax ow
U.ADM
U.NOR
Unaut
age /
eval
Job ow
U.ADM
U.NOR
Unaut
ation notes:
lowing Notes
Job Owner is
MIN
RMAL
henticated
Operation:
wner
MIN
RMAL
henticated
Operation:
wner
MIN
RMAL
henticated
peration:
wner
MIN
RMAL
henticated
Operation:
wner
MIN
RMAL
henticated
Operation:
wner
MIN
RMAL
henticated
that are refere
s identified by
allowed
allowed
denied
Create sca
job
(note 2)
allowed
allowed
allowed
denied
Create cop
job
(note 2)
allowed
allowed
allowed
denied
Create fa
send job
(note 2)
allowed
allowed
allowed
denied
Create fax
receive job
(note 3)
allowed
(note 4)
allowed
(note 4)
allowed
allowed
Create stor
/ retrieval j
(note 2)
allowed
allowed
allowed
denied
enced in Tabl
y a credential o
55
d allo
d den
den
an View
statu
)
d
allo
d allo
d allo
den
opy View
statu
)
d
allo
d allo
d den
den
ax
b
View f
queu
)
d
allo
d allo
d allo
den
View f
receive
/ log
)
d
allo
)
d
allo
)
d
allo
d den
rage
job
View s
retriev
)
d
allo
d allo
d allo
den
e 15 and Tabl
or assigned to
owed
nied
nied
w scan
us / log
M
owed
owed
owed
nied
w copy
us / log
M
owed
owed
nied
nied
fax job
ue / log
M
owed
owed
owed
nied
fax
e status
Mo
rec
owed
owed
owed
nied
storage /
val log
Mo
sto
ret
owed
owed
owed
nied
le 16:
o an authorized
D
Copyrig
denied
denied
denied
Modify scan
job
allowed
allowed
denied
denied
Modify copy
job
denied
denied
denied
denied
Modify fax
send job
allowed
allowed
denied
denied
Modify fax
ceive job
denied
denied
denied
denied
Modify
orage /
trieval job
denied
denied
denied
denied
d User as part
Date of Issue: 2
ght Canon Inc
allowed
denied
denied
Cancel scan
job
allowed
allowed
denied
denied
Cancel copy
job
allowed
allowed
denied
denied
Cancel fax
send job
allowed
allowed
denied
denied
Cancel fax
receive job
denied
allowed
denied
denied
Cancel
storage /
retrieval job
allowed
allowed
denied
denied
t of the proces
2022/07/27
c. 2021
n
y
x
b
ss of
submitt
Note 2:
or retrie
Note 3:
faxes is
Note 4:
FDP_DS
FDP_DSK
FDP_DSK
FDP_FX
FDP_FXS_
6.2.5 C
FIA_AFL
FIA_AFL.
ting a print or
Job Owner is
eval Job.
Job Owner o
s assigned to a
PSTN faxes a
SK_EXT.1 E
Hierar
Depen
K_EXT.1.1
use a s
certifie
Device
[select
Field
the F
–
K_EXT.1.2
XS_EXT.1
Hierar
Depen
_EXT.1.1The
User D
Class FIA:
L.1 Auth
Hierar
Depen
.1.1 The TS
config
authen
[select
with
–
storage Job.
s assigned to a
f received fax
a specific user
are received f
Extended:
rchical to:
ndencies:
The TS
self-encrypting
ed to conform
e contains no p
tion: perform
d-Replaceable
FDE EE cPP]
perform en
The TS
Exten
rchical to:
ndencies:
e TSF shall pr
Data using fax
Identificat
hentication
rchical to:
ndencies:
SF shall detec
urable positiv
ntication attem
tion: [assignm
hin [assignmen
an admin
acceptable
an authorized
xes is assigned
r or U.ADMIN
from outside o
Protect
No oth
FCS_C
Encryp
SF shall [selec
g Field-Repla
to the FDE E
plaintext User
encryption in
e Nonvolatile
]
ncryption in a
SF shall encry
nded: Fax
No oth
No dep
rohibit commu
x protocols.
ion and Au
n failure ha
No oth
FIA_U
ct when [selec
ve integer with
mpts occur rela
ment: positive
nt: range of ac
istrator conf
e values]
56
User as part o
d by default or
N role.
of the TOE, th
tion of Dat
her componen
COP.1(d) Cry
ption/Decrypt
ction: perform
aceable Nonvo
EE cPP], such
r Document D
accordance w
Storage Devi
accordance w
ypt all protecte
separatio
her componen
pendencies.
unication via t
uthenticatio
andling
her componen
UAU.1 Timing
tion: [assignm
hin [assignmen
ated to [assign
integer numbe
cceptable valu
figurable po
of the process
r configuration
hey are not init
ta on Disk
nts.
yptographic op
tion).
m encryption in
olatile Storage
h that any Field
Data and no pl
with FCS_CO
ice that is sepa
with FCS_COP
ed data withou
n
nts.
the fax interfa
on
nts.
g of authentica
ment: positive
nt: range of ac
nment: list of a
er], an admini
ues]]
ositive intege
D
Copyrig
of initiating a
n. Minimally,
tiated by User
peration (AES
n accordance
e Device that i
d-Replaceable
aintext Confid
OP.1(d), use a
arately CC ce
P.1(d)
ut user interve
ace, except tran
ation
integer numb
cceptable valu
authentication
istrator config
er within [a
Date of Issue: 2
ght Canon Inc
a scan, copy, f
ownership of
rs of the TOE.
Data
with FCS_CO
is separately C
e Nonvolatile
dential TSF D
self-encryptin
rtified to conf
ention.
nsmitting or r
er], an admini
ues]] unsucce
n events].
gurable positiv
assignment:
2022/07/27
c. 2021
fax send,
f received
.
OP.1(d),
CC
Storage
Data.
ng
form to
receiving
istrator
ssful
ve integer
range of
FIA_AFL.
FIA_ATD
FIA_ATD
FIA_PMG
FIA_PMG
FIA_PSK
[assign
–
[assign
–
.1.2 When
surpas
[select
–
[assign
–
D.1 User
Hierar
Depen
.1.1 The TS
[assign
[assign
–
G_EXT.1
Hierar
Depen
G_EXT.1.1
passwo


[select
–
[assign
–
K_EXT.1
Hierar
Depen
nment: range
positive in
nment: list of
Login attem
the defined nu
sed], the TSF
tion: met, surp
met
nment: list of
lock out un
r attribute d
rchical to:
ndencies:
SF shall main
nment: list of s
nment: list of
User Name
Exten
rchical to:
ndencies:
The TS
ords:
Passwords sh
letters, numb
"^", "&", "*"
Minimum pas
to require pas
tion: "!", "@"
"!", "@", "
nment: other c
"(space)",
"{", "|", "}
Exten
rchical to:
ndencies:
of acceptable
nteger within
f authenticatio
mpts from th
umber of unsu
shall [assignm
passed]
f actions]
ntil preset tim
definition
No oth
No dep
tain the follow
security attrib
f security attrib
e, Role
nded: Pas
No oth
No dep
SF shall provi
hall be able to
ers, and the fo
, "(", ")", [assi
ssword length
sswords of 15
, "#", "$", "%
"#", "$", "%",
characters]
""", "'", "+",
", "~"
nded: Pre-
No oth
FCS_R
Genera
57
e values]
1 to 10
n events]
e control pan
uccessful auth
ment: list of a
me has passed
her componen
pendencies.
wing list of se
butes].
butes]
sword Ma
her componen
pendencies.
ide the follow
be composed
ollowing spec
ignment: othe
h shall be setta
characters or
", "^", "&", "*
, "^", "&", "*
",", "-", "/",
-Shared Ke
her componen
RBG_EXT.1 E
ation)
nel or remote
hentication att
ctions].
d that can set
nts.
curity attribut
nagement
nts.
wing password
of any combi
ial characters:
er characters]]
able by an Adm
greater;
*", "(", ")", [as
", "(", ")", [as
":", ";", "<",
ey Compo
nts.
Extended: Cry
D
Copyrig
UIs or Printe
empts has bee
in 1 - 60 min
tes belonging
management
ination of upp
: [selection: "!
];
ministrator, an
ssignment: oth
ssignment: ot
"=", ">", "?"
osition
yptographic O
Date of Issue: 2
ght Canon Inc
er Driver.
en [selection:
nutes
to individual
capabilities fo
per and lower
!", "@", "#", "
nd have the ca
her character
ther character
, "[", "¥", "]"
Operation (Ran
2022/07/27
c. 2021
met,
users:
for User
case
"$", "%",
apability
rs]]
rs]
", "_", "`",
ndom Bit
FIA_PSK_
FIA_PSK_
FIA_PSK_
FIA_UAU
FIA_UAU
FIA_UAU
FIA_UAU
FIA_UAU
_EXT.1.1 The
_EXT.1.2 The


[select
–
[assign
–
_EXT.1.3 The
SHA-5
other p
using t
[select
–
[assig
–
[select
pre-
–
U.1 Timin
Hierar
Depen
U.1.1 Refinem
with th
not ch
[assign
SFP
–
U.1.2 The TS
TSF-m
U.7 Prote
Hierar
Depen
U.7.1 The TS
e TSF shall be
e TSF shall be
22 character
lengths];
composed o
characters (
tion: [assignm
[assignmen
nment: other s
Up to 24 c
e TSF shall co
512, [assignme
pre-shared key
the random bi
tion: SHA-1, S
SHA-1, SH
gnment: meth
SHA-384
tion: use no o
shared keys u
use no oth
ng of auth
rchical to:
ndencies:
ent: The TS
he User Data
ange any TSF
nment: list of
P, and do not p
Submit Fa
SF shall requi
mediated action
ected auth
rchical to:
ndencies:
SF shall provi
e able to use p
e able to accep
rs in length an
of any combin
that include: "
ment: other sup
nt: other supp
supported len
characters
ondition the te
ent: method of
ys; accept bit-
it generator sp
SHA-256, SHA
HA-256, [assi
od of conditio
ther pre-share
using the rand
er pre-shared
entication
No oth
FIA_U
SF shall allow
Access Contr
F data] on beh
f TSF mediated
provide access
x receive job
ire each user t
ns on behalf o
hentication
No oth
FIA_U
ide only [assig
58
pre-shared key
pt text-based p
nd [selection:
nation of upper
"!", "@", "#",
pported length
ported length
gths]
ext-based pre-s
f conditioning
-based pre-sh
pecified in FC
A-512, [assign
ignment: met
oning text strin
ed keys; accep
dom bit genera
d keys
her componen
UID.1 Timing
w [assignment
rol SFP, and d
half of the use
d actions that
s to D.TSF.CO
b
o be successfu
of that user.
n feedback
her componen
UAU.1 Timing
gnment: list of
ys for IPsec.
pre-shared key
[assignment:
r and lower ca
"$", "%", "^"
hs], no other l
hs]
shared keys by
g text string]] a
ared keys; gen
CS_RBG_EXT
nment: method
thod of condi
ng]
pt bit-based pr
ator specified
nts.
of identificati
: list of TSF m
do not provide
er to be perfor
do not conflic
ONF, and do n
ully authentica
k
nts.
g of authentica
f feedback] to
D
Copyrig
ys that are:
other support
ase letters, num
, "&", "*", "("
lengths]
y using [selec
and be able to
nerate bit-bas
T.1].
d of condition
tioning text s
re-shared key
in FCS_RBG_
ion
mediated actio
de access to D.
rmed before th
ct with the Use
not change an
ated before al
ation
the user whil
Date of Issue: 2
ght Canon Inc
ted lengths], n
mbers, and sp
", and ")").
ction: SHA-1, S
o [selection: us
sed pre-shared
ing text string
tring]
ys; generate bi
_EXT.1]
ons that do no
.TSF.CONF,
he user is auth
er Data Acces
ny TSF data]
llowing any ot
e the authenti
2022/07/27
c. 2021
no other
pecial
SHA-256,
se no
d keys
g]]
it-based
t conflict
and do
henticated.
ss Control
ther
cation is
FIA_UID
FIA_UID.
FIA_UID.
FIA_USB
FIA_USB.
FIA_USB.
FIA_USB.
6.2.6 C
FMT_MO
in prog
[assign
–
D.1 Timin
Hierar
Depen
1.1 Refineme
with th
not ch
[assign
Con
–
1.2 The TS
TSF-m
B.1 User
Hierar
Depen
.1.1 The TS
of that
[assign
–
.1.2 The TS
with su
attribu
[assign
–
.1.3 The TS
associa
attribu
[assign
–
Class FMT
OF.1 Mana
Hierar
Depend
gress.
nment: list of f
*, ●
ng of identi
rchical to:
ndencies:
ent: The TS
he User Data
ange any TSF
nment: list of
ntrol SFP, and
Submit Fa
SF shall requi
mediated action
r-subject b
rchical to:
ndencies:
SF shall assoc
t user: [assignm
nment: list of
User Name
SF shall enfor
ubjects acting
utes].
nment: rules f
None
SF shall enfor
ated with subj
utes].
nment: rules f
None
: Security
agement o
rchical to:
dencies:
f feedback]
fication
No oth
No dep
SF shall allow
Access Contr
F data] on beh
f TSF-mediated
d do not provi
x receive job
ire each user t
ns on behalf o
binding
No oth
FIA_A
ciate the follow
ment: list of u
user security
e, Role
rce the followi
g on the behalf
for the initial a
rce the followi
jects acting on
for the changi
Manageme
of security
No oth
FMT_S
59
her componen
pendencies.
w [assignment
rol SFP, and d
half of the use
d actions that
ide access to D
b
o be successfu
of that user.
her componen
ATD.1 U
wing user secu
user security a
attributes]
ing rules on th
f of users: [ass
association of
ing rules gove
n the behalf of
ing of attribut
ent
functions
er component
SMR.1 Se
nts.
: list of TSF-m
do not provide
er to be perfor
t do not confli
D.TSF.CONF
ully identified
nts.
User attribute d
urity attribute
attributes].
he initial assoc
signment: rule
f attributes]
erning change
f users: [assign
es]
behavior
ts.
ecurity roles
D
Copyrig
mediated actio
de access to D.
rmed before th
ict with the Us
F, and do not
d before allow
definition
s with subject
ciation of user
es for the initi
es to the user s
nment: rules f
Date of Issue: 2
ght Canon Inc
ons that do no
.TSF.CONF,
he user is iden
User Data Acce
change any T
wing any other
ts acting on th
r security attri
ial association
security attribu
for the changi
2022/07/27
c. 2021
ot conflict
and do
ntified.
ess
TSF data]
he behalf
ibutes
n of
utes
ing of
FMT_MO
FMT_MS
FMT_MSA
FMT_MS
FMT_MSA
OF.1.1 Refinem
enable
[select
–
[assign
–
SA.1 Mana
Hierar
Depend
A.1.1 Refinem
[select
attribu
[select
–
[assig
–
[assign
–
[assign
Security at
User Name
Role
SA.3 Static
Hierar
Depen
A.3.1 Refinem
ment: The TS
e, modify the b
tion: determin
disable, ena
nment: list of f
TLS
agement o
rchical to:
dencies:
ment: The TS
tion: change_d
utes [assignme
tion: change_
query, mod
gnment: other
create
nment: list of
Refer to "
nment: the au
– Ref
Table 17
ttributes
e
c attribute
rchical to:
ndencies:
ment: The TS
FMT_S
SF shall restri
behaviour of] t
ne the behavio
able
f functions]
of security
No oth
FDP_A
FMT_S
FMT_S
SF shall enfor
default, query
ent: list of secu
_default, query
dify, delete, [
operations]
f security attrib
Security attri
uthorised ident
fer to " Autho
- Managem
Operation
query
create,delete
query
create,modify
e initializat
No oth
FMT_
FMT_
SF shall enfor
60
SMF.1 Sp
ict the ability t
the functions
our of, disable
attributes
er component
ACC.1 Su
SMR.1 Se
SMF.1 Sp
rce the User D
y, modify, dele
urity attribute
y, modify, dele
[assignment:
butes]
ibutes " in Ta
tified roles]
orised role(s)"
ment of secu
y,delete
ion
her componen
_MSA.1 M
_SMR.1 Se
rce the User D
pecification o
to [selection:
[assignment:
e, enable, mod
ts.
ubset access c
ecurity roles
pecification o
Data Access C
ete, [assignme
s] to [assignm
ete, [assignme
other operati
able 17 - Man
" in Table 17
urity attribu
Authorised r
U.ADMIN,
the owning U
U.ADMIN
U.ADMIN
U.ADMIN
nts.
Management of
ecurity roles
Data Access C
D
Copyrig
f Managemen
determine the
list of function
dify the behavi
control
f Managemen
Control SFP t
ent: other oper
ment: the autho
ent: other oper
ons]
nagement secu
- Manageme
utes
role(s)
U.NORMAL
f security attri
Control SFP t
Date of Issue: 2
ght Canon Inc
nt Functions
e behaviour of
ns] to U.ADM
iour of]
nt Functions
to restrict the
rations]] the s
orised identifi
rations]]
urity attribute
ent security at
ibutes
to provide [se
2022/07/27
c. 2021
f, disable,
MIN.
ability to
security
ied roles].
es
ttributes
lection,
FMT_MSA
FMT_MT
FMT_MTD
FMT_SM
FMT_SMF
choose
attribu
[select
–
A.3.2 Refinem
initial
[select
–
TD.1 Mana
Hierar
Depend
D.1.1 Refinem
specifi
Data
User passw
Audit log
Date/Time
IPSec setti
TLS setting
Auto Reset
Lockout po
Password p
Audit log e
Firmware
MF.1 Spec
Hierar
Depen
F.1.1: The
e one of: restr
utes that are us
tion, choose o
restrictive
ment: The TS
values to over
tion: U.ADMI
no role
agement o
rchical to:
dencies:
ment: The TS
ied TSF Data
Table
word
e setting
ngs
gs
t Time setting
olicy settings
policy setting
export setting
cification o
rchical to:
ndencies:
e TSF shall be
rictive, permis
sed to enforce
one of: restrict
SF shall allow
rride the defau
IN, no role]
of TSF data
No oth
FMT_S
FMT_S
SF shall restri
a to the roles
18- Device
g
s
gs
gs
of Managem
No oth
No dep
e capable of pe
61
ssive, [assignm
the SFP.
tive, permissiv
w the [selection
ult values whe
a
er component
SMR.1 Se
SMF.1 Sp
ict the ability t
specified in T
manageme
Operation
create, delet
modify
query
modify
query, modi
query, modi
query, modi
query, modi
query, modi
query, modi
modify
ment Func
her componen
pendencies.
erforming the
ment: other pr
ve, [assignme
n: U.ADMIN,
en an object o
ts.
ecurity roles
pecification o
to perform th
Table 18.
ent Function
te
ify
ify
ify
ify
ify
ify
ctions
nts.
following ma
D
Copyrig
roperty]] defau
nt: other prop
N, no role] to s
or information
f Managemen
he specified o
n
Authorised r
U.ADMIN
U.ADMIN,
the owning
U.ADMIN
U.ADMIN
U.ADMIN
U.ADMIN
U.ADMIN
U.ADMIN
U.ADMIN
U.ADMIN
U.ADMIN
anagement fun
Date of Issue: 2
ght Canon Inc
ult values for
perty]]
pecify alterna
is created.
nt Functions
operations on
role(s)
U.NORMAL
nctions: [assig
2022/07/27
c. 2021
security
ative
the
L
gnment:
FMT_SM
FMT_SMR
FMT_SMR
6.2.7 C
There are n
6.2.8 C
FPT_KY
FPT_KYP
FPT_SK
FPT_SKP_
FPT_STM
list of m
[assign
–
MR.1 Secu
Hierar
Depen
R.1.1 Refinem
R.1.2 The T
Class FPR
no class FPR
Class FPT:
YP_EXT.1 E
Hierar
Depen
P_EXT.1.1 Re
specifi
KP_EXT.1 E
Hierar
Depen
_EXT.1.1The
M.1 Relia
management f
nment: list of
Refer to T
Ta
Managem
User Man
Date/Tim
IPSec sett
TLS settin
Auto Rese
Lockout p
Password
Audit log
Trusted U
urity roles
rchical to:
ndencies:
ment: The TS
SF shall be a
: Privacy
R requirement
: Protection
Extended:
rchical to:
ndencies:
efinement:
ied by FCS_K
Extended:
rchical to:
ndencies:
e TSF shall pr
able time s
functions prov
f management f
able 19.
ble 19– Man
ment Function
negement Fun
me setting Man
tings Manege
ngs Manegem
et Time settin
policy setting
d policy settin
Manegemen
Update Maneg
No oth
FIA_U
SF shall main
able to associa
s.
n of the TS
Protect
No oth
No dep
The TSF
KYC_EXT.1 in
Protect
No oth
No dep
revent reading
stamps
62
vided by the T
functions pro
nagement F
ns
nction
negement Fun
ement Functio
ment Function
ng Manegeme
gs Manegeme
ngs Manegem
nt Function
gement Funct
her componen
UID.1 Ti
ntain the roles
ate users with
SF
tion of Key
her componen
pendencies.
shall not store
n any Field-R
tion of TSF
her componen
pendencies.
g of all pre-sha
TSF].
vided by the T
unctions
nction
on
n
ent Function
nt Function
ment Function
tion
nts.
iming of ident
U.ADMIN, U
h roles.
y and Key
nts.
e plaintext key
Replaceable N
F Data
nts.
ared keys, sym
D
Copyrig
TSF]
tification
U.NORMAL
Material
ys that are par
Nonvolatile St
mmetric keys,
Date of Issue: 2
ght Canon Inc
rt of the keych
torage Device
and private k
2022/07/27
c. 2021
hain
e.
eys.
FPT_STM
FPT_TST
FPT_TST_
FPT_TU
FPT_TUD
FPT_TUD
FPT_TUD
6.2.9 C
There are n
6.2.10 C
FTA_SS
FTA_SSL.
Hierar
Depen
M.1.1 The TS
T_EXT.1
Hierar
Depen
_EXT.1.1The
the cor
D_EXT.1
Hierar
Depend
D_EXT.1.1
version
D_EXT.1.2
TOE f
D_EXT.1.3
using a
installi
[select
–
Class FRU
no class FRU
Class FTA:
L.3 (LUI)
Hierar
Depen
.3.1 (LUI)
user in
[assign
–
rchical to:
ndencies:
SF shall be ab
Exten
rchical to:
ndencies:
e TSF shall ru
rrect operation
Exten
rchical to:
dencies:
The TS
n of the TOE
The TS
firmware/softw
The TS
a digital signa
ing those upda
tion: publishe
no other fu
: Resource
U requirement
: TOE Acce
TSF-
rchical to:
ndencies:
The TS
nactivity].
nment: time in
User inacti
No oth
No dep
ble to provide
nded: TSF
No oth
No dep
un a suite of se
n of the TSF.
nded: Trus
No oth
FCS_C
generat
FCS_C
SF shall provi
firmware/soft
SF shall provi
ware.
SF shall provi
ature mechanis
ates.
ed hash, no oth
unctions
e Utilization
ts.
ess
initiated te
No oth
No dep
SF shall termi
nterval of user
ivity at the co
63
her componen
pendencies.
reliable time
F testing
her componen
pendencies.
elf-tests during
sted Upda
er component
COP.1(b) Cryp
tion/verificatio
COP.1(c) Cryp
ide authorized
tware.
ide authorized
ide a means to
sm and [select
her functions]
n
ermination
her componen
pendencies.
inate an intera
r inactivity]
ontrol panel l
nts.
stamps.
nts.
g initial start-u
te
ts.
ptographic Op
on),
ptographic ope
d administrato
d administrato
o verify firmw
tion: publishe
n
nts.
active session
asting for the
D
Copyrig
up (and power
peration (for si
eration (Hash
ors the ability t
ors the ability t
ware/software u
ed hash, no oth
after a [assign
e specified pe
Date of Issue: 2
ght Canon Inc
r on) to demon
ignature
Algorithm).
to query the c
to initiate upd
updates to the
her functions]
nment: time in
eriod of time
2022/07/27
c. 2021
nstrate
urrent
dates to
e TOE
prior to
nterval of
FTA_SS
FTA_SSL.
6.2.11 C
FTP_ITC
FTP_ITC.
FTP_ITC.
FTP_ITC.
FTP_TR
L.3 (RUI)
Hierar
Depen
.3.1 (RUI)
user in
[assign
–
Class FTP:
C.1 Inter-
Hierar
Depend
.1.1 Refineme
trusted
follow
is logic
end po
the ch
[select
–
[select
–
[assig
–
.1.2 Refineme
commu
.1.3 Refineme
of serv
[assign
P.1(a) Tru
Hierar
Depend
TSF-
rchical to:
ndencies:
The TS
nactivity].
nment: time in
User inacti
: Trusted P
-TSF trust
rchical to:
dencies:
ent: The TS
d communica
wing capabilit
cally distinct f
oints and prote
hannel data.
tion: IPsec, S
IPsec
tion: authenti
[assignmen
gnment: other
File server
ent: The TS
unication via
ent: The TS
vices for whic
nment: list of
– Sen
usted path
rchical to:
dencies:
initiated te
No oth
No dep
SF shall termi
nterval of user
ivity at the R
Paths/Chan
ed channe
No oth
[FCS_I
FCS_T
FCS_S
FCS_H
SF shall use [
ation channel b
ies: [selection
from other co
ection of the c
SSH, TLS, TL
tication server
nt: other cap
capabilities]
r, Audio log s
SF shall perm
the trusted ch
SF shall initia
ch the TSF is
f services for w
nd service, Au
h (for Adm
No oth
[FCS_I
64
ermination
her componen
pendencies.
inate an intera
r inactivity]
Remote UI las
nnels
el
er component
IPSEC_EXT.1
TLS_EXT.1 Ex
SSH_EXT.1 E
HTTPS_EXT.1
selection: IPs
between itself
n: authenticat
mmunication
channel data fr
LS/HTTPS]
r, [assignmen
abilities]
server, Time s
mit the TSF, or
hannel
ate communica
able to initiat
which the TSF
udit log servic
inistrators
er component
IPSEC_EXT.1
n
nts.
active session
ting for the sp
ts.
1 Extended: IP
xtended: TLS
xtended: SSH
1 Extended: H
sec, SSH, TLS
f and authoriz
tion server, [a
channels and
rom disclosur
t: other capab
server
r the authoriz
ation via the tr
te communica
F is able to in
ce, Time serv
s)
ts.
1 Extended: IP
D
Copyrig
after a [assign
pecified perio
Psec selected,
selected, or
H selected, or
HTTPS selecte
S, TLS/HTTP
zed IT entitie
assignment: o
provides assu
re and detecti
bilities]]
zed IT entitie
rusted channe
ations].
nitiate commu
vice
Psec selected,
Date of Issue: 2
ght Canon Inc
nment: time in
od of time
, or
ed].
PS] to provide
es supporting
other capabilit
ured identifica
ion of modifi
es, to initiate
el for [assignm
unications]
, or
2022/07/27
c. 2021
nterval of
e a
the
ties]] that
ation of its
cation of
ment: list
FTP_TRP
FTP_TRP
FTP_TRP
FTP_TR
FTP_TRP
FTP_TRP
initiate co
FTP_TRP
user auth
6.3 Se
Table 20 li
EAL1 augm
Assuranc
.1.1(a) Refine
TLS/H
admin
identif
detect
[select
–
.1.2(a) Refine
trusted
.1.3(a) Refine
authen
P.1(b) Tru
Hierar
Depend
.1.1(b) Refine
TLS/H
logical
points
of the
[select
–
P.1.2(b) Ref
ommunicat
[select
–
P.1.3(b) Ref
hentication
ecurity Ass
ists the Securi
mented by A
ce class
ement:The TS
HTTPS] to pr
nistrators that
fication of its e
tion of modifi
tion, choose a
IPsec, TLS
ement:The TS
d path
ement:The TS
ntication and
usted path
rchical to:
dencies:
ement:
HTTPS] to pro
lly distinct fro
and protectio
communicat
tion, choose a
IPsec
finement:
tion via the
tion: the TSF,
remote use
finement:
and all rem
surance Re
ity Assurance
ASE_SPD.1.
Table 20-TO
FCS_T
FCS_S
FCS_H
SF shall use [
rovide a truste
t is logically d
end points and
ication of the
at least one of
S/HTTPS
SF shall perm
SF shall requi
d all remote a
h (for Non-
No oth
[FCS_I
FCS_T
FCS_S
FCS_H
The TSF
ovide a truste
om other comm
n of the comm
ted data.
at least one of
The TSF
trusted pat
F, remote users
ers
The TSF
mote user ac
equirement
Requirement
OE Security
Assuran
65
TLS_EXT.1 Ex
SSH_EXT.1 E
HTTPS_EXT.1
selection, cho
ed communic
distinct from o
d protection o
communicat
f: IPsec, SSH
mit remote adm
ire the use of t
administration
-administra
er component
IPSEC_EXT.1
TLS_EXT.1 Ex
SSH_EXT.1 E
HTTPS_EXT.1
shall use [sele
ed communica
munication pa
municated data
f: IPsec, SSH
F shall per
th
s]
F shall requ
ctions.
ts
s for Protectio
y Assuranc
nce compone
xtended: TLS
xtended: SSH
1 Extended: H
oose at least o
ation path bet
other commun
of the commun
ted data.
H, TLS, TLS/H
ministrators t
the trusted pat
n actions.
ators)
ts.
1 Extended: IP
xtended: TLS
xtended: SSH
1 Extended: H
ection, choos
ation path betw
aths and provi
a from disclos
H, TLS, TLS/H
mit [selecti
uire the use
on Profile for
ce Requirem
ents
D
Copyrig
selected, or
H selected, or
HTTPS selecte
one of: IPsec,
tween itself an
nication paths
nicated data fr
HTTPS]
to initiate com
th for initial a
Psec selected,
selected, or
H selected, or
HTTPS selecte
e at least one
ween itself an
des assured id
sure and dete
HTTPS]
ion: the TS
e of the trus
r Hardcopy D
ments
Date of Issue: 2
ght Canon Inc
ed].
, SSH, TLS,
nd remote
and provides
rom disclosur
mmunication v
administrator
, or
ed].
of: IPsec, SS
nd remote use
dentification o
ection of mod
SF, remote u
sted path fo
Devices, an
2022/07/27
c. 2021
assured
re and
via the
r
SH, TLS,
rs that is
of its end
dification
users] to
or initial
nd related
Assuranc
ADV: De
AGD: Gu
ALC: Lif
ASE: Sec
ATE: Te
AVA: Vu
6.4 Se
6.4.1 T
This sectio
Funct
Requir
FAU_GEN.
FAU_GEN.2
FAU_SAR.1
FAU_SAR.2
FAU_STG.1
FAU_STG.4
FAU_STG_
FCS_CKM.
FCS_CKM.
ce class
evelopment
uidance doc
fe-cycle sup
curity Targ
sts
ulnerability
ecurity func
The depen
on provides th
T
tional
rement
1
2
1
2
1
4
_EXT.1
1(a)
1(b)
cuments
port
get evaluatio
assessmen
ctional req
dencies of
he justificatio
able 21- The
Dependenc
by
FPT_STM.1
FAU_GEN.1
FIA_UID.1
FAU_GEN.1
FAU_SAR.1
FAU_GEN.1
FAU_STG.1
FAU_GEN.1
FTP_ITC.1
FCS_COP.1(b
FCS_CKM_EX
[FCS_COP.1(a
or FCS_COP.1
or FCS_COP.1
or FCS_COP.1
or FCS_COP.1
or FCS_COP.1
Assuran
ADV_F
AGD_O
AGD_P
ALC_C
ALC_C
on ASE_C
ASE_E
ASE_IN
ASE_O
environ
ASE_R
ASE_S
ASE_T
ATE_IN
nt AVA_V
uirements
f security re
on for any dep
e dependen
cies required
CC
)
XT.4
a),
1(d),
1(e),
1(f),
1(g),
1(h)]
66
nce compone
FSP.1 Basic
OPE.1 Oper
PRE.1 Prepa
CMC.1 Labe
CMS.1 TOE
CCL.1 Confo
ECD.1 Exten
NT.1 ST int
OBJ.1 Secu
nment
REQ.1 State
SPD.1 Secur
TSS.1 TOE s
ND.1 Indep
VAN.1 Vuln
rationale
equiremen
pendencies no
cies of sec
d Depende
b
FPT_STM.
FAU_GEN
FIA_UID.1
FAU_GEN
FAU_SAR
FAU_GEN
FAU_STG
FAU_GEN
FTP_ITC.1
FCS_COP.
FCS_CKM
FCS_COP.
FCS_COP.
FCS_COP.
FCS_CKM
FCS_RBG_
ents
c functional
rational use
arative proc
elling of the
CM covera
ormance cla
nded compo
troduction
urity objec
ed security r
rity problem
summary sp
pendent test
nerability su
nts
ot met
urity requir
encies satisfie
by ST
.1
N.1
1
N.1
R.1
N.1
G.1
N.1
1
.1(b)
M_EXT.4
.1(a)
.1(d)
.1(g)
M_EXT.4
_EXT.1(networ
D
Copyrig
specificatio
er guidance
cedures
TOE
ge
aims
onents defin
ctives for
requiremen
m definition
pecification
ting – Confo
urvey
rements
ed Reason
d
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
rk)
N/A (dep
satisfied)
Date of Issue: 2
ght Canon Inc
on
nition
the oper
nts
ormance
n for not me
dependencies
pendencies are
pendencies are
pendencies are
pendencies are
pendencies are
pendencies are
pendencies are
pendencies are
pendencies are
2022/07/27
c. 2021
rational
eeting
s
Funct
Requir
FCS_CKM_
FCS_CKM.4
FCS_COP.1
FCS_COP.1
FCS_COP.1
FCS_COP.1
FCS_COP.1
FCS_COP.1
FCS_COP.1
FCS_HTTPS
FCS_IPSEC
FCS_KYC_
FCS_RBG_E
(network)
FCS_RBG_E
FCS_SMC_
FCS_TLS_E
tional
rement
_EXT.4
4
(a)
(b)(update)
(b)(tls)
(b)(ipsec)
(c)
(d)
(g)
S_EXT.1
C_EXT.1
_EXT.1
EXT.1
EXT.1(ssd)
_EXT.1
EXT.1
Dependenc
by
FCS_CKM_EX
FCS_RBG_EX
[FCS_CKM.1(
or FCS_CKM.
FCS_CKM.4
[FCS_CKM.1(
or FCS_CKM.
FCS_CKM.1(b
FCS_CKM_EX
FCS_CKM.1(a
FCS_CKM_EX
FCS_CKM.1(a
FCS_CKM_EX
FCS_CKM.1(a
FCS_CKM_EX
No dependenci
FCS_CKM.1(b
FCS_CKM_EX
FCS_CKM.1(b
FCS_CKM_EX
FCS_TLS_EX
FIA_PSK_EX
FCS_CKM.1(a
FCS_COP.1(a)
FCS_COP.1(b
FCS_COP.1(c)
FCS_COP.1(g
FCS_RBG_EX
[FCS_COP.1(e
or FCS_SMC_
or FCS_COP.1
or FCS_KDF_
and/or FCS_CO
No dependenci
No dependenci
FCS_COP.1(c)
FCS_CKM.1(a
cies required
CC
XT.4
XT.1
(a)
.1(b)]
(a)
.1(b)]
b)
XT.4
a)
XT.4
a)
XT.4
a)
XT.4
ies
b)
XT.4
b)
XT.4
XT.1
T.1
a)
)
)
)
)
XT.1
e),
_EXT.1,
1(f),
_EXT.1,
OP.1(i)]
ies
ies
)
a)
67
d Depende
b
FCS_RBG_
FCS_CKM
FCS_CKM
FCS_CKM
FCS_CKM
FCS_CKM
FCS_CKM
FCS_CKM
No depend
FCS_CKM
FCS_CKM
FCS_CKM
FCS_CKM
No depend
FCS_CKM
FCS_CKM
FCS_CKM
FCS_CKM
FCS_TLS_
FIA_PSK_
FCS_CKM
FCS_COP.
FCS_COP.
FCS_COP.
FCS_COP.
FCS_RBG_
k)
FCS_SMC
No depend
No depend
FCS_COP.
FCS_CKM
encies satisfie
by ST
_EXT.1(ssd)
M.1(a)
M.1(b)
M.4
M.1(a)
M.1(b)
M.1(b)
M_EXT.4
dencies
M.1(a)
M_EXT.4
M.1(a)
M_EXT.4
dencies
M.1(b)
M_EXT.4
M.1(b)
M_EXT.4
_EXT.1
_EXT.1
M.1(a)
.1(a)
.1(b) (ipsec)
.1(c)
.1(g)
_EXT.1(netwo
_EXT.1
dencies
dencies
.1(c)
M.1(a)
D
Copyrig
ed Reason
d
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
FCS_CKM
because:
Since onl
performed
embedded
generatio
the encry
unnecess
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (no d
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
or
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (no d
N/A (no d
N/A (dep
satisfied)
N/A (dep
Date of Issue: 2
ght Canon Inc
n for not me
dependencies
pendencies are
pendencies are
pendencies are
M.4 are not cla
ly the verificati
d with the publ
d in advance,
on and destruct
yption key are
ary.
pendencies are
pendencies are
dependencies)
pendencies are
pendencies are
pendencies are
pendencies are
pendencies are
dependencies)
dependencies)
pendencies are
pendencies are
2022/07/27
c. 2021
eeting
s
aimed
on is
lic key
tion of
Funct
Requir
FDP_ACC.1
FDP_ACF.1
FDP_DSK_E
FDP_FXS_E
FIA_AFL.1
FIA_ATD.1
FIA_PMG_E
FIA_PSK_E
FIA_UAU.1
FIA_UAU.7
FIA_UID.1
FIA_USB.1
FMT_MOF.
FMT_MSA.
FMT_MSA.
FMT_MTD.
FMT_SMF.
FMT_SMR.
FPT_KYP_E
FPT_SKP_E
FPT_STM.1
FPT_TST_E
FPT_TUD_E
tional
rement
1
1
EXT.1
EXT.1
EXT.1
EXT.1
1
7
.1
.1
.3
.1
1
1
EXT.1
EXT.1
1
EXT.1
EXT.1
Dependenc
by
FCS_COP.1(a)
FCS_COP.1(b
FCS_COP.1(c)
FCS_COP.1(g
FCS_RBG_EX
FDP_ACF.1
FDP_ACC.1
FMT_MSA.3
FCS_COP.1(d
No dependenci
FIA_UAU.1
No dependenci
No dependenci
FCS_RBG_EX
FIA_UID.1
FIA_UAU.1
No dependenci
FIA_ATD.1
FMT_SMR.1
FMT_SMF.1
FDP_ACC.1
FMT_SMR.1
FMT_SMF.1
FMT_MSA.1
FMT_SMR.1
FMT_SMR.1
FMT_SMF.1
No dependenci
FIA_UID.1
No dependenci
No dependenci
No dependenci
No dependenci
FCS_COP.1(b
FCS_COP.1(c)
cies required
CC
)
)
)
)
XT.1
d)
ies
ies
ies
XT.1
ies
ies
ies
ies
ies
ies
)
)
68
d Depende
b
FCS_COP.
FCS_COP.
FCS_COP.
FCS_COP.
FCS_RBG_
k)
FDP_ACF.
FDP_ACC
FMT_MSA
FCS_COP.
No depend
FIA_UAU.
No depend
No depend
No depend
FIA_UID.1
FIA_UAU.
No depend
FIA_ATD.
FMT_SMR
FMT_SMF
FDP_ACC
FMT_SMR
FMT_SMF
FMT_MSA
FMT_SMR
FMT_SMR
FMT_SMF
No depend
FIA_UID.1
No depend
No depend
No depend
No depend
FCS_COP.
FCS_COP.
encies satisfie
by ST
.1(a)
.1(b)(tls)
.1(c)
.1(g)
_EXT.1(netwo
.1
.1
A.3
.1(d)
dencies
.1
dencies
dencies
dencies
1
.1
dencies
1
R.1
F.1
.1
R.1
F.1
A.1
R.1
R.1
F.1
dencies
1
dencies
dencies
dencies
dencies
.1(b) (update)
.1(c)
D
Copyrig
ed Reason
d
or
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (no d
N/A (dep
satisfied)
N/A (no d
N/A (no d
FCS_RBG
claimed b
Not requi
selected i
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (no d
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (no d
N/A (dep
satisfied)
N/A (no d
N/A (no d
N/A (no d
N/A (no d
N/A (dep
satisfied)
Date of Issue: 2
ght Canon Inc
n for not me
dependencies
pendencies are
pendencies are
pendencies are
dependencies)
pendencies are
dependencies)
dependencies)
G_EXT.1 is no
because:
ired because it i
in SFR.
pendencies are
pendencies are
dependencies)
pendencies are
pendencies are
pendencies are
pendencies are
pendencies are
dependencies)
pendencies are
dependencies)
dependencies)
dependencies)
dependencies)
pendencies are
2022/07/27
c. 2021
eeting
s
t
is not
Funct
Requir
FTA_SSL.3
FTA_SSL.3
FTP_ITC.1
FTP_TRP.1(
FTP_TRP.1(
tional
rement
(LUI)
(RUI)
(a)
(b)
Dependenc
by
No dependenci
No dependenci
[FCS_IPSEC
or FCS_TLS_E
or FCS_SSH_E
or FCS_HTTP
[FCS_IPSEC_
or FCS_TLS_E
or FCS_SSH_E
or FCS_HTTP
[FCS_IPSEC_
or FCS_TLS_E
or FCS_SSH_E
or FCS_HTTP
cies required
CC
ies
ies
_EXT.1,
EXT.1,
EXT.1,
PS_EXT.1]
_EXT.1,
EXT.1,
EXT.1,
PS_EXT.1]
_EXT.1,
EXT.1,
EXT.1,
PS_EXT.1]
69
d Depende
b
No depend
No depend
FCS_IPSE
FCS_IPSE
FCS_TLS_
FCS_HTTP
FCS_IPSE
encies satisfie
by ST
dencies
dencies
C_EXT.1
C_EXT.1
_EXT.1
PS_EXT.1
C_EXT.1
D
Copyrig
ed Reason
d
N/A (no d
N/A (no d
N/A (dep
satisfied)
N/A (dep
satisfied)
N/A (dep
satisfied)
Date of Issue: 2
ght Canon Inc
n for not me
dependencies
dependencies)
dependencies)
pendencies are
pendencies are
pendencies are
2022/07/27
c. 2021
eeting
s
7 TOE
7.1 Us
– Sup
FIA
To identify
before the
job is inpu
performed
User authe
–
For user au
authenticat
password t
remote UI.
The TOE m
authenticat
FIA_USB
The
TO
E
pro
vide
s a
lockout fun
The
lock
out
func
tion
can
be
set
only by U.
The follow
out.
– Ac
an
att
– Th
co
TOE has a
inactivity.
Op
pan
Re
Op
pan
Re
E Summar
ser Authen
pported fun
A_USB.1, FIA
y and authent
user operates
ut, identificati
d. However, su
entication sup
Internal Au
Authenticat
uthentication,
tion succeeds
text area at th
. [FIA_UAU
maintains use
ted, the attrib
.1]
nction in orde
.ADMIN. Th
wing condition
ccumulate th
nd lock out th
tempts is reac
he lockout tim
onfigured lock
an automatic l
The administ
peration
nel:
mote UI:
peration
nel:
mote UI:
ry specific
tication Fu
nctional req
A_AFL.1, FT
ticate a legitim
s the digital m
ion authentica
ubmission of
pports the foll
uthentication
tion is based o
, the TOE pro
s only if the u
he time of pas
U.7]
er names and
bute is allocat
er to minimiz
e operation is
ns can be set
he number of
he account tha
ched. The allo
me is set to
kout time.
logout functio
trator can set
– Settings/R
Managem
Register/E
– Settings/R
Authentic
– Settings/R
Settings >
– Settings/R
Authentic
cation
unction
quirements:
TA_SSL.3(L
mate user, the
multifunction
ation of a use
f a fax receivi
lowing authen
on user inform
ompts input o
user name and
ssword input
roles as attrib
ted by issuing
ze invalid log
s as follows
for the locko
f failed login
at failed to lo
owable numb
3 or grater o
on that autom
t the automati
Registration >
ment > Authen
Edit Authenti
Registration >
cation Manag
Registration >
> Authenticat
Registration >
cation/Passwo
70
FIA_UAU.
LUI), FTA_S
e TOE requir
device in an
er requested th
ing job is perm
ntication met
mation regist
of the user na
d password m
is displayed a
butes for the
g an access co
gin attempts. [
out function. I
attempts from
og in and den
ber of login at
out of 1 - 60
matically logs
ic logout time
> Device Sett
ntication Man
ication User
> Managemen
gement
> Device Sett
tion/Password
> Managemen
ord Settings >
.1, FIA_UID
SL.3(RUI)
res identificat
operation pa
hrough a prin
mitted. [FIA_
thods:
tered in the de
me, password
matches the on
as "*" in the o
user. If the u
ontrol token (
[FIA_AFL.1
If the conditio
m the operati
ny login when
ttempts is set
0. The user is
out a logged
e by setting th
tings > Manag
nagement > U
nt Settings >
tings > Manag
d Settings > A
nt Settings >
> Authenticat
D
Copyrig
D.1, FIA_U
tion and authe
anel or a remo
nter driver on
_UAU.1, FIA
evice.
d, and the log
ne at the spec
operation pan
ser's identity
(ACT) for eac
]
ons are met, t
ion panel/rem
n the set num
t to 3 or less o
s not allowed
d-in user after
he Auto Rese
gement Settin
Use User Auth
User Manage
gement Settin
Authenticatio
Security Sett
tion Function
Date of Issue: 2
ght Canon Inc
UAU.7, FIA
entication of
ote UI. When
a client PC i
A_UID.1]
gin destination
cified destinat
nel and "●"
is successful
ch user.[FIA_
the account is
mote UI/print
mber of allowa
out of 1 - 10.
d to log in d
r a specified p
et Time when
ngs > User
hentication >
ement >
ngs > Securit
on Function S
tings >
n Settings>
2022/07/27
c. 2021
A_ATD.1,
the user
a print
is
n. User
tion. The
" in the
lly
_ATD.1,
s locked
ter driver,
able login
during the
period of
n logging
>
y
ettings>
in from the
[FTA_SSL
The
auto
mati
c
logo
ut
time
setti
ngs
can
be
set
only
by U.ADM
The follow
is logged o
–
The
sess
ion
setti
ngs can be
The follow
account is
–
7.2 Ac
The TOE h
function, s
–
–
–
–
–
The TOE p
assigned to
authenticat
7.2.1 P
Op
pan
Re
Re
e operation pa
L.3(RUI)]
MIN. The ope
wing condition
out.
At the contr
from 10 seco
e set only by U
wing condition
logged out.
When the ti
operating the
ccess Cont
has the follow
scan function,
print functio
scanning fu
copy functi
fax functio
function
document s
performs thes
o the user acc
ted.
Print proce
peration
nel:
mote UI:
mote UI:
anel or by ses
eration is as fo
ns can be set
rol panel, ses
onds to 9 min
U.ADMIN. T
ns can be set
imeout perio
e Remote UI
trol Functio
wing access c
, copy functio
on: print proc
unction: scan
on: copy proc
on: Fax tran
tore and retri
se access con
cording to the
ess control
– Settings/R
Auto Rese
– Settings/R
Restrict A
– Settings/R
Settings >
– Settings/R
Time
– Settings/R
ssion settings
ollows
for the autom
ssion timeout
nutes can be s
The operation
for the sessio
d set by the
. Choose from
on
control functio
on, fax functi
cess control f
process contr
cess control f
smission pro
ieve function
ntrol functions
e contents of t
l function
Registration >
et Time
Registration >
Auto Reset Ti
Registration >
> Auto Reset
Registration >
Registration >
71
s when loggin
matic logout f
t occurs after
specified (Init
n is as follows
on manageme
session man
m 15 to 150 m
ons for jobs a
ion, and docu
function
rol function
function
ocess control
: document st
s by identifyi
the ACT issu
> Device Sett
> Device Sett
ime
> Preferences
Time
> Preferences
> Preferences
ng in from the
function. If th
r a specified
tial value: 2 m
s
ent function.
nagement set
minutes (Initi
and document
ument storage
l function a
tore and retrie
ng the user n
ued to the use
tings > Prefer
tings > Prefer
s > Timer/Ene
s > Timer/Ene
s > Network S
D
Copyrig
e remote UI.
he conditions
period of us
minutes).
If the conditi
tting function
al value: 15 m
ts in jobs pro
e and retrieval
nd fax recep
eve process c
name and iden
r who is iden
rences > Time
rences> Time
ergy Settings
ergy Settings
Settings > Ses
Date of Issue: 2
ght Canon Inc
[FTA_SSL.3
are met, the
ser inactivity
ions are met,
n has elapsed
minutes).
ocessed by the
l function of
ption proces
control functi
ntifying the ro
ntified and
er/Energy Se
er/Energy Set
> Power Sav
> Restrict Au
ssion Settings
2022/07/27
c. 2021
3(LUI)]
account
. A value
the
d without
e print
the TOE.
ss control
on
ole
ttings >
ttings >
ve
uto Reset
s
– Sup
TOE provi
jobs is init
change the
When a pr
determines
access con
[Submit a
TOE allow
printed and
The metho
held by the
- The us
user u
user au
sent if
[View ima
TOE allow
printed out
The metho
- If a use
display
- The pr
- The da
TOE does
output.
[View prin
TOE allow
The metho
- Job ow
check
the job
of the
maske
- If a Job
display
- U.ADM
jobs th
pported func
ides the follow
tialized with t
e user name a
rint job is exe
s the owner o
ntrol.
a document t
w all authentic
d to create pr
od for inputtin
e print functio
ser executes p
ses the user a
uthentication
f user authent
age or Releas
w Job owner (
tput the imag
od for viewing
er logs in to t
yed.
rint function c
ata held by th
not allow U,A
nt queue / lo
w Job owner o
od for viewing
wner and U.A
the list of job
b log only dis
print job). Fo
ed and cannot
b owner logs
yed.
MIN can log
hat are printin
ctional requir
wing access c
the name of th
assigned to job
cuted, TOE t
of a print job v
o be printed
cated users (J
rint job. TOE
ng print docu
on.
printing via a
authentication
n is successful
tication fails.
se printed ou
(a user whom
ges of digital d
g image or re
the machine a
can display im
he print functi
ADMIN, U.N
g]
or U.ADMIN
g the print qu
ADMIN can lo
bs that are pr
splays the job
or jobs owned
t be viewed in
in to the mac
in to the Rem
ng/waiting to
rements: FD
control functi
he user that g
bs.
temporarily sa
via the user n
, Create prin
Job owner, U
does not allo
uments and cr
printer drive
n function of
l, the print job
utput]
m user name is
documents fo
elease printed
and selects <P
mages for the
ion can be pri
NORMAL or
N to view prin
ueue / log is in
og in to the co
rinting/waitin
bs that the use
d by other use
n the print qu
chine and sele
mote UI and u
be printed or
72
DP_ACC.1, F
ion for the pr
generated the
aves it withou
name assigned
nt job]
.ADMIN or U
ow Unauthent
reating print j
er from a clien
the printer dr
b is sent with
s same as use
or print jobs t
d output is ind
Print>, the lis
e held data.
inted.
r Unauthentic
nt queue / log.
ndicated belo
ontrol panel a
g to be printe
er owns (whe
ers, informati
ueue / log.
ects <Print>,
use the [Statu
r check the jo
FDP_ACF.1,
rint process. T
job when the
ut printing im
d to the print
U.NORMAL
ticated users.
obs is indicat
nt PC. User a
river to log in
h the user nam
e name of the
that are tempo
dicated below
st of data held
ated users to
.
ow.
and use the <
ed or check th
en the name o
ion such as jo
the list of da
us Monitor/Ca
ob log.
D
Copyrig
FMT_MSA
The user nam
e job is gener
mmediately. F
job, and perf
) to submit a
ted below. Th
authentication
n to the mach
me assigned. T
print job) to
orarily saved.
w.
d for the logg
view image o
Status Monit
he job log. Ho
of the user ma
ob names and
ata held for th
ancel] screen
Date of Issue: 2
ght Canon Inc
A.3
me assigned to
rated. No user
Furthermore,
forms the foll
document to
he data for pr
n is performed
ine when prin
The print job
view image o
.
ged in user is
or to release p
tor/Cancel> s
owever, for J
atches the use
d user names
he logged in u
to check the
2022/07/27
c. 2021
o print
rs can
TOE
lowing
be
rinting is
d when a
nting. If
is not
or release
printed
creen to
Job owner,
er name
are
user is
list of
TOE does
[Modify st
TTOE allo
The metho
- If a use
The im
- If a use
If you
TOE does
Modify pri
[Delete sto
TOE allow
The metho
- If a Job
display
docum
- You ca
print d
and pr
- U.ADM
[Statu
TOE does
7.2.2 S
– Sup
TOE provi
jobs is init
user can ch
Scan job h
respectivel
[Delayed s
When a sc
sending it
[Preview]
not allow U.N
tored docum
ow Job owner
od for modify
er logs in to t
mage view fun
er logs in to t
select a job,
not allow U,A
int job.
ored docume
w Job owner o
od for deleting
b owner logs
yed. The job
ments.
an log in to th
documents. Jo
rint document
MIN can log
s Monitor/Ca
not allow U.N
Scan proce
pported func
ides the follow
tialized with t
hange the use
has a function
ly.
scan]
an job with th
until the spec
NORMAL or
ment, Modify
r to modify st
ying print doc
the machine a
nction of the
the machine a
you can chan
ADMIN, U.N
ent, Cancel p
or U.ADMIN
g stored docu
in to the mac
deletion func
he machine an
ob owner can
ts of all users
in to the Rem
ancel] screen.
NORMAL or
ess contro
ctional requir
wing access c
the name of th
er name assig
n for temporar
he Delayed sc
cified time.
r Unauthentic
y print job]
tored docume
cument and m
and selects <P
print functio
and selects <P
nge the job co
NORMAL or
print job]
N to delete sto
ument and can
chine and acc
ction of the pr
nd select and
n delete the pr
s.
mote UI to de
.
r Unauthentic
l function
rements: FD
control functi
he user that g
gned to the sca
rily saving sc
can mode is e
73
cated users to
ent and modif
modifying prin
Print>, the lis
n can be used
Print>, the lis
onditions (num
r Unauthentic
ored documen
nceling print
cesses <Print>
rint function
d cancel print
rint jobs they
lete the print
cated users to
DP_ACC.1, F
ions for the s
generated the
an document
can jobs, whic
executed, the
o view print q
fy print job.
nt job is indic
st of data held
d to modify (d
st of data held
mber of copie
ated users to
nt and cancel
job is indicat
>, the list of d
can be used t
jobs from the
own and U.A
jobs and prin
o delete stored
FDP_ACF.1,
can process.
job when the
and the scan
ch are [Delay
machine tem
D
Copyrig
queue / log.
cated below.
d for the logg
delete) indivi
d for the logg
es, print rang
Modify store
print job.
ted below.
data held for
to delete all p
e Status Mon
ADMIN can d
nt documents
d document a
FMT_MSA
The user nam
e scan job is g
n job.
yed scan] and
mporarily save
Date of Issue: 2
ght Canon Inc
ged in user is
idual pages.
ged in user is
ge, etc.)
ed document
the job owne
print jobs and
nitor screen to
delete the pri
of all users f
and cancel pri
A.3
me assigned to
generated. Al
[Preview],
es the job wit
2022/07/27
c. 2021
displayed.
displayed.
and
er is
d print
o delete
nt jobs
from the
int job.
o scan
lso, no
thout
The TOE c
immediate
[Submit a
TOE allow
The metho
- Place t
destina
docum
connec
- Place t
press <
job is
specifi
TOE does
[View scan
TOE allow
The metho
- Place t
destina
docum
TOE does
[View scan
TOE allow
The metho
- Log in
Howev
status,
job is
- U.ADM
"Statu
TOE does
[Modify st
TOE allow
can be transm
ely after readi
a document f
w Job owner,
od for submitt
the document
ation and pre
ment is read, a
cted to the TO
the document
<START> bu
generated, th
fied file serve
not allow Un
nned image]
w Job owner t
od for viewing
the document
ation. Enable
ment is scanne
not allow U,A
n status / log
w Job owner,
od for viewing
n to the operat
ver, in the ca
, but details s
displayed in
MIN logs in t
us Monitor/Ca
not allow Un
tored image]
w Job owner t
mitted after th
ing the origin
for scanning,
U.ADMIN o
ting a docum
t on the scann
ess <START>
and image da
OE.
t on the scann
utton. When t
he document i
r from the LA
nauthenticated
to view scann
g scanned im
t on the scann
e the <Preview
ed and the sca
ADMIN, U.N
g]
U.ADMIN o
g scan status
tion panel and
se of U.NOR
uch as the de
the job histor
to the remote
ancel".
nauthenticated
]
to modify sto
he job content
nal when the s
, Create scan
r U.NORMA
ment for scann
ner, log in to
> button. The
ta are stored.
ner, log in to
the fax transm
is read, and im
AN connected
d users to sub
ned image.
mage is indicat
ner, log in to
w> mode in t
anned image
NORMAL or
r U.NORMA
/ log is indica
d check the jo
RMAL, a job l
estination of a
ry.
UI, and the j
d users to vie
red image.
74
ts are preview
scan job with
n job]
AL to submit a
ning and creat
the operation
destination c
After that, it
the operation
mission docum
mage data is s
d to the TOE
bmit a docum
ted below.
the operation
the <Options>
is displayed
r Unauthentic
AL to view sc
ated below.
ob status and
list containin
another user's
job status and
ew scan status
wed and confi
the preview
a document f
ting scan job
n panel, select
can be a file s
t is transmitte
n panel, select
ment is previ
stored. After
.
ment for scann
n panel, select
> settings and
on the touch
ated users to
an status / log
d job history b
ng another use
s job are not d
d job history c
s / log.
D
Copyrig
irmed withou
setting is inp
for scanning a
is indicated b
t <Scan and S
server. A scan
ed to the file s
t <Fax>, sele
ously set to b
that, it is tran
ning and creat
t <Scan and S
d press <STA
panel display
view scanned
g.
by "Send" on
er's job can be
displayed. Al
can be check
Date of Issue: 2
ght Canon Inc
ut transmitting
putted.
and create sca
below.
Send>, select
n job is gener
server from th
ct the recipie
be backed up,
nsmitted to th
te scan job.
Send>, select
ART> button.
y.
d image.
the "Status M
e displayed in
so, only log i
ed by "Send"
2022/07/27
c. 2021
g
an job.
t the
rated, the
he LAN
ent and
, a scan
he
t the
The
Monitor".
n the job
in user's
" on the
The metho
- Place t
destina
docum
touch
TOE does
[Modify sc
TOE allow
The metho
- Select
<Send>
TOE does
[Delete s
TOE allow
The metho
- Place t
and pre
the sen
- Place t
destina
the sen
docume
- Place t
destina
job stat
<Cance
docume
owner c
- U.ADM
screen
TOE does
7.2.3 C
– Sup
TOE provi
od for modify
the document
ation. Enable
ment is scanne
panel display
not allow U,A
can job]
w Job owner o
od for modify
a job from th
> <Job Status
not allow U.N
tored image,
w Job owner o
od for deleting
the originals o
ess <START>
d job.
the originals o
ation. Then en
d document d
ent and the se
the originals o
ation. Then en
tus on the <St
el> to delete t
ents, the scan
can only dele
MIN can log
to delete send
not allow U.N
Copy proce
pported func
ides the follow
ying stored im
t on the scann
e the <Preview
ed and pages
y.
ADMIN, U.N
or U.ADMIN
ying scan job
he screen disp
s>. The destin
NORMAL or
, Cancel scan
or U.ADMIN
g stored imag
on the scanne
>. Press <Can
on the scanne
nable the <Pre
displayed on
end job.
on the scanne
nable the <De
tatus Monitor
the send docu
n document an
ete send jobs
in to the Rem
d documents
NORMAL or
ess contro
ctional requir
wing access c
mage is indica
ner, log in to
w> mode in t
can be delete
NORMAL or
N to modify sc
is indicated b
played by log
nation can be
r Unauthentic
n job]
N to delete sto
ge or cancelin
er, log in to th
ncel> on the s
er, log in to th
eview> mode
the touch pan
er, log in to th
elayed Send>
r> screen afte
ument and sen
nd scan job s
when the nam
mote UI, selec
and send job
r Unauthentic
ol function
rements: FD
control functi
75
ated below.
the operation
the <Options>
ed or moved w
r Unauthentic
can job.
below.
gging in to the
changed by d
cated users to
ored image or
ng scan job is
he machine, s
scanning scre
he machine, s
e in <Options
nel display af
he machine, s
> mode in <Op
er the origina
nd job. When
ent to the bac
me of the user
ct and cancel
s.
cated users to
DP_ACC.1, F
ion for the co
n panel, select
> settings and
while the sca
ated users to
e machine and
displaying <D
o modify scan
cancel scan j
s indicated be
select <Scan a
een to delete t
select [Scan a
s> and press <
fter the origin
select <Scan a
ptions> and p
als are scanne
n the machine
ckup destinati
r matches the
send jobs fro
o delete stored
FDP_ACF.1,
opy process. T
D
Copyrig
t <Scan and S
d press <STA
anned image i
modify store
d pressing <S
Details>.
n job.
job.
elow.
and Send>, s
the scanned s
and Send], an
<START>. S
nals are scann
and Send>, a
press <STAR
d. Select a se
e is set to bac
ion are delete
e user name o
om the [Statu
d image or ca
FMT_MSA
The user nam
Date of Issue: 2
ght Canon Inc
Send>, select
ART> button.
is displayed o
ed image.
Status Monito
elect the dest
send image an
nd select the
top the send j
ned to delete t
and select the
RT>. Display
end job and pr
k up sent fax
ed. However,
of the send job
us Monitor/Ca
ancel scan job
A.3
me assigned to
2022/07/27
c. 2021
t the
The
on the
or>
tination,
nd delete
job with
the send
the send
ress
x
a job
b.
ancel]
b.
o copy
jobs is init
can change
[Submit a
TOE allow
The metho
- Place t
and pre
TOE does
[View scan
TOE allow
The metho
- Place t
from <O
<STAR
TOE does
printed cop
[View co
TOE allow
The metho
- You ca
pressin
in the j
- U.ADM
and clic
TOE does
[Modify st
TOE allow
The metho
- Place t
from <O
tialized with t
e the user nam
a document f
w Job owner,
od for submitt
the originals o
ess <START>
not allow Un
nned image
w Job owner t
od for viewing
the originals o
Options>. Th
RT> button an
not allow U,A
py output.
opy status / lo
w Job owner o
od for view co
an check the j
ng <Status Mo
ob log.
MIN can chec
cking [Status
not allow U.N
tored image]
w Job owner t
od for modify
the originals o
Options>. Pre
the name of th
me assigned t
for copying, C
U.ADMIN o
ting a docum
on the scanne
> button. A co
nauthenticated
or Release p
to view scann
g scanned im
on the scanne
he image can
nd selecting <
ADMIN, U.N
og]
or U.ADMIN
opy status / lo
job status and
onitor> > <Co
ck the job sta
Monitor/Can
NORMAL or
]
to modify sto
ying stored im
on the scanne
ess <START
he user that g
to jobs.
Create copy
r U.NORMA
ment for copyi
er, log in to th
opy job is cre
d users to sub
printed copy
ned image or
mage or releas
er, log in to th
be displayed
<Display Ima
NORMAL or
N to view copy
og is indicate
d job log from
opy/Print>. H
atus and job lo
ncel] > [Copy
r Unauthentic
red image.
mage is indica
er, log in to th
T> and specify
76
generated the
job]
AL to submit a
ng or creating
he machine, a
eated and the
bmit a docum
output]
release printe
ing printed co
he machine, p
by selecting
age> from <E
r Unauthentic
y status / log.
d below.
m the screen d
However, for j
og from the s
y/Print].
cated users to
ated below.
he machine, p
y the page of
job when the
a document f
g copy job is
and select <C
originals are
ment for copyi
ed copy outpu
opy output is
press <Copy>
a job that ha
Edit & Adjust
ated users to
.
displayed by
job owners, o
screen display
o view copy s
press <Copy>
a scanned job
D
Copyrig
e copy job is
for copying or
indicated bel
Copy>. Specif
e scanned.
ing or create
ut.
indicated be
>, and select <
s been scanne
t>.
view scanned
logging in to
only their ow
yed by loggin
status / log.
>, and select <
b to delete th
Date of Issue: 2
ght Canon Inc
generated. N
r create copy
low.
fy the require
copy job.
elow.
<Merge Job B
ed by pressin
d image or re
o the machine
wn jobs are dis
ng in to the R
<Merge Job B
hat page.
2022/07/27
c. 2021
o users
job.
ed settings
Blocks>
ng
elease
e and
splayed
Remote UI
Blocks>
TOE does
[Modify c
TOE does
Therefore,
copy jobs.
[Delete s
TOE allow
The metho
- Place t
owners
image d
- Place t
origina
screen
- U.ADN
screen
TOE does
7.2.4 F
– Sup
TOE provi
assigned to
is generate
Fax send jo
respectivel
[Delayed s
When a fax
sending it
[Preview]
TOE can b
after readin
[Submit a
TOE allow
not allow U,A
opy job]
not have a fu
TOE does no
tored image,
w Job owner o
od for deleting
the originals o
s can press <C
data.
the originals o
als are scanne
to cancel the
NIN can log i
to cancel cop
not allow U.N
Fax transm
pported func
ides the follow
o fax send job
ed. Also, no u
ob has a func
ly.
scan]
x send job wi
until the spec
be transmitted
ng the origina
a document t
w Job owner,
ADMIN, U.N
unction for m
ot allow job o
, Cancel cop
or U.ADMIN
g stored imag
on the scanne
Cancel> on th
on the scanne
d and copyin
copy job and
in to the Rem
py jobs and de
NORMAL or
mission pro
ctional requir
wing access c
b is initialized
user can chan
ction for temp
ith the Delaye
cified time.
d after the job
al when the f
o send as a f
U.ADMIN o
NORMAL or
modifying copy
owner, U.AD
y job]
N to delete sto
ge and cancel
er, log in to th
he original sc
er, log in to th
ng is executed
d delete the sc
mote UI and se
elete scanned
r Unauthentic
ocess cont
rements: FD
control functi
d with the nam
ge the user na
porarily savin
ed scan mode
b contents are
fax send job w
fax, Create fa
r U.NORMA
77
r Unauthentic
y jobs.
DMIN, U.NOR
ored image an
ling copy job
he machine, s
anning screen
he machine, s
d. Cancel a co
canned image
elect and can
d image data.
cated users to
rol
DP_ACC.1, F
ions for the fa
me of the use
ame assigned
ng fax send jo
e is executed,
e previewed a
with the previ
ax send job]
AL to submit a
ated users to
RMAL, or Un
nd cancel copy
is indicated b
select <Copy>
n to cancel th
select <Copy>
opy job that is
e data.
ncel jobs from
o delete stored
FDP_ACF.1,
fax tarnsmissi
er that genera
d to the fax se
obs, which are
, TOE tempor
and confirmed
iew setting is
a document to
D
Copyrig
modify store
nauthenticate
y job.
below.
>, and press <
he copy job an
>, and press <
s executing o
m the [Status M
d image and c
FMT_MSA
ion process. T
ated the job w
end document
e [Delayed sc
rarily saves th
d without tran
inputted.
o send as a fa
Date of Issue: 2
ght Canon Inc
ed image.
ed users to mo
<START>. Jo
nd delete the
<START>. T
on the Status M
Monitor/Canc
cancel copy j
A.3
The user nam
when the fax s
t and the fax
can] and [Prev
he job withou
nsmitting imm
ax, create fax
2022/07/27
c. 2021
odify
ob
scanned
The
Monitor
cel]
ob.
me
send job
send job.
view],
ut
mediately
send
job.
The metho
indicated b
- Place t
press <
After th
TOE does
[View scan
TOE allow
The metho
- Place t
Enable
scanned
However,
cannot pre
TOE does
[View fax
TOE allow
The metho
- Log in
Howev
status, b
job is d
- U.ADM
"Status
TOE does
[Modify st
TOE allow
The metho
- Place t
Enable
scanned
display
od for submitt
below.
the document
<START> but
hat, it is faxed
not allow Un
nned image]
w Job owner t
od for viewing
the document
the <Preview
d and the scan
when faxing
eview the fax
not allow U,A
job queue /
w Job owner,
od for viewing
n to the operat
ver, in the cas
but details su
displayed in th
MIN logs in t
s Monitor/Can
not allow Un
tored image]
w Job owner t
od for modify
the document
the <Preview
d and pages c
y.
ting a docum
t on the scann
tton. A fax se
d throuth the
nauthenticated
to view scann
g scanned im
t on the scann
w> mode in th
nned image i
a received fa
send image.
ADMIN, U.N
log]
U.ADMIN o
gfax job queu
tion panel and
e of U.NORM
uch as the des
he job history
to the remote
ncel".
nauthenticated
]
to modify sto
ying fax send
t on the scann
w> mode in th
can be deleted
ment for submi
ner, log in to
end job is gen
PSTN conne
d users to sub
ned image.
mage is indicat
ner, log in to
he <Options>
is displayed o
ax document i
NORMAL or
r U.NORMA
ue / log is ind
d check the jo
MAL, a job li
stination of an
y.
UI, and the j
d users to vie
red fax send
image is indi
ner, log in to
he <Options>
d or moved w
78
itting a docum
the operation
nerated, the d
ected to the T
bmit a docum
ted below.
the operation
> settings and
on the touch p
in the Memor
r Unauthentic
AL to view fax
dicated below
ob status and
ist containing
nother user's j
job status and
ew fax job qu
image.
icated below.
the operation
> settings and
while the scan
ment to send
n panel, select
ocument is re
OE.
ment to send a
n panel, select
d press <STA
panel display.
ry RX Inbox
ated users to
x job queue /
w.
d job history b
g another user
job are not di
d job history c
ueue / log.
.
n panel, select
d press <STA
nned image is
D
Copyrig
as a fax, crea
t <Fax>, sele
ead, and imag
as a fax, creat
t <Fax>, sele
RT> button.
.
from the <Fa
view scanned
log.
by "Send" on
r's job can be
isplayed. Als
can be check
t <Fax>, sele
RT> button.
s displayed on
Date of Issue: 2
ght Canon Inc
ating fax send
ct the destina
ge data are sto
te fax send job
ct the destina
The documen
ax/I-Fax Inbo
d image.
the "Status M
displayed in
o, only log in
ed by "Send"
ct the destina
The documen
n the touch pa
2022/07/27
c. 2021
d job is
ation and
ored.
b.
ation.
nt is
ox>, you
Monitor".
the job
n user's
" on the
ation.
nt is
anel
However,
cannot mo
TOE does
[Modify fa
TOE allow
The metho
- Select
<Send>
TOE does
[Delete s
TOE allow
The metho
- Place t
<STAR
fax sen
- Place t
enable
image d
the fax
- Place t
enable
<Status
delete t
name o
- U.ADM
screen
TOE does
7.2.5 F
– Sup
TOE provi
performed
Inbox whe
When prin
operated th
when faxing
dify stored fa
not allow U,A
ax send job]
w Job owner o
od for modify
a job from th
> <Job Status
not allow U.N
tored image,
w Job owner o
od for deleting
the originals o
RT>. Press <C
nd job.
the originals o
the <Preview
displayed on
send job.
the originals o
the <Delayed
s Monitor> sc
the stored ima
of the user ma
MIN can log
to delete stor
not allow U.N
Fax recept
pported func
ides the follow
d by the system
ere received f
nting a receive
he received jo
a received fa
ax send image
ADMIN, U.N
or U.ADMIN
ying fax send
he screen disp
s>. The destin
NORMAL or
, Cancel fax
or U.ADMIN
g stored imag
on the scanne
Cancel> on th
on the scanne
w> mode in <
the touch pan
on the scanne
d Send> mod
creen after the
age and fax s
atches the use
in to the Rem
red image and
NORMAL or
ion proces
ctional requir
wing access c
m, users are n
faxes are save
ed fax job, th
ob. User nam
ax document i
e.
NORMAL or
N to modify fa
job is indicat
played by log
nation can be
r Unauthentic
send job]
N to delete sto
ge or cancelin
er, log in to th
he scanning s
er, log in to th
Options> and
nel display af
er, log in to th
de in <Option
e originals ar
send job. How
er name of the
mote UI, selec
d fax send job
r Unauthentic
ss control
rements: FD
control functi
not set for rec
ed is controlle
he print job ac
mes assigned t
79
in the Memor
r Unauthentic
ax send job.
ted below.
gging in to the
changed by d
cated users to
ored image or
ng fax send jo
he machine, s
screen to dele
he machine, s
d press <STA
fter the origin
he machine, s
s> and press
re scanned. Se
wever, a job o
e fax send job
ct and cancel
bs.
cated users to
DP_ACC.1, F
ion for the fa
ceived images
ed via access
ccess privileg
o documents
ry RX Inbox
ated users to
e machine and
displaying <D
o modify fax
cancel fax se
ob is indicated
select <Fax>,
ete the scanne
select [Fax], a
ART>. Stop th
nals are scann
select <Fax>,
<START>. D
elect a fax sen
owner can onl
b.
send jobs fro
o delete stored
FDP_ACF.1,
x reception p
s or received
privileges to
ges are initiali
and jobs can
D
Copyrig
from the <Fa
modify fax s
d pressing <S
Details>.
send job.
end job.
d below.
, select the de
ed fax send im
and select the
he fax send jo
ned to delete t
, and select th
Display the se
nd job and pr
ly delete fax
om the [Statu
d image or ca
FMT_MSA
process. Since
jobs. Access
the <Fax/I-F
ized with the
nnot be chang
Date of Issue: 2
ght Canon Inc
ax/I-Fax Inbo
send image.
Status Monito
estination, and
mage and dele
e destination.
ob with the fa
the stored im
he destination
end job status
ress <Cancel>
send jobs wh
us Monitor/Ca
ancel fax send
A.3
e fax receptio
s to the Memo
Fax Inbox> bu
user name th
ged by any us
2022/07/27
c. 2021
ox>, you
or>
d press
ete the
Then
ax send
age and
n. Then
s on the
> to
hen the
ancel]
d job.
on is
ory RX
utton.
hat
er.
TOE does
RX Inbox.
and U.ADM
[Receive a
When TOE
Inbox and
images and
[View fax
TOE allow
The metho
- Log in
A list
receiv
- An U.A
Receiv
The metho
printing.
- Log in
A list
TOE does
release prin
[View fax
TOE allow
The metho
- You ca
screen
receive
- U.Adm
[Status
TOE does
[Modify im
TOE allow
The metho
not immedia
Access to th
MIN, and pro
a fax and sto
E receives a f
creates a rece
d create fax r
image or Re
w Fax owner a
od for viewing
n to the machi
of the held fa
ed fax image
ADMIN can
ved/Stored Fi
od for releasin
n to the machi
of the held fa
not allow U.N
nted fax outp
x receive log
w Fax owner,
od for viewing
an display the
in <Status M
ed faxes.
min can also l
Monitor/Can
not allow Un
mage of rece
w Fax owner o
od for Modify
ately print dig
he inbox is lim
ovides the fol
re it, Create
fax document
eived fax job
receive job.
elease printe
and U.ADMI
g received fax
ine, press <Fa
ax data is disp
es.
also display i
iles] [Memory
ng printed fax
ine, press <Fa
ax data is disp
NORMAL (o
put.
g]
U.ADMIN o
g fax receive
e received fax
Monitor> <Rec
log in to the R
ncel] screen.
nauthenticated
eived fax]
or U.ADMIN
ying image of
gital documen
mited to Fax o
llowing acces
fax receive j
t sent from ou
b. Therefore, a
d fax output
IN to view fax
x images is in
ax/I-Fax Inbo
played. You c
images by log
y RX Inbox]
x output is pe
ax/I-Fax Inbo
played. Selec
other than Fax
or U.NORMA
log is indicat
x job status b
ceive>. You c
Remote UI an
d users to Vie
N to Modify im
f received fax
80
nts of fax rece
owner (U. AD
ss control.
job]
utside, it save
all users can b
t]
x image or re
ndicated belo
ox> <Memory
can select dat
gging in to th
[Memory RX
erformed as in
ox> <Memory
t the data, an
xowner) and
AL to view fa
ted below.
y logging int
can also switc
nd check [Job
ew fax receiv
mage of recei
x is indicated
eive job and i
DMIN Allow
es the receive
be considered
elease printed
ow.
y RX Inbox>
ta and select <
he Remote UI
X Inbox], and
ndicated belo
y RX Inbox>
nd press <Prin
Unauthentica
ax receive log
o the machin
ch to the <Job
b Status] and
ve log.
ived fax.
below.
D
Copyrig
instead saves
ws Access to I
d fax images
d allowed to s
d fax output.
>, and open <M
<Display Ima
I, clicking [A
d selecting he
ow, and the fa
>, and open th
nt> to print th
ated users to v
g.
ne and display
b Log> scree
[Job Log] un
Date of Issue: 2
ght Canon Inc
them to the M
nbox U. NOR
to the Memo
save received
Memory RX
age> to displa
Access
eld received f
ax data is eras
he Memory R
he fax image.
view fax ima
ying the <Job
n to display t
nder [Receive
2022/07/27
c. 2021
Memory
RMAL)
ory RX
d fax
Inbox>.
ay the
fax data.
sed after
RX Inbox.
age or
Status>
the list of
] on the
- Log in
A list o
receive
TOE does
received fa
[Modify fa
TOE does
Therefore,
receive job
[Delete im
TOE allow
The metho
- Log in
A list o
image.
- An adm
[Memo
TOE does
fax.
[Cancel fa
TOE allow
The metho
- You ca
receive
- You ca
[Cance
TOE does
7.2.6 D
– Sup
TOE provi
n to the machi
of the held fax
ed fax images
not allow U.N
ax.
ax receive jo
not have a fu
TOE does no
b.
mage of receiv
w Fax owner o
od for deleting
n to the machi
of the held fax
ministrator ca
ory RX Inbox
not allow U.N
ax receive job
w U.ADMIN
od for canceli
an log in to th
e job, and pre
an also log in
l] to delete th
not allow Fa
Document
pported func
ides the follow
ine, press <Fa
x data is displ
s. Pages can b
NORMAL (o
ob]
unction for m
ot allow Fax
ved fax]
or U.ADMIN
g image of re
ine, press <Fa
x jobs is displ
an log in to th
x], select the h
NORMAL(o
b]
to cancel fax
ing fax receiv
he machine, p
ss <Cancel>
n to the Remo
he fax receive
x owner, U.N
store and
ctional requir
wing access c
ax/I-Fax Inbo
layed. You ca
be deleted wh
other than Fax
modifying fax
owner, U,AD
N to delete im
eceived fax is
ax/I-Fax Inbo
layed. Select
he Remote UI
held received
ther than Fax
receive job.
ve job is indic
press <Status
to delete the
ote UI, click [
e job.
NORMAL or
retrieve pr
rements: FD
control functi
81
ox> <Memory
an select data
hile the image
xowner) or U
receive job.
DMIN, U.NO
mage of receiv
indicated be
ox> <Memory
the data and
I, click [Acce
d fax job, and
xowner) or Un
cated below.
Monitor> <R
fax receive jo
Status Monit
Unauthentica
rocess con
DP_ACC.1, F
ion for the do
y RX Inbox>
a and select <
e data is displ
Unauthenticate
ORMAL, or un
ved fax.
low.
y RX Inbox>
press <Delet
ess Received/
click [Delete
nauthenticate
Receive> <Jo
ob.
tor/Cancel] [J
ated users to
trol functio
FDP_ACF.1,
ocument store
D
Copyrig
>, and open <M
<Display Imag
layed on the t
ed users to M
nauthenticate
>, and open <M
te> to delete t
/Stored Files]
e] to delete th
ed users to de
ob Status>, se
Job Status] un
cancel fax re
on
FMT_MSA
e and retrieve
Date of Issue: 2
ght Canon Inc
Memory RX
ge> to display
touch panel d
Modify image
ed users to mo
Memory RX
the received f
] [Memory RX
he received fa
elete image of
elect the held
nder [Receive
eceive job.
A.3
e process.The
2022/07/27
c. 2021
Inbox>.
y the
display.
of
odify fax
Inbox>.
fax
X Inbox]
ax image.
f received
fax
e]
e user
name assig
generated t
user name
TOE has a
Space). Th
Space) tha
[Store doc
TOE allow
The metho
- For a stor
<Advanced
pressed, th
the person
TOE does
[Retrieve
TOE allow
The metho
- For a r
Space>
- In <Fa
server i
TOE does
job.
[View sto
TOE allow
The metho
- To disp
screen.
- U.ADM
select [
- To disp
<Local
- U.ADM
and sel
[Send]
gned to docum
the job when
assigned to j
a function for
he destination
at only the log
cument, Crea
w Job owner,
od for store do
re job, place t
d Box> <Per
he store job is
al space.
not allow Un
stored docum
w Job owner o
od for retrievi
retrieve job, l
>, and select t
ax/I-Fax Inbox
in the TIFF o
not allow U.N
orage / retrie
w Job owner,
od for viewing
play a store l
MIN can also
[Local Print] t
play a retriev
l Print> or pre
MIN can also
ect [Local Pr
to display the
ment store an
n the documen
obs.
saving digita
n to store the d
gged in user c
ate retrieval
U.ADMIN o
ocument and
the original o
sonal Space>
s generated, th
nauthenticated
ment, Create
or U.ADMIN
ing stored doc
og in to the c
the stored file
x>, U.ADMI
or PDF file fo
NORMAL or
eval log]
U.ADMIN o
g storage / ret
og, log in to t
o log in to the
to display the
ve log, log in
ess <Send> <
o log in to the
rint] to display
e retrieve log
nd retrieve pro
nt store and re
al documents
documents is
can access.
job]
r U.NORMA
create retriev
on the scanne
>, and select t
he original is
d users to sto
e retrieval jo
N to retrieve st
cument and c
control panel,
e. You can pre
IN can send r
rmats. They c
r Unauthentic
r U.NORMA
trieval log is
the control pa
e Remote UI,
e job log for p
to the control
<Job Log> on
e Remote UI,
y the retrieve
g
82
ocess jobs is i
etrieve proce
scanned from
s a personal sp
AL to store do
val job is indi
r, log in to th
the personal s
scanned, and
ore document
ob]
tored docume
creating retrie
press <Acce
ess <Print> to
eceived fax d
can also send
cated users to
AL to view sto
indicated bel
anel, press <S
click [Status
printing store
l panel, press
n the <Status M
click [Status
e log or click
initialized wi
ss job is gene
m a scanner to
pace inside th
ocument and c
icated below.
he control pan
space of the u
d an image da
and create re
ent and create
eval job is ind
ess Stored File
o create a prin
documents in
d them via a f
o retrieve stor
orage / retriev
low.
Store> <Job L
Monitor/Can
ed documents
s <Status Mon
Monitor> scr
Monitor/Can
[Status Moni
D
Copyrig
ith the name o
erated. No use
o the Advanc
he Advanced
create retriev
nel, press <Sc
user. When th
ata file is gen
etrieval job.
e retrieval job
dicated below
es> <Advanc
nt job for retr
the Memory
fax line.
red document
val log.
Log> on the <
ncel] [Job Lo
s.
nitor> <Copy
reen.
ncel] [Job Lo
itor/Cancel] [
Date of Issue: 2
ght Canon Inc
of the user th
ers can chang
ced Box (Adv
Box (Advan
val job.
can and Store
he Start button
nerated and sto
b.
w.
ced Box> <Pe
rieving a docu
RX Inbox to
t and create re
<Status Moni
g] under [Sto
y/Print> <Job
g] under [Co
[Job Log] und
2022/07/27
c. 2021
hat
ge the
vanced
ced
>
n is
ored in
ersonal
ument.
o a file
etrieval
itor>
ore], and
Log>
py/Print],
der
TOE does
[Modify st
TOE allow
The metho
- Log in
file, and
TOE does
[Modify st
TOE does
Therefore,
storage / re
[Delete s
TOE allow
The metho
- The jo
Space>
- U.ADM
<Store/
docume
- U.ADM
[Store/A
TOE does
[Cancel st
TOE allow
The metho
- The jo
to delet
<Status
- U.ADM
click th
- A job o
<Fax/I-
not allow Un
tored docum
w Job owner t
od for modify
n to the contro
d press <Edit
not allow U.A
torage / retri
not have a fu
TOE does no
etrieval job.
tored docum
w Job owner o
od for deleting
b owner can
>, select the fi
MIN can log
/Access Files
ent.
MIN can log
Access Files]
not allow U.N
torage / retri
w Job owner o
od for canceli
b owner can
te the store jo
s Monitor> sc
MIN can log
he cancel butt
owner or U.A
-Fax Inbox>
nauthenticated
ment]
to modify sto
ying stored do
ol panel, pres
t File> <Chan
ADMIN, U.N
ieval job]
unction for m
ot allow Job o
ment]
or U.ADMIN
g stored docu
log in to the c
ile, and press
in to the cont
s> <Advanced
in to the Rem
] [Advanced B
NORMAL or
ieval job]
or U.ADMIN
ing storage / r
press <Cance
ob. They can
creen to delet
in to the Rem
ton to delete t
ADMIN selec
and select the
d users to vie
red documen
ocument is ind
s <Access St
nge File Nam
NORMAL or
modifying stor
owner, U.AD
N to delete sto
ument is indic
control panel
<Edit File> <
trol panel and
d Box Setting
mote UI to de
Box Settings]
r Unauthentic
N to cancel sto
retrieval job i
el> or <STOP
also press <C
te the store jo
mote UI, click
the store job.
ct the received
e destination.
83
ew storage / r
nt.
dicated below
ored Files> <
me> to change
r Unauthentic
rage / retrieva
DMIN or U.N
ored documen
cated below.
l, press <Acce
<Delete> to d
d press <Setti
gs> <Delete A
lete saved do
] [Delete Pers
cated users to
orage / retriev
is indicated b
P> displayed
Cancel> in <J
ob.
k [Status Mon
d fax docume
Then enable
etrieval log.
w.
<Advanced B
e the file nam
ated users to
al job.
NORMAL or u
nt.
ess Stored Fi
delete the sto
ings/Registra
All Personal S
ocuments in [S
sonal Space].
o delete stored
val job.
elow.
on the contro
Job Status> fo
nitor/Cancel]
ent in the Mem
e the <Delaye
D
Copyrig
Box> <Person
me.
modify store
unauthenticat
les> <Advan
re document.
ation> <Funct
Spaces> to de
Settings/Regi
.
d document.
ol panel after
or <Copy/Prin
[Job Status]
mory RX Inb
ed Send> mod
Date of Issue: 2
ght Canon Inc
nal Space>, se
ed document.
ted users to m
nced Box> <P
.
tion Settings>
elete the store
istration]
generating a
nt> or <Store
under [Store]
box from the
de in <Option
2022/07/27
c. 2021
elect the
modify
Personal
>
e
store job
e> on the
], and
ns> and
press <
job stat
docume
matche
TOE does
7.3 PS
– Sup
The TSF p
SuperG3 p
network. [F
The TOE f
The follow
sending or
performed
attempts to
prevent un
This functi
7.4 SS
– Sup
All access
Thus, all d
built-in SS
[FDP_DSK
The SSD e
the first tim
user to set
When data
the SSD en
SSD, all re
including u
7.4.1 E
– Sup
To ensure
the TOE p
[FCS_CO
–
–
<START>. Di
tus of a status
ent and send j
es the user nam
not allow U.N
STN Fax-Ne
pported func
prohibits com
protocol and t
FDP_FXS_E
fax I/F is used
wing measure
r receiving a j
d with the opp
o communica
nauthorized tr
ion is always
SD Encrypt
pported func
to the TOE e
data including
SD are encryp
K_EXT.1.1]
encryption fun
me, and since
anything for
a including us
ncryption chi
eading is perf
user data and
Encryption
pported func
the confident
erforms the f
OP.1(d)]
To encrypt
To decrypt
isplay the sen
s confirmation
job. Howeve
me of the sen
NORMAL an
etwork Sep
ctional requir
mmunication v
the G3 protoc
EXT.1]
d only for sen
s are taken ag
job using a fa
posite side, an
ate with proto
ransmission a
enabled and
tion Functi
ctional requir
embedded SS
g user data an
pted, and the e
nction is auto
e there is no in
the SSD enc
ser data and T
ip before writ
formed throug
d TSF data sto
n/Decryptio
ctional requir
tiality of user
following enc
data written t
data read from
nd job status o
n screen. Sele
r, a job owne
nd job.
nd Unauthent
paration Fu
rements:FDP
via the fax I/F
col. Thus, the
nding and rec
gainst unauth
ax I/F, first, n
nd if the nego
ocols other tha
and reception.
there is no in
on
rements:FDP
SD is via an S
nd TSF data in
encrypted dat
omatically en
nterface to co
ryption funct
TSF data is w
ting to the TO
gh the SSD e
ored in a TOE
on Function
rements:FCS
r data and TS
cryption opera
to a TOE bui
m a TOE bui
84
on the <Statu
ect a send job
er can only de
ticated users
unction
P_FXS_EXT
F except for tr
e PSTN is con
ceiving faxes,
horized fax jo
negotiation of
otiation is not
an the SuperG
.
nterface to co
P_DSK_EXT
SSD encryptio
nput/output b
ta are stored
nabled when a
ontrol the ope
tion of the TO
written to the T
OE built-in SS
ncryption chi
E built-in SSD
n
S_COP.1(d)
F data stored
ations to encr
lt-in SSD.
ilt-in SSD.
us Monitor> s
b and press <
elete a scan jo
to cancel stor
T.1
ransmission a
ntrolled so as
, not for other
bs and comm
f the SuperG3
t successful, t
G3 protocol a
ontrol the ope
T.1
on chip moun
between the c
in the TOE b
an SSD is con
eration, there
OE. [FDP_DS
TOE built-in
SD. Also, wh
ip. To secure
D by an encry
d in the TOE b
rypt all data s
D
Copyrig
screen. To dis
Cancel> to d
ob when the n
rage / retrieva
and reception
not to be abl
r purposes.
munications u
3 protocol and
the line is dis
and the G3 pr
eration.
nted on the TO
ontroller boa
built-in SSD.
nnected to the
is no need fo
SK_EXT.1.2
SSD, encryp
hen reading fr
confidentiali
yption/decryp
built-in SSD
stored in the T
Date of Issue: 2
ght Canon Inc
splay a transm
elete the send
name of the u
al job.
n of user data
le to intrude i
sing fax I/Fs.
d the G3 prot
connected. In
rotocol are blo
OE controller
rd and the TO
e TOE and sta
or U.ADMIN
2]
ption is perfor
rom the TOE
ity of all data
ption function
from all inter
TOE built-in
2022/07/27
c. 2021
mission
d
user
using the
nto the
. When
ocol is
n this way,
ocked to
r board.
OE
arted for
or the
rmed via
built-in
a
n.
rfaces,
SSD.
The encryp
–
–
–
7.4.2 C
– Sup
FCS
FPT
The CSP (
CSP
identi
crypto
key
key se
Next, the l
[How to G
The TOE g
specificatio
first conne
encryption
The encryp
entropy ge
noise sourc
Nonce has
DRBG are
encryption
The TOE i
at the first
with intern
[FCS_SM
After that,
When the p
based on th
[How to M
ption algorith
AES as spe
XTS as spe
Cryptograph
Cryptograp
pported func
S_CKM_EX
T_KYP_EXT
Critical Secu
ification
D
ographic A
eed Th
D
A
life cycle (Ho
Generate Cryp
generates a ke
ons when an
ection (That is
n chip and the
ption chip gen
eneration func
ce. Entropy I
s a minimum
e initialized. T
n chip as a key
inputs a key s
time, and com
nal states V an
MC_EXT.1, F
TOE encryp
power is turn
he key seed a
Manage Crypt
hm and key u
cified in ISO
cified in IEE
hic key size: 2
phic key m
ctional requir
XT.4, FCS_R
T.1, FPT_SK
urity Paramete
escription
key for encry
he internal sta
RBG and the
ES encryptio
ow to generate
ptographic Ke
ey seed to be
administrator
s, at the time
e TOE contro
nerates Entro
ction using a
nput, generat
entropy of 16
Then, the DR
y seed as a so
seed (DRBG
mputes 2 ciph
nd C as subm
FCS_COP.1(c
ts all data sto
ned on next tim
and stores it in
tographic Key
sed for encry
O/IEC 18033-3
E 1619
256 bits
anagemen
rements:FCS
RBG_EXT.1(
KP_EXT.1
er) handled b
yption
ate V and C o
e seed value u
on key genera
e, manage, an
eys]
used in the S
r instructs the
of TOE prod
ller.
opy Input (64
random num
ted by the ent
60 bits. By in
RBG internal s
ource of the e
internal state
her keys of 2
masks at the se
c), FCS_CK
ored in the TO
me, the encry
n the RAM.
ys]
85
yption operati
3
nt function
S_CKM.1(b)
(ssd), FCS_K
by the SSD en
of the
used for
ation.
nd destroy) o
SSD encryptio
e destruction/
duction) or at
0 bits) and N
mber generator
tropy generat
nputting these
states V and C
encryption ke
e V, C) to the
56 bits by pe
econd and thi
M.1(b)]
OE built-in SS
yption chip au
on are as foll
), FCS_CKM
KYC_EXT.1,
ncryption func
Storage
RAM in
the
encryption
chip
FLASH
memory
in the
encryption
chip
f the encrypti
on function b
/regeneration
the time of T
Nonce (256 bit
r using a ring
tor, has a min
e values into D
C are stored i
y. [FCS_RB
DRBG, disca
rforming sub
ird random nu
SD.
utomatically r
D
Copyrig
lows.
M.4, FCS_CK
, FCS_SMC_
ction is expla
State
plaintext
plaintext
ion key is des
based on the f
n of the key se
TOE disposal
ts) input to th
g oscillator as
nimum entrop
DRBG, intern
in the FLASH
G_EXT.1(ss
ards the rand
bmask couplin
umber genera
reconstructs t
Date of Issue: 2
ght Canon Inc
KM.1(c),
_EXT.1,
ained.
Method o
destructio
Lost due t
TOE pow
Overwrite
with fixed
(0xFF)
scribed.
following
eed at the tim
between the
he DRBG usin
one hardwar
py of 400 bits
nal states V a
H memory in
sd)]
dom number g
ng using SHA
ation.
the encryptio
2022/07/27
c. 2021
of
on
to
wer loss
e once
d value
me of the
ng an
re-based
, and
and C of
the
generated
A -256
on key
Entropy ge
which are
(internal pr
cipher key
The TOE s
encryption
memory.
Since the e
chip is not
plaintext, F
There is no
encryption
chip outsid
[FPT_SKP
[How to D
The encryp
unnecessar
[FCS_CK
The key se
changed, s
panel. Des
[FCS_CK
7.5 LA
7.5.1 I
– Sup
FTP
To ensure
file server/
in RFC 43
–
–
In order to
the TOE w
encrypts/d
FCS_IPSE
–
–
In order to
PC to the T
when an ad
the protect
function de
eneration fun
submasks. Si
rocessing by
y is maintaine
stores the key
n chip. The en
encryption ch
t a Field-Repl
Field-Replace
o TOE interfa
n chip. Since t
de the encryp
P_EXT.1]
Destroy the Cr
ption key exi
ry when the p
KM_EXT.4/F
eed becomes u
such as when
stroy the key
KM_EXT.4/F
AN Data Pro
IPSec Encr
pported func
P_TRP.1(b),
the confident
/audit log serv
01 as follows
Encrypting
Decryption
o ensure the c
when a genera
decrypts all IP
EC_EXT.1.1
Encrypting
Decryption
o ensure the c
TOE, the TOE
dministrator p
tion of the rem
escribed in 7.
ctions are use
ince a cipher
Hash DRBG
d at each stag
y seed from w
ncryption key
hip is mounted
laceable Nonv
eable Nonvol
ace to read th
there is no in
tion chip, the
ryptographic
sts only on th
power is turne
FCS_CKM.4]
unnecessary
the TOE is d
seed by overw
FCS_CKM.4]
otection Fu
ription Fun
ctional requir
, FCS_IPSEC
tiality and int
ver/time serv
s. [FTP_ITC
operation for
operation for
onfidentiality
al user perform
P packets usin
1]
operation for
operation for
onfidentiality
E encrypts an
performs pag
mote UI oper
.5.3may be u
ed to supply s
key of 256 b
G based on SP
ge of the key
which the enc
y is stored onl
d on the TOE
volatile Stora
latile Storage
he key seed fr
nterface for re
e key seed and
Key]
he RAM in th
ed off, it is lo
]
when the adm
discarded. The
writing it onc
]
unction
nction
rements:FCS
C_EXT.1, FI
tegrity of use
ver, the TOE e
C.1, FCS_IPS
r IP packets s
r IP packets r
y and integrity
ms printing u
ng IPSec spec
r IP packets s
r IP packets r
y and integrity
nd decrypts a
ge operation o
ration, not onl
sed. [FTP_T
86
sufficient ent
it length is co
P 800 -90 A) t
chain. [FCS_
ryption key o
ly on the RAM
E controller b
age Device, a
e Device. [FP
rom FLASH m
eading the enc
d the encrypt
he encryption
ost when the p
ministrator de
e key seed is
ce with a fixe
S_COP.1(a),
IA_PSK_EX
r data and TS
encrypts and
SEC_EXT.1.
sent to the LA
received from
y of user data
using the prin
cified in RFC
sent to the LA
received from
y of user data
ll IP packets
of the remote
ly the IPSec e
TRP.1(a), FC
tropy to the D
onstituted by
to this subma
_KYC_EXT
originates in c
M in the encr
oard and the
a portion of th
PT_KYP_EX
memory in th
cryption key
tion key are p
chip. Since t
power is turn
etermines that
destroyed by
d value (0xFF
, FCS_COP.
XT.1, FCS_C
SF data transm
decrypts all I
1]
AN
m the LAN
a and TSF dat
nter driver fro
C 4301 as follo
AN
m the LAN
a and TSF dat
using IPSec s
UI using a w
encryption fu
S_IPSEC_E
D
Copyrig
DRBG interna
performing s
ask, the streng
T.1]
clear text in F
ryption chip a
FLASH mem
he key chain i
XT.1]
he encryption
from the RAM
protected from
the encryption
ed off.
t the encrypti
y an instructio
F).
1(c), FTP_IT
OP.1(g)
mitted betwee
IP packets us
ta transmitted
m the client P
ows. [FTP_T
ta sent and re
specified in R
web browser f
unction but al
EXT.1.1]
Date of Issue: 2
ght Canon Inc
al states V and
submask com
gth (256 bits)
FLASH memo
and not in the
mory in the en
is not stored i
chip out of th
M in the encr
m exposure.
n key become
ion key needs
on from the o
TC.1, FTP_T
en the TOE a
sing IPSec as
d from the cli
PC, the TOE
TRP.1(b),
eceived from
RFC 4301 as
from the clien
lso the TLS e
2022/07/27
c. 2021
d C
mbination
) of the
ory in the
e FLASH
ncryption
in a
he
ryption
es
s to be
operation
TRP.1(a),
and the
defined
ient PC to
the client
follows
nt PC. For
ncryption
–
–
The follow
in RFC 43
Cr
AE
AE
– Th
Ke
St
by
IPSec conn
IPSec conn
SPD defin
communic
When send
priority. If
When IKE
priority ord
performed
conditions
If the comm
matching o
[FCS_IPS
The specif
–
–
–
–
–
The SA lif
8 hours for
Encrypting
Decryption
wing cryptogr
03. [FCS_CO
ryptographic
ES-CBC+HM
ES-GCM
he Secure H
eyed-Hash M
tandard speci
y HMAC is 1
nection mode
nection settin
es the peer co
cation with th
ding and rece
f IKE is not es
E is establishe
der is confirm
d by IPSec set
of all SPDs a
munication c
of the commu
SEC_EXT.1.3
fications of th
IKEv1 IKE
numbers, an
IKEv1 payl
Payload cip
AES-GCM-
IKEv1 Phas
The suppor
U.ADMIN
establishme
fetime of IKE
r Phase 2 SA
operation for
operation for
raphic algorith
OP.1(a), FCS
c algorithm
MAC
Hash Algorith
Message Auth
fied in FIPS
60 bits. [FCS
e supports tran
ngs define mu
ondition (IP a
e peer (IKE a
eiving IP pack
stablished, th
ed, the commu
med to be mat
tting of the fir
are discarded
annot be perf
unication part
3]
he correspond
Ev1 as defined
nd RFC4868
load cipher: A
phers fo IPS
-128/AES-GC
se 1 Key Exc
rted DH grou
sets which o
ent during com
Ev1 can be lim
s. [FCS_IPS
r IP packets s
r IP packets r
hms and keys
S_COP.1(c)]
Crypto
128 bit
128 bit
hm (SHA) u
hentication C
PUB 180-3.
S_COP.1(g)]
nsport mode
ultiple, priorit
address, port
and IPSec set
kets, it attemp
he packet is dr
unication par
tched while m
rst matched r
d.
formed by the
tner condition
ding protocols
d in RFCs 24
for hash func
AES-CBC-12
Sec ESP: A
CM-256 spec
change Uses M
ups are Grou
one to use. I
mmunication
mited by spec
EC_EXT.1.8
87
sent to the LA
received from
s are used to
]
ographic key
, 256 bit
, 256 bit
sed by the a
Code specifie
The message
only. [FCS_I
tized rules as
number) to w
ttings), and w
pts to negotia
ropped.
rtner conditio
maintaining th
rule. IP packe
e first matchi
n with the low
s in IPSec are
407, 2408, 24
ctions
28/AES-CBC
AES-CBC-128
cified in RFC
Main Mode O
up 14 (2048
t is then det
n.
cifying a time
8]
AN
m the LAN
implement th
y sizes Lis
FIP
NI
FIP
FIP
NI
above HMAC
ed in FIPS P
e digest lengt
IPSEC_EXT
the Security
which the rule
whether the ru
ate IKE from
on of the rule
he established
ets that do not
ing rule, the p
wer priority ru
e as follows.
409, and 4109
-256 as speci
8/AES-CBC-
C 4106
Only (No Agg
bit), ECDH
ermined by p
e of no more t
D
Copyrig
he IPSec proto
st of Standar
PS PUB 197(
ST SP 800-3
PS PUB198-1
PS PUB 197(
ST SP800-38
C is SHA-1
PUB 198-1
th is 160 bits
T.1.2]
Policy Datab
e applies, the
ule itself is en
valid rules ac
valid from th
d IKE, and co
t meet the com
packet is disc
ule is not con
[FCS_IPSEC
9, RFC4304 f
ified in RFC3
256 specifie
gressive Mod
256 bit, and
performing k
than 24 hours
Date of Issue: 2
ght Canon Inc
ocol ESP as s
rds
(AES)
8A(CBC)
1(HMAC)
(AES)
8D(GCM)
. SHA-1 sat
and the Sec
s. The key len
base (SPD).
method of
nabled or disa
ccording to th
he top of the S
ommunicatio
mmunication
arded and the
nfirmed.
C_EXT.1.4-7
for extended
3602
ed in RFC 3
de)
d ECDH 384
key exchange
s for Phase 1
2022/07/27
c. 2021
specified
tisfies the
cure Hash
ngth used
abled.
he SPD
SPD
n is
n partner
e
7,9]
sequence
3602 and
4 bit, and
e and key
SAs and
All IKE pr
preshared k
IPSec pres
The numbe
combinatio
"&", "*", "
Only text-b
used for th
IKE phase
The setting
the
rem
ote
UI
by
U.A
DM
IN.
7.5.2 I
– Sup
FCS
The CSP h
CSP
identi
presha
MFP k
IKE c
key
DH ke
ECDH
IPSec
crypto
IPSec
authen
DRBG
state
The life cy
Op
pan
Re
rotocols perfo
key.[FCS_IP
shared keys c
er of characte
on of upperca
"(", ")" ). [FIA
based preshar
he conditionin
e 1.[FIA_PSK
gs of the IPse
IPSec Cryp
pported fun
S_CKM.4, F
handled by th
ification
ared key
key pair
cryptographic
ey pair
H key pair
c
ographic key
c
ntication key
G internal
ycle of the CS
peration
nel:
mote UI:
orm peer auth
PSEC_EXT.1
an be configu
ers of the pres
ase or lowerc
A_PSK_EXT
red keys are u
ng, one of SH
K_EXT.1.3]
ec encryption
ptographic
nctional req
FPT_SKP_EX
e IPSec crypt
Descriptio
Shared ke
key authen
Key pair o
authentica
method (R
c Cryptogra
used with
Public/pri
during DH
Encryptio
used with
Key for au
IPSec ESP
DRBG int
random nu
SP is describe
– Settings/R
Settings >
– Settings/R
– Settings/R
hentication us
1.10]
ured per SPD
shared key ca
ase letters, nu
T.1.2]
used, subject
HA-1, SHA-25
function are
key manag
quirements:
XT.1
tographic key
on
ey used for pr
ntication in IK
of TOE used
ation by digita
RSA, ECDSA
aphic key for
IKEv1
vate key gene
H/ECDH key
n key for cry
IPSec ESP
uthentication
P
ternal state fo
umbers
ed below.
Registration >
> IPSec Settin
Registration >
Registration >
88
sing either the
D rule. [FIA_P
an be set from
umbers, or sp
to SHA-1, S
56, and SHA
set from the
gement Fu
FCS_CKM.
y managemen
re-shared
KEv1
for
al signature
A) in IKEv1
encryption
erated
exchange
yptographic
used with
or generating
> Device Sett
ngs
> Preferences
> Preferences
e RSA algorit
PSK_EXT.1.
m 22 to 24. A
pecial charact
HA-256, and
A-384 is select
management
nction
1(a), FCS_
nt function is
Storage
SSD
SSD
RAM
RAM
RAM
RAM
RAM
tings > Prefer
s > Network S
s > Network S
D
Copyrig
thm, the ECD
.1]
vailable char
ters ( "!" , "@
d SHA-384. A
ted and used
t function from
_CKM.1(b),
described be
State
encripted
encripted
plain text
plain text
plain text
plain text
plain text
rences > Netw
Settings > IPS
Settings > IPS
Date of Issue: 2
ght Canon Inc
DSA algorithm
racters can be
@", "#", "$", "
As the hash al
by the negoti
m operation p
FCS_CKM
elow.
Method o
destructi
None
None
Lost due t
TOE pow
Lost due t
TOE pow
Lost due t
TOE pow
Lost due t
TOE pow
Lost due t
TOE pow
work > TCP/I
Sec Settings
Sec Policy Li
2022/07/27
c. 2021
m, or a
e any
%", "^",
lgorithm
iation of
panel or
M_EXT.4,
of
on
to
wer loss
to
wer loss
to
wer loss
to
wer loss
to
wer loss
IP
ist
[How to G
The TOE g
specificatio
CSP id
MFP ke
IKE cry
key
DH key
ECDH
IPSec c
key
IPSec a
key
The presha
from the o
panel and
The IPSec
the MFP k
operation p
The TOE g
random nu
AES-CBC
generation
[Encryptio
CSP
presh
MFP
IKE c
IPSec
IPSec
DH k
DRBG
The pre-sh
key pair, a
operation p
[How to de
Generate Cryp
generates enc
ons:.
dentification
ey pair
yptographic
y pair
key pair
cryptographic
authentication
ared key is se
peration pane
"●" in the re
authenticatio
key pair, U.AD
panel or the r
generates 128
umber genera
C or AES-GCM
n function wh
on key manag
identificatio
hared key
key pair
cryptographic
c cryptograph
c authenticati
key pair /
G internal sta
hared key, MF
and ECDH ke
panel or the r
estroy the enc
ptographic Ke
cryption keys
Cryptogr
Key Esta
RSA(204
ECDSA(P
AES-CBC
DH(Grou
ECDH(P
c AES-CBC
AES_GC
n HMAC
et (registered/
el or the remo
emote UI. [FP
on/DH/ECDH
DMIN can be
remote UI. [F
8 bit or 256 b
tion function
M encryption
en negotiatin
gement metho
n
c key /
hic key /
on key /
ate
FP key pair, I
ey pair are not
remote UI. [F
cryption key]
eys]
for use with
raphic Algori
ablishment Al
48 bits)
P-256, P-384
C
up14)
-256, P-384)
C
CM
/changed/dele
ote UI. The p
PT_SKP_EX
H key pair is g
e generated u
FCS_CKM.1
it AES-CBC
n when negoti
n key with a k
ng IPSec com
od]
Managem
It is encryp
TOE built
Store in R
IKE encryptio
t read or brow
FPT_SKP_EX
]
89
the IPSec en
ithm/
lgorithm
4)
eted) by U.AD
re-shared key
XT.1]
generated by
using the man
(a)]
encryption k
iating IPSec c
key length of
mmunications
ment method
pted by the S
t-in SSD.
RAM in plain
on key, IPSec
wsed by using
XT.1]
ncryption featu
List of St
NIST SP
rsakpg1-
FIPS PU
NIST SP
FIPS PU
NIST SP
NIST SP
Approve
NIST SP
FIPS PU
NIST SP
FIPS PU
NIST SP
FIPS PU
DMIN using
y text area is
negotiation d
nagement func
keys as IKE en
communicatio
128 or 256 b
as an IPSec e
SSD encryptio
text.
c encryption k
g the manage
D
Copyrig
ure based on
tandards
P800-56B Rev
-basic
UB 186-4
P800-56A Rev
UB 197(AES)
P800-38A(CB
P800-56A Rev
ed Safe-Prime
P800-56A Rev
UB 197(AES)
P800-38A(CB
UB 197(AES)
P800-38D(GC
UB 198-1
the managem
displayed as
during IPSec
ction of the T
ncryption key
ons. The TOE
bits using the
encryption ke
on function an
key, IPSec au
ement functio
Date of Issue: 2
ght Canon Inc
the following
v1:6.3.1.1
v3: 5.6.1.2.2
BC)
v3: 5.6.1.1
e Groups
v3: 5.7.1.2
BC)
CM)
ment function
"*" in the op
communicati
TOE from the
ys using the 7
E generates an
7.5.5 random
ey. [FCS_CK
nd stored in t
uthentication
on of the TOE
2022/07/27
c. 2021
g
of TOE
eration
ion. For
e
7.5.5
n
m number
KM.1(b)]
the
key, DH
E from the
The pre-sh
necessary t
The IKE e
internal sta
is lost whe
7.5.3 T
– Sup
FTP
The TOE i
TSF data t
Perpose
Managem
UI using
TSF negot
from a We
authenticat
(RFC 2818
However,
protection.
The encryp
algorithm
cr
AE
AE
TLS suppo
–
TLS suppo
FCS_TLS
–
–
–
–
–
–
–
hared key and
to destroy it.
ncryption key
ate becomes u
en the TOE is
TLS Encrip
pported fu
P_TRP.1(a),
is encrypted/d
to be transmit
ment with the
a Web Brow
tiates TLS com
eb browser on
tion using the
8 compliant).
IPSec encryp
. [FTP_TRP
ption algorith
conforms to F
ryptographic
ES-CBC
ES-GCM
orts the follow
TLS 1.2 (RF
orts the follow
S_EXT.1]
TLS_RSA_
TLS_RSA_
TLS_ECDH
TLS_ECDH
TLS_ECDH
TLS_ECDH
TLS_ECDH
d MFP key pa
y/IPSec encry
unnecessary w
s powered dow
ption Funct
unctional
FCS_TLS_E
decrypted by
tted/received
e Remote
wser
mmunication
n the client PC
e TLS protoc
[FCS_HTT
ption is alway
.1(a)]
hm and key u
FIPS PUB 19
algorithm
wing protocol
FC 5246)
wing ciphersu
_WITH_AES
_WITH_AES
HE_RSA_WI
HE_RSA_WI
HE_RSA_WI
HE_RSA_WI
HE_ECDSA_
air are encryp
yption key/IP
when the TOE
wn. [FCS_CK
tion
requiremen
EXT.1, FCS_
TLS in order
when U.ADM
User
U.ADMIN
n between the
C to a Web p
ol, establishe
PS_EXT.1]
ys used for rem
sed for encry
97. [FCS_CO
cryptog
128 bit
128 bit
ls. [FCS_TL
uites. [FCS_C
_128_CBC_S
_256_CBC_S
ITH_AES_12
ITH_AES_25
ITH_AES_12
ITH_AES_25
_WITH_AES
90
pted and store
PSec authentic
E is powered
KM_EXT.4/
nts:FCS_CO
_HTTPS_EX
r to ensure th
MIN uses the
e TOE and the
age of the TO
es a session us
mote UI oper
yption operati
OP.1(a)]
graphic key s
, 256 bit
, 256 bit
LS_EXT.1]
COP.1(a), FC
SHA
SHA
28_CBC_SHA
56_CBC_SHA
28_GCM_SH
56_GCM_SH
S_128_GCM_
ed in the TOE
cation key/DH
d down after t
/FCS_CKM.
P.1(a), FC
XT.1
he confidentia
e TOE for the
Pr
TL
e client PC w
OE by U.ADM
sing TLS, and
rations, and T
on are as foll
sizes list
NI
NI
CS_COP.1(c
A
A
HA256
HA384
_SHA256
D
Copyrig
E built-in SSD
H key pair/E
the IPSec com
.4]
CS_COP.1(c
ality and integ
e following pu
rotocol
LS/HTTPS
when a connec
MIN, perform
d starts HTTP
TLS encryptio
lows. The AE
t of standards
ST SP800-38
ST SP800-38
c), FCS_COP
Date of Issue: 2
ght Canon Inc
D. Therefore,
CDH key pai
mmunication
c), FCS_C
grity of user d
urposes.
ction request
ms server
PS communic
on is not requ
ES encryption
s
8A
8D
P.1(g),
2022/07/27
c. 2021
it is not
ir/DRBG
ends, and
COP.1(g),
data and
is made
cation
uired for
n
–
The setting
the
rem
ote
UI
by
U.A
DM
IN.
7.5.4 T
– Sup
FCS
The CSP h
CSP
identi
MFP k
ECDH
TLS p
secret
TLS s
DRBG
state
The life cy
[How to G
The TOE g
specificatio
CSP
ident
MFP
Op
pan
Re
TLS_ECDH
gs of the TLS
TLS Crypto
pported fu
S_CKM_EX
handled by th
ification
key pair
H key pair
premaster
t
session key
G internal
ycle of the CS
Generate Cryp
generates enc
ons:.
tification
key pair
peration
nel:
mote UI:
HE_ECDSA_
S encryption f
ographic ke
unctional
XT.4, FPT_SK
e TLS crypto
Descripti
Key pair o
authentica
signature
ECDSA).
Public/pri
ECDH
Pre-maste
communic
Cryptogra
communic
DRBG in
random nu
SP is describe
ptographic Ke
cryption keys
Cryptogr
Key Esta
RSA(204
ECDSA(P
– Settings/R
Settings >
– Settings/R
_WITH_AES
function are s
ey manage
requiremen
KP_EXT.1
ographic key m
ion
of the TOE u
ation with dig
method (RSA
ivate key gen
er secret used
cation
aphic key for
cation Encryp
ternal state fo
umbers
ed below.
eys]
for use with
raphic Algori
ablishment Al
48 bits)
P-256, P-384
Registration >
> TLS Setting
Registration >
91
S_256_GCM_
set from the m
ement Func
nts:FCS_CK
management
used for
gital
A or
nerated during
d for TLS
ption
or generating
the TLS encr
ithm/
lgorithm
4)
> Device Sett
gs
> Preferences
_SHA384
management f
ction
KM.1(a), F
function is d
Storage
SSD
g RAM
RAM
RAM
RAM
ryption featur
Lis
NIS
r
FIP
tings > Prefer
s > Network S
D
Copyrig
function from
FCS_CKM.1
described belo
State
encripted
plain text
plain text
plain text
plain text
re based on th
st of Standard
ST SP800-56
rsakpg1-basic
PS PUB 186-4
rences > Netw
Settings > TL
Date of Issue: 2
ght Canon Inc
m operation p
1(b), FCS_
ow.
Method
destruct
d None
t Lost due
TOE pow
loss
t Lost due
TOE pow
loss
t Lost due
TOE pow
loss
t Lost due
TOE pow
loss
he following
ds
6B Rev1:6.3.1
c
4
work > TCP/I
LS Settings
2022/07/27
c. 2021
anel or
_CKM.4,
of
tion
e to
wer
e to
wer
e to
wer
e to
wer
1.1
IP
ECDH
TLS s
For the MF
operation p
The TOE g
Function a
[How to m
CSP iden
MFP key
TLS sess
secret /E
internal s
Even if the
to read or b
the TOE b
[How to de
The MFP k
destroy it.
The TLS s
the TOE is
7.5.5 D
– Sup
The TOE p
generated b
encryption
TOE perfo
H key pair
session key
FP key pair, U
panel or the r
generates a T
at the start of
manage encryp
ntification
y pair
sion key/TLS
CDH key pai
state
e TOE manag
browse the T
uilt-in SSD.
estroy the enc
key pair is en
session key/T
s powered do
DRBG Fun
pported func
performs rand
by the random
n function.
DRBG
CTR_D
orms random
ECDH(P
AES-CBC
AES-GCM
U.ADMIN ca
remote UI. [F
TLS session k
TLS commun
ption keys]
premaster
ir/DRBG
gement functi
TLS session ke
[FPT_SKP_E
cryption key]
ncrypted and
TLS pre-maste
wn and is los
ction
ctional requir
dom number
m number ge
G algolithm
DRBG(AES)
number gene
-256, P-384)
C(128 bits, 2
M(128bits, 2
an be generat
FCS_CKM.1
ey/TLS pre-m
nication.[FC
Cryptograp
Key Establi
Encrypt by
built-in S
Store in plai
ion is used fro
ey/TLS pre-m
EXT.1]
]
stored on the
er secret/ECD
st when the T
rements:FCS
generation ba
neration func
)
eration by inp
92
56 bits)
56bits)
ed using the m
(a)]
master secret/
S_CKM.1(a)
phic Algorithm
ishment Algo
SSD encrypti
SSD
in text in RA
om the opera
master secret/
TOE embed
DH key pair/D
TOE is powere
S_RBG_EXT
ased on the fo
ction are used
List
NIST
putting an ent
NIS
NIS
FIP
NIS
FIP
NIS
management
/ECDH key p
), FCS_CKM
m/
rithm
ion function a
M.
ation panel or
/ECDH key p
ded SSD. Th
DRBG interna
ed down. [FC
T.1(network
ollowing spec
d by the IPSec
of Standards
T SP800-90A
tropy sequenc
D
Copyrig
ST SP800-56
ST SP800-56
PS PUB 197(A
ST SP800-38
PS PUB 197(A
ST SP800-38
function of t
pair using the
M.1(b)]
and store on T
the remote U
pair or the MF
herefore, it is n
al state is no
CS_CKM_EX
k), FCS_COP
cifications. T
c encryption
s
A
ce to CTR_DR
Date of Issue: 2
ght Canon Inc
6A Rev3: 5.6.
6A Rev3: 5.7.
AES)
8A(CBC)
AES)
8D(GCM)
the TOE from
7.5.5 DRBG
TOE
UI, there is no
FP key pair st
not necessary
longer neede
XT.4/FCS_C
P.1(c)
The random nu
function and
RBG accordi
2022/07/27
c. 2021
1.2.2
1.2
m the
G
o function
tored in
y to
ed when
CKM.4]
umbers
the TLS
ing to
NIST SP 8
As a noise
E3930) is u
string is ex
When the T
is input to
output from
more than
When the T
of 384 bits
CTR_DRB
7.6 Sig
7.6.1 T
– Sup
When a TL
PUB 186-4
–
–
SHA-256,
Here are th
–
–
–
7.6.2 I
– Sup
In the auth
by the follo
–
–
A hash val
[FCS_CO
Here are th
–
–
–
800-90A. [FC
source, a har
used as a noi
xtracted from
TOE is starte
the Linux PR
m a hardware
0.5 bits per b
TOE is reque
s is collected
BG to generat
gnature Ve
TLS Signat
pported func
LS session is
4. [FCS_COP
RSA Digita
Elliptic Cur
SHA-384, SH
he possible si
RSA2048:S
ECDSA-25
ECDSA-38
IPSec Sign
pported func
hentication us
owing algorit
RSA Digita
Elliptic Cur
lue calculated
OP.1(c)]
he possible si
RSA2048:S
ECDSA-25
ECDSA-38
CS_RBG_EX
rdware rando
se source by
m the hardware
ed, the RDSE
RNG, which i
e random num
bit, and Linux
ested to gener
from the Linu
te a random n
erification a
ture Gener
ctional requir
established, a
P.1(b)(tls)]
al Signature A
rve Digital Si
HA-512 are u
ignature algor
SHA-256, RS
6:SHA-256
4:SHA-384
nature Verif
ctional requir
sing the certif
thm based on
al Signature A
rve Digital Si
d by SHA-256
ignature algor
SHA-256, RS
6:SHA-256
4:SHA-384
XT.1.1(netwo
om number ge
1 hardware b
e random num
ED instructio
is the entropy
mber generato
x PRNG cont
rate a random
ux PRNG, wh
number of 25
and Genera
ration Func
rements:FCS
a signature is
Algorithm (rD
ignature Algo
used for signa
rithms and ha
SA2048:SHA
fication/Ge
rements:FCS
ficate in IKEv
n FIPS PUB 1
Algorithm (rD
ignature Algo
6 or SHA-38
rithms and ha
SA2048:SHA
93
ork)]
enerator built
base. When th
mber generato
on is executed
y source. It is
or, which is a
tains entropy
m number, an
hich is an ent
6 bits. [FCS_
ation Func
ction
S_COP.1(b)(
s generated us
DSA) with ke
orithm (ECDS
ature generati
ash combinat
-384, RSA20
eneration F
S_COP.1(b)(
v1 of IPSec, s
186-4. [FCS_
DSA) with ke
orithm (ECDS
4 is used for
ash combinat
-384
t in the proces
he RDSEED i
or.
d 128 times, a
known from
noise source
of at least 20
entropy sequ
tropy source,
_RBG_EXT.
ction
(tls) , FCS_C
sing the follo
y sizes of 204
SA) with key
ion. [FCS_C
ions.
048:SHA-512
Function
(ipsec), FCS_
signature veri
_COP.1(b)(ip
y sizes (modu
SA) with key
signature ver
ions.
D
Copyrig
ssor of TOE (
instruction is
and the acqui
[Rambus 20
e, contains a m
048 bits.
uence having
and input as
.1.2(network
COP.1(c)
wing algorith
48 bits
y lengths of 25
OP.1(c)]
2
_COP.1(c)
ification/gene
psec)]
ulus) of 2048
y sizes of 256
rification/gen
Date of Issue: 2
ght Canon Inc
(Intel Atom p
executed, a 3
ired 4096 bit
12] that a bit
minimum entr
a minimum e
a seed value
k)]
hm based on F
56 and 384 b
eration is perf
8 bits
bits or 384 b
neration.
2022/07/27
c. 2021
processor
32 bit bit
bit string
string
ropy of
entropy
into
FIPS
its
formed
bits
7.7 Se
– Sup
The TOE p
If an error
stops starti
Firmwar
–
7.8 Au
– Sup
FAU
The TOE g
The items
–
the followi
–
–
–
elf-Testing
pported func
performs the
is detected in
ing the TOE.
re Integrity C
The firmwa
FIPS PUB
the signatur
itself. [FCS
udit Log Fu
pported fun
U_SAR.2, FA
generates an a
in the audit l
Date and tim
the event
ing items are
job complet
Unsuccessf
Failure to e
Auditable ev
Start-up of
Shutdown
Job compl
Unsuccess
authentica
Function
ctional requir
following sel
n the followin
Check
are is previou
186-4, and th
re using a pu
S_COP.1(b)(u
unction
nctional req
AU_STG.1, F
audit log whe
og are as foll
me of the eve
also added fo
tion: Type of
ful User authe
stablish sessi
vent
f the audit fun
of the audit f
letion
sful User
ation/ identific
rements:FPT
lf-tests at star
ng self-test, th
usly signed u
he integrity is
ublic key held
update), FC
quirements:F
FAU_STG.4
en the follow
lows. [FAU_G
ent, subject id
for the follow
f job
entication/ ide
ion: Reason f
nctions
functions
cation
94
T_TST_EXT
rt-up. [FPT_T
he TOE displ
using RSA (
s verified by
d in advance
S_COP.1(c)]
FAU_GEN.1,
4, FAU_STG
ing events oc
GEN.2]
dentity, type o
ing events.
entification: t
for failure
Details and
TOE power
(Main Unit
TOE power
(Main Unit
End of Print
End of Scan
End of Copy
End of the f
End of the f
End of the d
*All of the a
FDP_ ACC.
Attempting
Attempting
Authenticati
T.1, FCS_CO
TST_EXT.1]
lays an error c
(key length 2
comparing a
with a hash v
]
, FAU_GEN
G_EXT.1, FM
ccur. [FAU_G
of event, and
the user name
Interfaces
ON
Power Switch
OFF
Power Switch
t Job
n Job
y Job
fax transmissi
fax reception j
document stor
above are inte
.1/FDP_ACF
to log in from
to log in from
ion attempts
D
Copyrig
OP.1(b)(upda
]
code on the o
2048 bits) an
hash value o
value calcula
N.2, FPT_S
MT_MTD.1
GEN.1]
the outcome
e of the authe
h, Operation
h, Operation
ion job
job
re and retriev
erfaces relate
F.1
m the operatio
m the remote
from the prin
Date of Issue: 2
ght Canon Inc
ate), FCS_CO
operation pan
nd SHA-256
obtained by d
ated from the
STM.1, FAU
(success or f
entication atte
Panel, Remo
Panel, Remo
ve Job
ed to
on panel
UI
nter driver
2022/07/27
c. 2021
OP.1(c)
nel and
based on
decrypting
firmware
U_SAR.1,
failure) of
empt
ote UI)
ote UI)
The date a
informatio
accurate da
office envi
by encrypt
the time se
pan
el or
the
rem
ote
UI.
[FP
T_S
TM
.1]
The TOE p
Only U.AD
man
age
men
t
func
tion.
The audit l
exported a
is sent to th
log is auto
exported a
encrypted/
TOE provi
The admin
remote UI.
Op
pan
Re
Re
Use of Dev
functions
Use of Use
functions
Modificati
Users that
Changes to
Failure to
and time infor
on of the TOE
ate and time f
ironment, and
tion/decryptio
erver for the t
provides the f
DMIN can se
log is exporte
at the specifie
he audit log s
matically del
at the next spe
/decrypted by
ides the follow
nistrator can v
. This feature
peration
nel:
mote UI:
mote UI:
vice managem
er manageme
ion to the gro
are part of a
o the time
establish sess
rmation recor
E is set manua
from a time s
d communica
on using IPSe
time managem
following fun
et the setting o
ed to the audi
d time, but w
server regardl
leted. If transm
ecified time. A
y the IPSec en
wing as an in
view the audi
e is only avail
– Settings/R
Date/Tim
– Settings/R
Settings >
– Settings/R
– Settings/R
– Settings/R
Export/Cl
ment
ent
oup of
role
sion
rded in the au
ally by using
server and syn
ation between
ec by the LAN
ment of the T
nctions for ex
of the audit lo
it log server a
when the audit
less of the sp
mission fails
All communi
ncryption fun
nternal audit l
t log by expo
lable to U.AD
Registration >
me Settings
Registration >
> SNTP Settin
Registration >
Registration >
Registration >
lear Audit Lo
95
Interface Us
Interface Us
Interface usa
registration/
Interface usa
settings
IPSec sessio
communicat
Failure to es
communicat
udit log is pro
the following
nchronizing t
n the TOE and
N data protec
TOE can be se
xporting audit
og exporting
as a csv file u
t log reaches
ecified time.
, retry is perf
ication betwe
nction. [FAU_
log storage fu
orting it as a C
DMIN. [FAU
> Device Sett
> Device Sett
ngs
> Preferences
> Preferences
> Managemen
og > Settings
sage Related
sage Related
age related to
/modification
age related to
on establishm
tion
stablish TLS
tion
ovided by the
g managemen
the time. The
d the time ser
ction function
et only by the
t logs to the a
function from
using the SMB
95% of the s
If the transm
formed multip
een the TOE a
_STG_EXT.
unction.
CSV file from
U_SAR.1][FA
tings > Prefer
tings > Prefer
s > Timer/Ene
s > Network S
nt Settings >
for Auto Exp
D
Copyrig
to FMT_SMF
to FMT_SMF
o role
n/deletion
o the ability to
ment failure fo
session for ne
TOE. The da
nt function or
time server i
rver is perform
n. In addition,
e U.ADMIN f
audit log serv
m the remote
B protocol. Th
torage capaci
mission succee
ple times. If i
and the audit
1]
m the followin
AU_SAR.2] [F
rences > Time
rences > Netw
ergy Settings
Settings > SN
Device Mana
port Audit Lo
Date of Issue: 2
ght Canon Inc
F.1
F.1
o manage dat
or network
etwork
ate and time
r by acquiring
is built in the
med for all IP
, the setting f
from the oper
er.
UI through th
he audit log i
ity (40,000 it
eds, the expor
t still fails, it
log server is
ng operations
FMT_MTD.
er/Energy Se
work > TCP/I
> Date/Time
NTP Settings
agement >
ogs
2022/07/27
c. 2021
te/time
g an
user's
P packets
for using
ration
he
is
tems), it
rted audit
is
s in the
.1]
ttings >
IP
e Settings
The
inte
rnal audit l
encryption
cannot be m
Up to 40,0
oldest stor
7.9 Tr
– Sup
[Checking
The TSF s
U.ADMIN
foll
owi
ng
oper
atio
ns.
[FP
T_TUD_E
[Ability to
The TSF s
manually u
rem
ote
UI.
[FP
T_
TUD_EXT
[Verify Fir
The TSF s
mechanism
based on F
remote UI
the update
7.10 Ma
7.10.1 U
– Sup
FM
Re
Op
pan
Re
Re
log data is sto
n function. Th
manually del
000 audit logs
ed audit log i
usted Upd
pported func
the Firmwar
hall provide U
N can check th
EXT.1.1]
o Initiate Upd
hall provide U
update the fir
T.1.2]
rmware Upda
hall provide a
m (Signature V
FIPS PUB 186
displays an e
started. [FPT
anagement
User Mana
pported fu
MT_SMR.1,
mote UI:
peration
nel:
mote UI:
mote UI:
ored in the TO
his TOE has n
leted because
s are maintain
is deleted and
ate Functio
ctional requir
re Version]
U.ADMIN th
he current ver
ates]
U.ADMIN th
rmware by sp
ates]
a means to ve
Verification b
6-4 and SHA
error message
T_TUD_EXT
t Function
agement Fu
unctional r
FMT_SMF
– Settings/R
Export/Cl
– Counter/D
Configura
– Status Mo
– Settings/R
Software
OE built-in S
no function or
the automati
ned. When th
d a new audit
on
rements:FPT
he ability to q
rsion of the fi
he ability to in
ecifying the f
erify firmwar
by RSA Digi
A-256) prior to
e and the upd
T.1.3, FCS_C
unction
requirements
F.1
Registration >
lear Audit Lo
Device Inform
ation
onitor/Cancel
Registration >
> Manual Up
96
SD, and the c
r interface to
ic export featu
e maximum n
log is saved.
T_TUD_EXT
query the curr
firmware from
nitiate update
firmware to b
re/software up
tal Signature
o installing th
date aborts. Th
COP.1(b)(up
s:FIA_PMG_
> Managemen
og > Export A
mation Key >
l > Device In
> Managemen
pdate
confidentialit
modify the c
ure is enabled
number of au
[FAU_STG
T.1, FCS_CO
rent version o
m the Remote
es to TOE firm
be updated by
pdates to the
Algorithm (r
hose updates.
he firmware r
pdate), FCS_
_EXT.1 ,
nt Settings >
Audit Logs
> Device Info.
formation
nt Settings >
D
Copyrig
ty is protected
contents of th
d. [FAU_STG
udit logs to rec
G.4]
OP.1(b)(upd
of the TOE fir
e UI and the o
mware/softw
y the followin
TOE using a
rDSA) with k
If firmware v
remains in th
_COP.1(c)]
FMT_MT
Device Mana
./Other > Che
License/Othe
Date of Issue: 2
ght Canon Inc
d by the SSD
he audit log. A
G.1]
cord is reache
ate), FCS_C
rmware/softw
operation pan
are. U.ADMI
ng operations
a digital signa
key sizes of 2
validation fai
e state it was
TD.1, FMT
agement >
eck Device
er > Register/
2022/07/27
c. 2021
Audit logs
ed, the
COP.1(c)
ware.
nel by the
IN can
in the
ature
048 bits
ils, the
in before
T_MSA.1,
/Update
The TOE l
following
FM
T_S
MF.
1]
The TOE l
can
be
perf
orm
ed
fro
m
the
rem
ote
UI
or the oper
[User Passw
User pass
"%" , "^" ,
"]", "_", "`
[FIA_PMG
[Roles]
There are f
User", and
roles.
If you wan
"Guest Use
"NetworkA
because th
In this con
associates
Op
pan
Re
Op
pan
Re
limits operati
operations ca
limits operati
ration panel.
Data
User passw
word]
swords can co
"&" , "*" , "
", "{", "|", "}
G_EXT.1]
five types of
d "Guest User
nt to create a n
er". However
Admin" roles
hey allow som
nfiguration, th
these roles w
peration
nel:
mote UI:
peration
nel:
mote UI:
ions on the fo
an be perform
ions on the fo
[FMT_MTD
word
ontain upperc
(" , ")" , "(spa
", "~"). The m
roles called b
r". "Administ
new Custom
r, custom role
that have be
me administra
he following t
with legitimate
– The user n
– Settings/R
Managem
(U.ADMI
– Settings/R
Authentic
– Settings/R
Managem
(the ownin
– Settings/R
Managem
User(U.A
– Settings/R
Authentic
ollowing secu
med from the r
ollowing data
D.1, FMT_SM
Ope
mod
creat
case, lowerca
ace)" , """ , "'
minimum num
base roles: "A
trator" is an a
Role , you ca
es based on th
en registered
ative privilege
two types of r
e users and m
name is displ
Registration >
ment > Authen
IN Only)
Registration >
cation Manag
Registration >
ment > Authen
ng U.NORMA
Registration >
ment > Authen
ADMIN Only)
Registration >
cation Manag
97
urity attributes
remote UI or
to the respec
MF.1]
ration
dify
te,modify,dele
ase, numeric,
'" , "+" , "," ,
mber of chara
Administrator
dministrator
an duplicate a
he "Administ
as custom ro
es.
roles (U. AD
maintains them
layed in the u
> Device Sett
ntication Man
> Managemen
gement (U.AD
> Device Sett
ntication Man
AL)
> Device Sett
ntication Man
)
> Managemen
gement (U.AD
s to the respe
the operation
ctive authoriz
ete
and special c
"-" , "/" , ":"
acters can be
r", "Power Us
base role, and
and edit from
trator" role an
oles (administ
MIN, U. NO
m during rem
upper right of
tings > Manag
nagement > R
nt Settings >
DMIN Only)
tings > Manag
nagement > C
tings > Manag
nagement > R
nt Settings >
DMIN Only)
D
Copyrig
ective authoriz
n panel. [FM
zed roles. The
Author
the own
U.ADM
characters ("!"
, ";" , "<" , "=
set to 15 or m
ser", "Genera
d other base r
m four types o
nd the "Devic
trators) befor
RMAL) are u
mote UI and op
f the operation
gement Settin
Register/Edit
User Manage
gement Settin
Change Passw
gement Settin
Register/Edit
User Manage
Date of Issue: 2
ght Canon Inc
zed roles. Th
MT_MSA.1,
e following op
rised role(s)
ning U.NOR
MIN
" , "@" , "#"
=" , ">" , "?",
more by U.AD
l User", "Lim
roles are cons
f Base Roles
ceAdmin" and
rehandare not
used. The TO
perations pan
n panel after
ngs > User
Authenticatio
ement >
ngs > User
word
ngs > User
Authenticatio
ement >
2022/07/27
c. 2021
he
perations
RMAL
, "$" ,
, "[", "¥",
DMIN.
mited
sumer
except
d
t used
OE
nel logins.
login.
on User
on
[FMT_SM
–
–
7.10.2 D
– Sup
FIA
The TOE c
effectively
Settings. [F
Also, the a
[FMT_MO
Managem
Function
Date/Tim
Manegem
Function
IPSec sett
Manegem
Function
MR.1]
U.ADMIN
Role with a
U.NORMA
A role for
base role "G
Device Man
pported
A_PMG_EXT
can perform t
y. You can do
FMT_SMF.1
ability to enab
OF.1]
ment
n
me setting
ment
tings
ment
administrative
AL
which you d
General User"
nagement
functional
T.1
the following
o this from the
1]
ble or desable
Item
Overview
Procedures
Overview
Procedures
e privileges. U
do not have a
".
Function
requirem
g managemen
e Remote UI
e the security
Descriptio
Date and t
You can a
Operation
Preference
Operation
Preference
Remote U
Settings >
Remote U
Settings >
Manage th
connection
which the
methods, a
The IKE c
enrollmen
the authen
(SHA 256
AES-CBC
can be sele
In the IPS
(SHA1, A
specificati
specificati
Operation
Preference
Remote U
Settings >
Remote U
98
Use the "Adm
administrative
ments:FMT_M
nt functions to
or from the o
y function [TL
on
time informat
also set it to sy
panel: Settin
es > Timer/En
panel: Settin
es > Network
UI: Settings/R
> Date/Time S
UI: Settings/R
> SNTP Settin
he Security Po
ns. The SPD
conditions ar
and whether t
configuration
nt and certific
ntication/encr
6, SHA 384) c
C can be set a
ected. You ca
ec communic
AES-CBC) can
ion and the au
ion.
panel: Settin
es > Network
UI: Settings/R
> IPSec Settin
UI: Settings/R
ministrator" ro
e privileges.
MTD.1,
o enable the s
operation pan
LS encryption
tion can be se
ync with the t
ngs/Registrati
nergy Setting
ngs/Registrati
k > TCP/IP Se
egistration >
Settings
egistration >
ngs
olicy Databas
defines the o
re applied, th
the settings a
in the SPD a
ate selection
ryption algori
can be selecte
s the encrypti
an also config
cation configu
n be specified
uthentication/
ngs/Registrati
k > TCP/IP Se
egistration >
ngs
egistration >
D
Copyrig
ole.
Use a custom
FMT_SMF.
ecurity funct
nel Settings/R
n function] is
et.
time server.
ion > Device
gs > Date/Tim
ion > Device
ettings > SNT
Preferences >
Preferences >
se (SPD) that
ther party's c
he negotiation
are enabled or
allows pre-sha
as authentica
thm setting, S
ed as the auth
ion method, a
gure the lifeti
uration in the
d as the IPSec
/encryption a
ion > Device
ettings > IPSe
Preferences >
Preferences >
Date of Issue: 2
ght Canon Inc
m role create
.1, FMT
ions to functi
Registration >
limited to U.
Settings >
me Settings
Settings >
TP Settings
> Timer/Ener
> Network
t defines IPSe
onditions to
n and encrypti
r disabled.
ared key
ation methods
SHA1 and SH
hentication ha
and the DH g
ime of IKE S
e SPD, ESP
c SA lifetime
algorithm
Settings >
ec Settings
> Network
> Network
2022/07/27
c. 2021
ed from a
_MOF.1,
ion
> Device
.ADMIN.
rgy
ec
ion
s. In
HA2
ash,
group
As.
e
TLS settin
Manegem
Function
Auto Res
setting
Manegem
Function
Lockout p
settings
Manegem
Function
Password
settings
Manegem
Function
ngs
ment
et Time
ment
policy
ment
d policy
ment
Overview
Procedures
Overview
Procedures
Overview
Procedures
Overview
Settings >
The TLS c
It is also p
be used fo
determine
when estab
Operation
Managem
Operation
Preference
Remote U
License/O
Remote U
Settings >
The admin
according
operation
remote UI
- Auto R
- Session
Operation
Preference
Operation
Preference
Remote U
Settings >
Remote U
Settings >
Remote U
Settings >
The locko
- Lockout
less.)
- Lockout
or more.)
Operation
Managem
Authentica
Settings
Remote U
Security S
Authentica
To require
functions
- Ability to
- Availabl
uppercase
"#" , "$" ,
"+" , "," ,
"`", "{", "|
99
> IPSec Policy
cipher feature
possible to sel
or TLS encryp
s the digital s
blishing a TL
panel: Settin
ent Settings >
panel: Settin
es > Network
UI: Settings/R
Other > Remot
UI: Settings/R
> TLS Setting
nistrator can s
to the Auto R
panel and the
I.
Reset Time: 10
n settings: 15
panel: Settin
es > Timer/En
panel: Settin
es > Timer/En
UI: Settings/R
> Power Save
UI: Settings/R
> Power Save
UI: Settings/R
> Network Set
ut tolerance a
tolerance: 1 t
time: 1 to 60
panel: Settin
ent Settings >
ation/Passwo
UI: Settings/R
Settings > Aut
ation Functio
e the user to s
are provided
o set a minim
le Characters
, lowercase, n
"%" , "^" , "&
"-" , "/" , ":" ,
", "}", "~").
y List
e is defined to
lect an encryp
ption commun
signature algo
LS session.
ngs/Registrati
> License/Oth
ngs/Registrati
k > TCP/IP Se
egistration >
te UI
egistration >
s
set the respec
Reset time wh
e session setti
0 seconds to 9
to 150 minut
ngs/Registrati
nergy Setting
ngs/Registrati
nergy Setting
egistration >
Settings > A
egistration >
Settings > R
egistration >
ttings
and lockout ti
to 10 (The de
0 minutes (Th
ngs/Registrati
> Security Se
ord Settings >
egistration >
thentication/P
on Settings
set a robust pa
to ensure the
mum password
numeric, and
&" , "*" , "("
, ";" , "<" , "=
D
Copyrig
o start or stop
ption key and
nication. Thi
orithm and ke
ion > Device
her > Remote
ion > Device
ettings > TLS
Management
Preferences >
ctive automat
hen logging i
ing when log
9 minutes (de
tes (default 15
ion > Device
gs > Auto Res
ion > Device
gs > Restrict A
Preferences >
Auto Reset Tim
Preferences >
estrict Auto R
Preferences >
ime can be se
efault setting
he default sett
ion > Device
ettings >
> Authenticati
Management
Password Set
assword, the
e quality of th
d length of 15
special chara
, ")" , "(space
=" , ">" , "?",
Date of Issue: 2
ght Canon Inc
p working.
d a certificate
s selection
ey length to u
Settings >
e UI
Settings >
S Settings
t Settings >
> Network
tic logout tim
in from the
ging in from
efault 2 minut
5 minutes)
Settings >
set Time
Settings >
Auto Reset T
> Timer/Ener
me
> Timer/Ener
Reset Time
> Timer/Ener
et.
is 3 times or
ting is 3 minu
Settings >
ion Function
t Settings >
ttings >
following
he password.
5 to 32 charac
acters ("!" , "@
e)" , """ , "'"
"[", "¥", "]",
2022/07/27
c. 2021
to
use
es
the
tes)
Time
rgy
rgy
rgy
utes
cters
@" ,
,
"_",
Audit log
Manegem
Function
Trusted U
Manegem
Function
g
ment
Update
ment
Procedures
Overview
Procedures
Overview
Procedures
Operation
Managem
Authentica
Remote U
Security S
Settings
Can retriev
You can c
to the audi
Remote U
Device M
Specify th
Remote U
License/O
100
panel: Settin
ent Settings >
ation/Passwo
UI: Settings/R
Settings > Aut
ve internally
configure the
it log server.
UI: Settings/R
anagement >
he firmware to
UI: Settings/R
Other > Regist
ngs/Registrati
> Security Se
ord Settings >
egistration >
thentication/P
stored audit l
destination se
egistration >
Export/Clear
o update
egistration >
ter/Update So
D
Copyrig
ion > Device
ettings >
> Password Se
Management
Password Set
logs
ettings for sen
Management
r Audit Log
Management
oftware > Ma
Date of Issue: 2
ght Canon Inc
Settings >
ettings
t Settings >
ttings > Passw
nding audit lo
t Settings >
t Settings >
anual Update
2022/07/27
c. 2021
word
ogs
8 Refe
[Rambus 2
Analysis of
2012.
https://www
erences
012]
f Intel's Ivy B
w.rambus.com
ridge Digital R
m/intel-ivy-bri
Random Num
idge-random-n
101
mber Generato
number-gener
r, Cryptograp
rator/
D
Copyrig
hy Research a
Date of Issue: 2
ght Canon Inc
a division of R
2022/07/27
c. 2021
Rambus,
Fin