This docu written in ima im im ima ima ument is a tr n Japanese. C gePRE mageP mageP gePRE agePR with F Secur Ver 20 Ca ranslation o 1 Canon ESS C PRESS PRESS ESS L ESS L Fax & rity Ta rsion 1. 22/07/2 non In of the evalua n C2970K S C270 S C265 Lite C2 Lite C2 PDL arget .02 27 nc. ated and cer D Copyrig KG/ 0/ 5/ 270/ 265 rtified secur Date of Issue: 2 ght Canon Inc rity target 2022/07/27 c. 2021 1 ST 1.1 S 1.2 T 1.3 T 1.3.1 1.3.2 1.3.3 1.4 T 1.4.1 1.4.2 1.5 T 2 Co 2.1 C 2.2 P 2.3 S 2.4 C 3 Sec 3.1 T 3.2 A 3.2.1 3.2.2 3.3 T 3.4 O 3.5 A 4 Sec 4.1 S 5 Ext 5.1 F 5.2 F 5.3 F 5.4 F 5.5 F 5.6 F 5.7 F 5.8 F 5.9 F 5.10 F 5.11 F 5.12 F introduction ST reference TOE referen TOE overvie TOE Ty Usage a Require TOE descrip Physica Logical Terms and A nformance cl CC Conform PP claim, Pa SFR Package Conformance curity Proble TOE Users. Assets ....... User Da TSF Da Threats...... Organization Assumptions curity Object Security Obj tended comp FAU_STG_EX FCS_CKM_E FCS_HTTPS FCS_IPSEC_ FCS_KYC_EX FCS_RBG_EX FCS_SMC_E FCS_TLS_EX FDP_DSK_EX FDP_FXS_EX FIA_PMG_EX FIA_PSK_EX n ................ e............... nce............ ew............. ype ........... and Major Se d Non-TOE ption.......... l scope of th scope of the Abbreviation laims .......... mance claims ackage claim es ............. e rationale.. m Definition ................ ................ ata ............ ata............. ................ nal Security s............... tives........... jectives for t ponents defini XT Extende EXT Extende S_EXT Exten _EXT Extend XT Extende XT Extende XT Extende XT Extended XT Extended XT Extended XT Extended XT Extended Tabl .................. ................ ................ ................ ................ ecurity Featu E Hardware a ................ he TOE...... e TOE ....... s .............. .................. ............... ................ ................ ................ ................. ................ ................ ................ ................ ................ Policies ..... ................ .................. the Operatio ition ........... d: External ed: Cryptogr nded: HTTPS ded: IPsec se d: Cryptogr d: Cryptogra d: Submask d: TLS selec d: Protectio d: Fax Separ d: Password : Pre-Shared 2 e of Cont .................. ................ ................ ................ ................ ures of the T and Software ................ ................ ................ ................ .................. ................ ................ ................ ................ .................. ................ ................ ................ ................ ................ ................ ................ .................. onal environm .................. Audit Trail S raphic Key M S selected .. elected ...... aphic Opera aphic Opera Combining. cted ........... n of Data on ration ........ Managemen d Key Comp tents .................. ................ ................ ................ ................ TOE.......... e ............... ................ ................ ................ ................ .................. ................ ................ ................ ................ .................. ................ ................ ................ ................ ................ ................ ................ .................. ment ......... .................. Storage...... Management ................ ................ ation (Key C ation (Random ................ ................ n Disk........ ................ nt.............. position...... D Copyrig ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................. ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................. ................ ................. ................ ................ ................ ................ haining)..... m Bit Gener ................ ................ ................ ................ ................ ................ Date of Issue: 2 ght Canon Inc ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................. ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................. ................ ................. ................ ................ ................ ................ ................ ration)........ ................ ................ ................ ................ ................ ................ 2022/07/27 c. 2021 .........5 ........ 5 ........ 5 ........ 5 ........ 5 ........ 6 ........ 6 ........ 7 ........ 7 ........ 8 ...... 11 ....... 14 ...... 14 ...... 14 ...... 14 ...... 14 ....... 15 ...... 15 ...... 15 ...... 15 ...... 15 ...... 17 ...... 17 ...... 17 ....... 19 ...... 19 ....... 20 ...... 20 ...... 20 ...... 21 ...... 22 ...... 24 ...... 24 ...... 25 ...... 26 ...... 28 ...... 28 ...... 29 ...... 30 5.13 F 5.14 F 5.15 F 5.16 F 6 SE 6.1 N 6.2 S 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.2.6 6.2.7 6.2.8 6.2.9 6.2.1 6.2.1 6.3 S 6.4 S 6.4.1 7 TO 7.1 U 7.2 A 7.2.1 7.2.2 7.2.3 7.2.4 7.2.5 7.2.6 7.3 P 7.4 S 7.4.1 7.4.2 7.5 L 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.6 S FPT_KYP_EX FPT_SKP_EX FPT_TST_EX FPT_TUD_EX CURITY REQ Notation .... Security func Class FA Class F Class F 4 Class F Class F 6 Class F Class F Class F Class F 0 Class F 1 Class F Security Ass Security func The dep OE Summary User Authen Access Cont Print pr Scan pr Copy pr 4 Fax tran Fax rec 6 Docume PSTN Fax-N SSD Encrypt Encrypt Cryptog LAN Data P IPSec E IPSec C TLS En 4 TLS Cry DRBG F Signature Ve XT Extended XT Extended XT Extended XT Extende QUIREMENT ................ ctional requi AU: Security CO: Commu CS: Cryptog DP: User Da IA: Identific MT: Securit PR: Privacy PT: Protecti RU: Resourc TA: TOE A TP: Trusted surance Requ ctional requi pendencies o specification ntication Fun trol Function rocess contro ocess contro rocess contr nsmission pr eption proce ent store and Network Sep tion Functio tion/Decrypt graphic key m rotection Fu Encription Fu Cryptographi cription Fun yptographic Function .... erification an d: Protection d: Protection d: TSF testin d: Trusted U TS .............. ................ irements .... y Audit...... unication.... graphic Supp ata Protectio ation and Au y Manageme ................ ion of the TS ce Utilizatio ccess ........ d Paths/Cha uirements... irements rat of security re ................. nction........ n .............. ol function . ol function.. rol function . rocess contro ess control . d retrieve pr aration Func n.............. tion Functio management unction ...... unction ...... c key manag nction ........ key manage ................ nd Generatio 3 n of Key and n of TSF Dat ng............. Update....... .................. ................ ................ ................ ................ port........... on............. uthentication ent............ ................ SF ............ n.............. ................ nnels......... ................ ionale........ equirements .................. ................ ................ ................ ................ ................ ol ............. ................ rocess contr ction ......... ................ on ............. t function ... ................ ................ gement Func ................ ement Funct ................ on Function d Key Mater ta ............. ................ ................ .................. ................ ................ ................ ................ ................ ................ n .............. ................ ................ ................ ................ ................ ................ ................ ................ ................ .................. ................ ................ ................ ................ ................ ................ ................ ol function . ................ ................ ................ ................ ................ ................ ction.......... ................ ion............ ................ ................ D Copyrig rial ............ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ Date of Issue: 2 ght Canon Inc ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ 2022/07/27 c. 2021 ...... 31 ...... 32 ...... 32 ...... 33 ....... 35 ...... 35 ...... 35 ...... 35 ...... 37 ...... 37 ...... 52 ...... 56 ...... 59 ...... 62 ...... 62 ...... 63 ...... 63 ...... 64 ...... 65 ...... 66 ...... 66 ....... 70 ...... 70 ...... 71 ...... 71 ...... 73 ...... 75 ...... 77 ...... 79 ...... 81 ...... 84 ...... 84 ...... 84 ...... 85 ...... 86 ...... 86 ...... 88 ...... 90 ...... 91 ...... 92 ...... 93 7.6.1 7.6.2 7.7 S 7.8 A 7.9 T 7.10 M 7.10. 7.10. 8 Ref Trademark - Canon DX, im - Micro tradem - All na respec TLS Sig IPSec Si Self-Testing Audit Log F Trusted Upd Management 1 User Ma 2 Device ferences...... k Notice n, the Canon magePRESS, soft, Window marks of Micr ames of comp ctive compani gnature Gene ignature Ver Function... unction...... date Functio t Function .. anagement F Management ................. logo, image imagePRES ws, Windows rosoft Corpor panies and p ies. eration Func rification/Ge ................ ................ n.............. ................ Function .... t Function.. .................. eRUNNER, i SLite are trad Server 2012 ration in the U roducts conta 4 ction.......... eneration Fu ................ ................ ................ ................ ................ ................ .................. imageRUNN demarks or re 2, Windows 1 U.S. and othe ained herein ................ unction ...... ................ ................ ................ ................ ................ ................ .................. NER ADVAN egistered trad 10, Microsoft er countries. are trademar D Copyrig ................ ................ ................ ................ ................ ................ ................ ................ ................. NCE, imageR demarks of Ca t Edge are tra rks or registe Date of Issue: 2 ght Canon Inc ................ ................ ................ ................ ................ ................ ................ ................ ................. RUNNER AD anon Inc. ademarks or r ered trademar 2022/07/27 c. 2021 ...... 93 ...... 93 ...... 94 ...... 94 ...... 96 ...... 97 ...... 97 ...... 98 ......101 DVANCE registered rks of the 1 ST i 1.1 ST This sectio ST nam Version Issued b Date of 1.2 TO This sectio TOE nam Version This TOE The TOE c informatio of the fax, below. Type inform manuf MFP b firmwa fax page langua 1.3 TO 1.3.1 T The TOE i and retriev ntroductio T reference on provides th e: Can Lit n: 1.02 by: Can Issue: 202 OE referenc on provides th me: Can Lit n: 210 consists of th can be confirm on of the MFP and the ident of identifica mation facturer name body are description age processin OE overview TOE Type is an MFP ha val function. on e he Security T non imagePR e C270/ imag 2 non Inc. 22/07/27 ce he TOE ident non imagePR e C270/ imag 0 he MFP body med by the id P body, the id tification info Table 1 - Th ation Jap e [Can One [210 [スー ng [PCL w aving a print f Target (ST) id RESS C2970K gePRESS Lite tification info RESS C2970K gePRESS Lite y, firmware, fa dentification dentification i ormation of th he identifica anese non] of [iPR C270 0] ーパーG3FAX L] and [PS] function, a sc 5 dentification i KG/ imagePR e C265 with F ormation. KG/ imagePR e C265 with F fax, and page information o information o he page descr ation inform 0], [iPR C265 X ボード・AX an function, a nformation. RESS C270/ i Fax & PDL S RESS C270/ i Fax & PDL description la of the manufa of the firmwar ription langua mation of th Eng 5] X] [Sup a copy functi D Copyrig imagePRESS Security Targ imagePRESS anguage proc acturer name, re, the identif age processin he TOE glish per G3 FAX on, a fax func Date of Issue: 2 ght Canon Inc S C265/ image get S C265/ image cessing (see T , the identific fication infor ng shown in T Board-AX] ction, and a S 2022/07/27 c. 2021 ePRESS ePRESS Table 3). cation rmation Table 1 Storage 1.3.2 U The TOE i and retriev TOE has a for docum encryption verification integrity o function an the TOE, upugrade e Figure 1 sh 1.3.3 R The non-T 1) Time S The TOE c Standard E 2) Audit An externa Edition) fo 3) Client Generic PC and setting Usage and is an MFP ha val function. a user authen ment data and n function o n/generation of TSF execut nd sends the m a reliable up execution cod hows the assu Required N TOE hardware Server communicate Edition.) to ob Log Server al audit log se or storing TO t PC C running Wi g a printer dri Major Sec aving a print In order to p ntication func d functions b of the TOE function tha tion codes at monitoring re pdate functio de, and a man umed operatio Figure Non-TOE H e and softwar es with SNTP btain accurate erver (This op E-generated indows 10. A iver (In this o curity Featu function, a s protect these tion that iden based on aut embedded at protect net t startup, an a esults (audit l on that updat nagement fun onal environm 1 Operatio ardware an re configurati P-enabled serv e time. peration assu audit logs. Th A user having operation, the 6 ures of the scan function documents fr ntifies and au thority, a PS SSD, a LA twork commu audit log func logs) to an au te execution nction that lim ment when us onal environ nd Softwar ions in Figure vers (This op umes SMB ser he audit log s an account in printer drive TOE n, a copy func from unautho uthenticates th STN fax-netw AN data prot unications, a ction that mo udit log server code while mits security s sing the funct nment of the re e 1 are shown eration assum rvers using W server obtains n TOE can se er described in D Copyrig ction, a fax fu rized alterati he user, an a work separati tection funct a self-test fun onitors the us r, and stores a confirming settings to adm tions of the T e TOE n below. mes Windows Windows Serv s the audit log end a print job n Table 2 is a Date of Issue: 2 ght Canon Inc unction, and on and disclo access control ion function, tion and a nction that ch se of the TOE audit logs int authenticity ministrators. TOE. s Server 2012 ver 2012 R2 S g in SMB. b to TOE by assumed.) 2022/07/27 c. 2021 a Storage osure, the l function , an SSD signature hecks the E security ternally in of TOE's 2 R2 Standard installing correspond (Microsoft Print Gener (Jap Gener Gener 4) File Se Storage sp Windows S 5) Firewa A device th Internet en this TOE a 6) Fax To transmi expected. 1.4 TO 1.4.1 P TOE is a d The digital designated installed) a PCL/PS fe appropriate MFP Bod (Controll imagePRE imagePR imagePR 1 The purc firmware e ding to this T t Edge is assu er Driver ric Plus UFRI panese name: ric Plus PS3 P ric Plus PCL6 erver pace when sen Server 2012 R all hat protects t nvironment. T and does not a it and receive OE descript Physical sc digital multifu l multifunctio d Controller V and page desc eature). As Ta e options to m y er Version 2 ESS C2970KG RESS Lite C2 RESS Lite C2 chase of the P enabled. Ther TOE. In additi umed in this c II Printer Driv Generic Plus Printer Driver 6 Printer Drive nding scanned R2 Standard he internal ne This indicates assume any s e a fax image tion cope of the unction devic on peripheral Version opera cription langu able 3- Produ match the sell 10) S G K 270 265 A PCL option/P re are no ship ion to printing case) to use m Table 2 - ver V2.50 LIPSLX Prin V2.50 er V2.50 d documents Edition. etwork to wh s that the envi specific produ via TOE and e TOE ce and guidan constituting ates, and has a uage processi uct Line-up , f ling name in Table 3 - P Sales area Korea Americas PS option prov pments for thi 7 g, administra management c - Printer Dri nter Driver V2 with TOE. T hich a TOE co ironment sati uct. d PSTN. Faxe nce. the TOE is an a fax function ing (If option fax board, PC the selling ar Product Lin fax board Super G3 FA Board-AX1 Super G3 FA Board-AX1 vides an MFP is option. ators can acce capabilities o iver 2.50) This operation onnects from sfies the Usa es compatible n MFP body n (in the case nal, purchase P CL option, and rea. ne-up PCL AX Not re (stand equip AX Not re (stand equip P with the PC D Copyrig ess TOE throu f the TOE. n assumes an unauthorized ge Assumptio e with the G3 in which the of an option PCL option, P d PS option n option1 equired dard ment) equired dard ment) CL/PS process Date of Issue: 2 ght Canon Inc ugh a web bro SMB server u d access from ons A. NETW standard are firmware of , a fax board PS option to need to procu PS option1 imagePRESS PS Printer Kit-G1 imagePRESS PS Printer Kit-G1 sing function 2022/07/27 c. 2021 owser using m the WORK of e the is enable ure the S S n of the imagePR imagePR *The Korea from simila A service e (not direct page descr (not direct Therefore, identificati and page d The follow guidance w When acce product to (Japan - im ー - im - im ガ (Engli - im S - im * - im (f - im V - im C 1.4.2 L The logica audit log s RESS C270 RESS C265 an governmen ar model name engineer disp ly distributed ription langua ly distributed the delivere ion informati description lan wing guidance will be distrib essing the we obtain the gu nese name) magePRESS ー設定 アドミ magePRESS magePRESS ガイド(CC 認証 ish name) magePRESS Settings Admi magePRESS USE Version magePRESS for CC certifi magePRESS Version magePRESS CC certificatio Logical sco al scope of the ervers, client J E O / nt model diffe es is that there patched from d to consumer age processin d to consumer d item is an ion (MFP fron nguage proce e contained in buted to TOE ebsite, select y uidance below C270/C265 ミニストレータ C270 / C265 C270/C265 証参照用) [ (Lite) C270/C inistrator Gui Lite C270/C2 n Lite C270/C2 ication refere C270/C265 U C270/C265 s on reference) ope of the e TOE is show t PCs, faxes, a Japan Europe/ Oceania/Asia /Korea ers from other e is a "9" in th a sales comp rs) of a design ng (PCL, PS) rs), and provi MFP body d nt panel MFP essing) descri n the TOE is consumers in your region o w. シリーズ用 P ーガイド [US ユーザーズ シリーズ用 A [USRMA-762 C265 Series P ide [USRMA 265 User’s G 265 series AC ence) [USRM User’s Guide series ACCES [USRMA-76 TOE wn in Figure and time serv Figure 2 TO 8 Not required (standard equipment) Super G3 FA Board-AX1 models in term he middle of th pany attaches nated control to a valid sta ides the MFP delivered after P name and M ibed in Table available at t n a PDF file v of purchase an Protection Pr SRMA-7623- ガイド(CC 認 ACCESS MA 25-00] Protection Pr A-7626-00 202 Guide (for CC CCESS MAN MA-7628-00] (for CC certi SS MANAGE 630-00] *APE 2 TOE Logic vers). The sec OE Logical d PCLエ ション ト・AS AX Not re (stand equip ms of the nam he number and a fax board t ller version br ate according P body to cons r the above o MFP operation 1. the direction o via the websi nd select the ofile for Hard -00 20220623 認証参照用) ANAGEMEN rofile for Hard 220610] C certification NAGEMENT *USE Versi fication refer EMENT SYS E Version cal Boundary curity function Boundary D Copyrig エミュレー ン拡張キッ S1 equired dard ment) me of the prod d KG is added to the MFP bo rought by the to purchased sumers. operation, and n panel MFP of the service ite (https://oip appropriate m dcopy Device 3] [USRMA-76 NT SYSTEM dcopy Device n reference) [U T SYSTEM A on rence) [USRM STEM Admin y (Excluding u ns of the TOE Date of Issue: 2 ght Canon Inc PSマルチキ ト・G1 imagePRESS PS Printer Kit-G1 duct. The diffe d after the num ody, installs f e service engi d license infor d is identified P body, firmw e engineer. Th p.manual.can model of CC c es 対応 セキ 624-00] アドミニストレ es adaptive S USRMA-762 Administrator MA-7629-00] nistrator Guid users, file ser E are shown i 2022/07/27 c. 2021 ッ S erence mber. firmware ineer, sets rmation d by each ware, FAX, he on/). certified キュリティ レーター ecurity 27-00] Guide ] *APE de (for rvers, in color. TOE has th – Print This fu transm – Scan This fu in TIF – Copy This fu – Fax fu Fax Tra This fu Fax Re This fu the Inb – Docu Docum scanne (Print, space UI Func Audit Log Se LAN Data Prot File Managem Function Audit Log User A Sel Ma Op Di TOE he following function function prints mitted from a function function trans FF or PDF file y function function dupli function ansmission fu function faxes eception funct function recei box (system b ument Storage ment managem er can be save , send (system or system bo erver tection ment Fi LAN D File Sh DocDa Print Scan Authentication Function lf-Testing Function anagement Function perate/ isplay digital multif s an electroni client PC on mits an electr e format. icates a paper unction s an electroni tion ives an electr box) without e and Retriev ment function ed as an imag m box docum x. LAN Data Protec User ile Server Data Protection hare Function W B ata Hardcopy document Out Input Func Fax Copy n Access Contro Audit Log F Trusted U function mac ic document i paper. ronic docume r document by c document g ronic docume being printed al function n of the adva ge in the pers ments only)), o 9 tion Function Client PC LAN Data Protection Web Browser DocData tput Func Storage / Retrieval ol Function Function Sig Ge Hardcopy document Update Printer Driver hine function in a digital co ent generated y scanning an generated by ent via the PS d. nced box and onal space of or delete an el SSD Time Ser Time Fun TimeInfo PSTN Fax-Network Separation SSD Encryption Fun gnature Verification and eneration Function LAN Data Pr ns. omposite mac d by scanning nd printing th scanning a pa STN. When r d the system b f the advance lectronic doc D Copyrig rver nction nction d rotection Docdata chine or an el a paper docu he paper docu aper documen receiving a fa box. A docum d box. You c ument stored Date of Issue: 2 ght Canon Inc Flow of data FAX PSTN lectronic docu ument to a fil ument. nt through the fax, the file is ment loaded b can rename, re d in your pers 2022/07/27 c. 2021 ument e server e PSTN. s saved in by a etrieve onal The TOE h – UI Fu The ab display It also brows – Outpu The ab – Input The ab The TOE h - User A Perfor require remote the pri interna previo display authen authen - Acces Restric - PSTN To pre - SSD E A TO TOE cope RAM encry unnec - LAN D To en an ex remot embe of the - Signat It has comm - Self-T At bo has the follow unction bility for the y a screen on o has a remot er operation o ut Function bility of the T Function bility of TOE has the follow Authenticatio rms authentic es the user to e UI, and con inter driver be al authenticat ously assigned yed by a spec ntication fails ntication. s Control Fun ct access to jo Fax-Network event the intru Encryption Fu OE built-in SS built-in SSD with the threa M area of the yption chip, a cessary and e Data Protecti ncrypt LAN d xternal device te UI. The p dded SSD an e TOE and is ture Verificat s a function munication of Testing Functi oot time, verif wing general e user to oper n the operation te UI function of a client PC TOE to print p E to scan pape wing security n Function ation on the u o enter a user nfirms that the efore acceptin tion to authen d to the user. cific characte s, and a functi nction obs, electroni k Separation usion into a L unction SD is taken a D is encrypted at of reading encryption c and is manage rased when th on Function data by IPSec e and a remo pre-shared k nd protected. erased when tion and Gene of verifying f LAN data. ion fy firmware i functions. rate the TOE n panel. n for perform C. paper docume er documents. functions. user, to preve name and pa e user is an au ng a job from nticate within When authen er. It has a fun ion of automa ic documents LAN by limit away and co d by an encry data recorded chip when th ed so as not he power of t c or TLS as a ote UI, and T ey and the The key gen the power of eration Funct g/generating a ntegrity with 10 E using the o ming TOE op ents. . ent any unauth ssword when uthenticated u m the printer d n the TOE. Gi ntication is pe nction of restr atically loggi s, and features ting the use o nnected to an yption chip b d in the SSD. he power of t to be taken o the TOE is tu a sniffing cou TLS is also av server privat nerated during f the TOE is t tion a digital sign h signature ve operation pan peration and m horized acces n operating fro user. The use driver. Verific ive the authen erformed, the ricting access ng out when s based on ro f a PSTN to a nother body built in the di . The key use the TOE is t out to the out urned off. untermeasure vailable whe te key are e g communica turned off. nature for ve rification. D Copyrig nel, and the a management ss to the TOE om the opera er name is aut cation of user nticated user e inputted pas s by a defined no operation ole. a fax function or a PC, and igital multifu ed for encrypt turned on, an tside. The en e. IPsec is use en an adminis encrypted and ation is gener erifying the i Date of Issue: 2 ght Canon Inc ability for the through a ne E. User authen ation panel or thenticated th r information the privilege ssword charac d rule when state continu n. d all data stor unction devic tion is genera nd is used on ncryption key ed when conn strator conne d stored on rated in the R integrity of e 2022/07/27 c. 2021 e TOE to etwork by ntication the hrough n supports s cter is ues after red in the e body to ated in the nly in the y becomes necting to ects to the the TOE RAM area encrypted - Audit An au of the is rec All sa admin comm numb new a - Truste When digita - Manag User functi admin 1.5 Te For terms u Follow the Ter Abbrev Multi-Func Product (M Control so PDL Control pa Remote UI SSD Log Function udit log is ge e unit and the orded using t aved audit lo nistrator cann munication. T ber of audit lo audit log is re ed Update Fun n updating th al signature in gement Funct management ions for pro nistrators only erms and A used in this S e definition. D rms / viations ction MFP) oftware anel I n nerated with e operation of the managem ogs can only not change th There is a lim ogs exceeds etained. nction he TOE firmw n order to con tion t functions f operly opera y Abbreviatio ST that are de Definitions of Ta A machine as copier, fa facilitate su Software th It is a page types. The p description One of the h operation k An interfac allow the ac operations, administrato A nonvolati and protecte the user nam f the user can ment function be browsed he audit log. T mit on the nu the maximum ware, it has nfirm that the for registerin ating variou ns efined in CC a f other terms ble 4 - Term which incorp ax, printer, an uch capabilitie hat runs on the description la print function language and hardware elem eys, which pr e that provide cquisition of and making v ors. ile storage de ed assets are 11 me of the oper n be audited, a or the exact d by the admi The audit log umber of aud m number of a function o correct firmw ng and delet us security and PP that a are given in T s and Abbr D porates the fu nd Universal es. e hardware o anguage expr n converts pri d prints the ge ments of the rovides the in es access to th operating sta various settin evice built int stored. rated user an and is stored date and time nistrator via g is stored in dit logs in the f retention, th f verifying th ware is used. ting users an functions, b are claimed to Table 4. reviations escription unctionality of Send, and co f the device, ressing print c int data expre enerated imag MFP, consist nterface for op he MFP from atus, perform j ngs. This inter to a digital mu D Copyrig nd the set tim in the TOE b e synchronize the remote U an audit log e TOE embe he oldest aud he firmware nd roles and both of whi o be complian f multiple dev ontaining a lar and controls contents, and essed in the co ge on paper. ting of a touc peration of th m a Web brow job operation rface is only ultifunction d Date of Issue: 2 ght Canon Inc e so that the built-in SSD. d with the tim UI. However server using edded SSD, a it log is dele by version d d device man ich are rest nt in Section 2 vices in one, rge capacity S security func d there are var orresponding ch panel and he MFP. wser via the L ns or BOX available to device. Firmw 2022/07/27 c. 2021 operation The time me server. r, even an protected and if the eted and a display or nagement tricted to 2, such SSD to ctions. rious g page LAN, to ware Ter Abbrev Roles Administra General us Fax owner Authentica Jobs Image file Temporaly Document Mail Box Advancesd Firewall Time serve rms / viations ator ser r ated users y image file t data d Box er A user's per associated w In addition custom role The default Administrat The Admin (administra In this ST, a U.ADMIN U.NORMA User assign Equivalent U.NORMA General Us A user who among the U from a Gen All TOE-au When a use document, a instructions The operati TX, Store, a generation, Image data An image fi unnecessary User data p Whether a g printing fro To provide digital mult document. There is a p *This TOE Device or s Internet. Server that Internet. rmission used with one role to the predef es that modify t role has the tor/Power Us nistrator role i ative permissi a custom role with the adm AL without th ned the Admin to U.ADMIN AL as defined er role and th o is authorized U.NORMAL eral User role uthenticated u er uses the fun a Job is the in s for processin ions that can b and Delete. T execution, an generated in file that is gen y when the jo rocessed with general user f m a PC, data an area for st tifunction dev private space does not use ystem design uses the Netw 12 D d by the acces . fined default r y the access r following rol ser/General U indicates the p on). e is defined ba ministrative pe e administrat nistrator role NISTRATOR in PP. Belon hat does not h d by the admi L defined in P e and that doe users, includin nctions of the ntended docu ng those data be performed The processin nd completio the MFP by nerated during ob is complete hin the MFP, feeds data to a can be stored toring an elec vice and capa for each user shared space ned to protect work Time Pr escription ss control fun roles, it is pos restrictions de les User/Limited U permission to ased on the A ermission and tive permissio and has adm R defined in th ng to a custom have administ inistrator to a PP. Belong to es not have ad ng administra e TOE to exec ument data co a. d on a docume ng phases for n. reading, print g a job, such ed. consisting of the MFP dire d here to be p ctronic docum able of printin r and a shared e. t the internal L rotocol to pro D Copyrig nction and eac ssible to crea etermined by User/Guest U o use manage Administrator d the General on. ministrative pr he PP. m role that is c trative privile access the Fax a custom role dministrative ators cute an opera mbined with ent are: Scan a Job issued b ting, receivin as copy/print f image files ectly, or speci printed later. ment read from ng the stored d space for all LAN against ovide the accu Date of Issue: 2 ght Canon Inc ch user is ate new roles the default ro User ement functio r role to which l User to whic rivileges. created from eges. x/I-Fax Inbox e that is creat e privileges. ation on a the user n, Print, Copy by the user ar ng, etc. t, and become and print sett ifies a docum m a scanner i electronic l users to acc threats from urate time ov 2022/07/27 c. 2021 as oles. ns h the ch the a x ted , Fax re: es ting. ment for in a ess. the ver the Ter Abbrev File server Audit log s [Print] [Copy] [Fax] [Scan and [Scan and [Access St [Fax/I-Fax rms / viations r server Send] Store] tored Files] x Inbox] A file serve control file A server tha protocol. A button on jobs. A button on A button on A button on function to A button on and save the A button on Box/Inbox. A button on documents er that uses th storage and a at stores audi n the control p n the control p n the control p n an operation send the load n the control p em to an adv n the control p n the operatio saved in the s 13 D he SMB proto access it log files tha panel that act panel that act panel that act n panel that lo ded electronic panel that act anced box. panel that allo on panel that a system box w escription ocol to share f at TOE outpu tivates the fun tivates the Co tivates the Fa oads a paper c document to tivates the ab ows the user activates the where receive D Copyrig folders over t uts over a LAN nction to oper opy function. ax function. document an o a file server ility to impor to access file function for o ed fax docume Date of Issue: 2 ght Canon Inc the LAN and N using the S rate on-hold p nd activates th r. rt paper docum es stored in a operating elec ents are saved 2022/07/27 c. 2021 SMB print he ments Mail ctronic d. 2 Con 2.1 CC This ST an This ST co - - 2.2 PP This ST an - - 2.3 SF In this ST, 2.4 Co The TOE c Therefore, - Required P - Condition P - Optional I nformance C Conform nd TOE claim onforms to th Common Cr Common Cr P claim, Pa nd TOE claim Title: P V Errata: P FR Package no package c onformanc conforms the the TOE typ d Uses Printing, Scan nally Mandat PSTN faxing Uses Internal Audi e claims ance claim m CC complia e following C riteria version riteria confor ckage claim m exact confo Protection Pro Version: 1.0 d Protection Pro es claims compl e rationale following re pe is consisten nning, Copyi tory Uses , Storage and it Log Storag ms ance with bel Common Crit n: V rmance: Pa m ormance to the ofile for Hard dated Septem ofile for Hard liance. e quirements d nt with PP. ng, Network d retrieval, Fie e 14 ow. teria (CC). Version 3.1 Re art 2 extende e following P dcopy Device mber 10, 2015 dcopy Device defined in PP communicati eld-Replaceab elease 5 d and Part 3 c PP. es 5 es - v1.0 Erra and is Exact ions, Admini ble Nonvolat D Copyrig conformant ata #1, June 2 Conformanc istration tile Storage Date of Issue: 2 ght Canon Inc 017 e as required 2022/07/27 c. 2021 by PP. 3 Secu 3.1 TO TOE Design U.NORM U.ADMIN 3.2 As Two Design D.USER D.TSF 3.2.1 U User Design D.USER.D D.USER.J 3.2.2 T TSF urity Prob OE Users E users are de nation Ca MAL No N Ad ssets o asset classif nation A Us TS User Data r data are cla nation DOC Us JOB Us TSF Data F data are clas blem Defin efined in the f ategory nam ormal User dministrator fications are d Asset catego ser Data SF Data ssified into th User Data ser Document ser Job Data ssified into th nition following two Table me A User have an A User adminis defined for as Table ory Data c the TS Data c of the he following Table 7 type t Data In h In P he following t 15 o user catego 5 -TOE User r who has be n administrativ r who has b strative role ssets. e 6 - Assets created by an SF created by an TSF two types. 7 - User Dat nformation co hardcopy form nformation r Processing Job two types. ories. rs Defin een identified ve role been identifie s Defi nd for Users t nd for the TO ta D ontained in a m related to a b D Copyrig nition d and authen ed and authe inition that do not a OE that migh efinition a User's Docu User's Docu Date of Issue: 2 ght Canon Inc nticated and enticated and affect the ope ht affect the o ument, in elec ument or D 2022/07/27 c. 2021 does not d has an ration of operation ctronic or Document Design D.TSF.PR D.TSF.CO TSF Data h Type D.TSF.PR D.TSF.CO nation ROT Pro ONF Co handled in th e TS ROT User Role Lock settin Passw polic Auto Time Date/ settin IPSec TLS Audi expor Time settin ONF Passw SSD key Key S LAN Prote Encry Audi TSF Data otected TSF D onfidential TS his TOE are sh Ta SF Data name kout policy ngs word y settings Reset e setting /Time ng c settings settings t log rt settings e server ng word encryption Seed N Data ection yption Key t log Table type Data T d se SF Data T w m hown below. able 9 - Real User identif identificatio Used by acc functions tha Settings for of attempts b Policy for t such as m characters, a Timeout per operation pa logged out w Specifies the Settings for Settings for including th LAN Data P Configuratio to external I for synchro external IT e Password u User Identif Encryption k The internal used for AE Encryption function. An operatio logging faci user name, r 16 e 8 - TSF Data TSF Data for data owner n ecurity of the TSF Data for who is neithe might affect th lization of T Descr fication infor n and authen cess restrictio at each user c the lockout f before lockou the password minimum pas and combinat riod before a anel or the re when the user e date and tim the LAN Dat r the LAN D he settings t Protection fun on informatio T equipment onizing TOE equipment used to authe fication and A key used for l state of DR S encryption key used fo onal record ility. It inclu result, operati a D which altera nor in an Ad e TOE, but fo which either r the data ow he security of TSF Data ription rmation used tication funct n functions to can use. function, such ut and the loc d for user au ssword leng tion of charac a user logged mote UI is au r is idle. me that is set. ta Protection Data Protectio o enable or nction. on for sendin E time and enticate the Authentication SSD encrypti RBG and the key generati or LAN data generated b udes the dat ion contents, D Copyrig efinition ation by a Us dministrator r or which discl r disclosure o wner nor in a f the TOE by the user tion. o restrict the h as number ckout time. thentication, th, allowed cter types. in from the utomatically function. on function, disable the ng audit logs date with user in the n function. ion function e seed value on. a protection y the audit te and time, etc. Date of Issue: 2 ght Canon Inc ser who is ne role might a losure is acce r alteration b an Administr Stored SSD SSD SSD SSD SSD RTC SSD SSD SSD SSD SSD RAM in th encryption FLASH me in the encry chip SSD SSD 2022/07/27 c. 2021 either the affect the eptable by a User rator role d in he n chip emory yption 3.3 Th Show Designatio T.UNAUT T.TSF_CO T.TSF_FA T.UNAUT T.NET_CO 3.4 Or Show Designat P.AUTHO P.AUDIT P.COMMS P.STORAG P.KEY_M P.FAX_FL 3.5 As Show Assu Assumptio A.PHYSIC A.NETWO hreats w threats in T on THORIZED_A OMPROMISE AILURE THORIZED_U OMPROMIS rganization w Organization tion ORIZATION S_PROTECT GE_ENCRY MATERIAL LOW ssumptions umptions in T on CAL ORK Table 10. ACCESS E UPDATE E nal Security nal Security P Table D U ad Se m TION Th YPTION If Fi da C co N m th If be s Table 12. Defini Physic stores The O public Table Definition An attacker or change (m of the TOE' An attacker through one A malfunctio permitted to An attacker the TOE. An attacker security of t y Policies Policies in Ta 11- Organiz Definition Users must be dministrative ecurity-releva must be protec he TOE must f the TOE sto ield-Replacea ata on those d leartext keys ontribute to th Nonvolatile St must be protec hat storage de f the TOE pro etween the PS Table 12 ition cal security, c or processes, Operational En c access to its 17 10 - Threat may access ( modify or del s interfaces. may gain Un e of the TOE's on of the TSF o operate. may cause th may access d the TOE by m able 11. zational Secu authorized b functions. ant activities cted and trans t be able to id res User Doc able Nonvola devices. , submasks, r he creation of torage of Use cted from una evice. ovides a PSTN STN fax line - Assumpti commensurat , is assumed t nvironment is LAN interfa s (read, modify lete) User Job nauthorized A s interfaces. F may cause l he installation data in transit monitoring or urity Policies efore perform must be audi smitted to an dentify itself t cument Data o atile Storage D random numb f encryption k er Document D authorized acc N fax functio and the LAN ions e with the va to be provide s assumed to ce. D Copyrig , or delete) U b Data in the Access to TSF loss of securi n of unauthori t or otherwise r manipulating s ming Docume ited and the lo External IT E to other devic or Confidenti Devices, it wi bers, or any o keys for Field Data or Conf cess and mus n, it will ensu N. alue of the TO ed by the envi protect the T Date of Issue: 2 ght Canon Inc User Documen TOE through F Data in the T ity if the TOE ized software e compromise g ent Processing og of such ac Entity. ces on the LA ial TSF Data ill encrypt su other values th d-Replaceabl fidential TSF st not be store ure separation OE and the da ironment. TOE from dire 2022/07/27 c. 2021 nt Data h one TOE E is e on e the g and ctions AN. on uch hat e Data ed on n ata it ect, A.TRUSTE A.TRAINE ED_ADMIN ED_USERS N TOE A securit Autho polici Administrator ty policies. orized Users a es. 18 rs are trusted are trained to to administe use the TOE D Copyrig r the TOE ac E according to Date of Issue: 2 ght Canon Inc cording to sit o site security 2022/07/27 c. 2021 te y 4 Secu 4.1 Se Show Secu Desig OE.PH OE.NE OE.AD OE.US OE.AD urity Obje ecurity Obj urity Objectiv Table 1 gnation HYSICAL_PR ETWORK_PR DMIN_TRUS SER_TRAIN DMIN_TRAI ectives ectives for ves for the Op 13- Security ROTECTION ROTECTION ST NING INING r the Opera perational env y Objectives Definit N The Ope commen or proce N The Ope protect t The TO not use t The TO security The TO site secu manufac protect p 19 ational env vironment in s for the Op tion erational Env nsurate with t esses. erational Env the TOE from E Owner sha their privileg E Owner sha y policies and E Owner sha urity policies cturer's guida passwords an ironment Table 13. perational e vironment sha the value of th vironment sha m direct, publ all establish tr ges for malicio all ensure that have the com all ensure that and have the ance to correc nd keys accor D Copyrig environmen all provide ph he TOE and t all provide ne lic access to i rust that Adm ous purposes t Users are aw mpetence to fo t Administrat e competence ctly configure rdingly. Date of Issue: 2 ght Canon Inc nt hysical securi the data it sto etwork securi ts LAN interf ministrators w . ware of site follow them. ors are aware to use e the TOE and 2022/07/27 c. 2021 ity, ores ty to face. ill e of d 5 Exte This ST de in the PP s 5.1 FA Family be This family External IT Componen FAU_STG secure prot Managem The follow  Th Audit: The follow PP/ST:  Th FAU_STG Hiera Depen FAU_STG using a tru Rationale The TSF is non-TOE a ability to a that case. T External IT This exten componen 5.2 FC Family be FAU ended com efines the foll specified in S AU_STG_EX ehaviour: y defines req T Entity. nt leveling: G_EXT.1Ext tocol. ment: wing actions c he TSF shall wing actions s here are no au G_EXT.1Ext archical to: ndencies: G_EXT.1.1 usted channel : s required tha audit server f allow the adm The Common T Entity. nded compone nt. CS_CKM_E ehaviour: U_STG_EXT mponents lowing securi ection 2.2. XT Exten quirements for ternal Audit T could be cons have the abil should be aud uditable even tended: Prot No othe FAU_G FTP_IT The TSF sh according to at the transmi for storage an ministrator to n Criteria doe ent protects th EXT Exten T.1: Extended definition ity function r nded: Exte r the TSF to e Trail Storage sidered for the ity to configu ditable if FAU nts foreseen. tected Audit er component GEN.1 Aud TC.1 Inte hall be able t FTP_ITC.1. ission of gene nd review of a review these es not provide he audit recor nded: Cryp d: External Au 20 n requirements. ernal Audit ensure that se requires the e managemen ure the crypto U_GEN Secu Trail Storag ts dit data gener er-TSF truste to transmit the erated audit d audit records. audit records e a suitable SF rds, and it is t ptographic udit Trail Sto All of these Trail Stora ecure transmi TSF to use a nt functions i ographic func urity Audit Da ge ration, d channel e generated a data to an Ext . The storage s is provided FR for the tra therefore plac Key Manag orage D Copyrig extension com age ission of audi trusted chann n FMT: ctionality. ata Generatio audit data to a ternal IT Enti of these audi by the Opera ansmission of ced in the FA gement Date of Issue: 2 ght Canon Inc mponents are it data from T nel implemen n is included an External IT ity which reli it records and ational Enviro f audit data to AU class with 1 2022/07/27 c. 2021 e defined TOE to an nting a d in the T Entity es on a d the onment in o an h a single This family intended fo Componen FCS_CKM materials t Managem The follow  Th Audit: The follow PP/ST:  Th Rationale Cryptograp destroyed b Cryptograp This exten therefore p FCS_CKM Hiera Depen FCS_CKM cryptograp Rationale Cryptograp destroyed b Cryptograp This exten therefore p 5.3 FC Family be Componen and a Secu FCS_ y addresses th or cryptograp nt leveling: M_EXT.4 that are no lon ment: wing actions c here are no m wing actions s here are no au : phic Key Ma by using an a phic Key Ma nded compone placed in the F M_EXT.4 archical to: ndencies: M_EXT.4.1 phic critical se : phic Key Ma by using an a phic Key Ma nded compon placed in the F CS_HTTPS_ ehaviour: nts in this fam urity Adminis _CKM_EXT. he manageme phic key destr Crypto nger needed a could be cons management a should be aud uditable even terial Destruc approved met terial Destruc ent protects th FCS class wi Exten No othe [FCS_C FCS_C FCS_C The T ecurity param terial Destruc approved met terial Destruc nent protects FCS class wi _EXT Exten mily define re strator. This f .4 Extended: ent aspects of ruction. ographic Key are destroyed sidered for the actions forese ditable if FAU nts foreseen. ction is to ens thod, and the ction. he cryptograp ith a single co nded: Crypto er component CKM.1(a) C KM.1(b) Cry KM.4 Crypto SF shall dest meters when n ction is to ens thod, and the ction. s the cryptog ith a single co nded: HTTP quirements fo family describ Cryptograph 21 f cryptograph y Material De d by using an e managemen een. U_GEN Secu sure the keys Common Cri phic key and omponent. ographic Key ts ryptographic yptographic k ographic key troy all plaint no longer nee sure the keys Common Cri graphic key a omponent. PS selecte for protecting bes how HTT ic Key Mater hic keys. Espe estruction ens approved me nt functions i urity Audit Da and key mat iteria does no key materials y Material D Key Generat key generation destruction ext secret and eded. and key mat iteria does no and key mat d remote mana TPS will be im rial Destructio D Copyrig ecially, this e sures not only ethod. n FMT: ata Generatio erials that are ot provide a s s against expo Destruction tion (for asym n (Symmetric d private cryp erials that are ot provide a s terials agains agement sessi mplemented. on Date of Issue: 2 ght Canon Inc extended com y keys but als n is included e no longer ne uitable SFR f osure, and it i mmetric keys c Keys)], ptographic ke e no longer ne uitable SFR f st exposure, ions between This is a new 4 2022/07/27 c. 2021 mponent is o key d in the eeded are for the is ), or eys and eeded are for the and it is n the TOE w family defined for Componen FCS_HTT and suppor Managem The follow  Th Audit: The follow PP/ST:  Fa FCS_HTT Hiera Depen FCS_HTT FCS_HTT Rationale HTTPS is SFR for th This exten therefore p 5.4 FC Family be This family Componen FCS_IPSE Managem The follow  Th Audit: The follow FCS_ FCS_ r the FCS Cla nt leveling: TPS_EXT.1 rts TLS. ment: wing actions c here are no m wing actions s ailure of HTT TPS_EXT.1 archical to: ndencies: TPS_EXT.1. TPS_EXT.1.2 : one of the se he communica nded compone placed in the F CS_IPSEC_ ehaviour: y addresses r nt leveling: EC_EXT.1 ment: wing actions c here are no m wing actions s _HTTPS_EX _IPSEC_EXT ass. HTTP could be cons management a should be aud TPS session e Exten No othe FCS_TL 1 The T 2 The T ecure commun ation protoco ent protects th FCS class wi _EXT Exten requirements IPsec could be cons management a should be aud XT.1 Extended T.1 Extended PS selected, re sidered for the actions forese ditable if FAU establishment nded: HTTPS er component LS_EXT.1 E SF shall impl SF shall impl nication proto ols using cryp he communic ith a single co nded: IPse for protecting requires that sidered for the actions forese ditable if FAU d: HTTPS sel d: IPsec select 22 equires that H e managemen een. U_GEN Secu S selected ts Extended: TLS lement the H lement HTTP ocols, and the tographic alg cation data us omponent. c selected g communica IPsec be imp e managemen een. U_GEN Secu lected ted HTTPS be im nt functions i urity Audit Da S selected TTPS protoc PS using TLS e Common C gorithms. sing cryptogra ations using I plemented as nt functions i urity Audit Da D Copyrig mplemented ac n FMT: ata Generatio ol that compl S as specified riteria does n aphic algorith Psec. specified. n FMT: ata Generatio Date of Issue: 2 ght Canon Inc ccording to R n is included lies with RFC d in FCS_TLS not provide a hms, and it is n is included 1 1 2022/07/27 c. 2021 RFC 2818 d in the C 2818. S_EXT.1. suitable d in the PP/ST:  Fa FCS_IPSE Hiera Depen FCS_IPSE FCS_IPSE FCS_IPSE that is othe FCS_IPSE using [sele Secure Ha Secure Ha specified in FCS_IPSE Phase 1 ex sequence n functions, traversal, RFCs for h FCS_IPSE protocol u [selection: FCS_IPSE FCS_IPSE based on [ to: 24 hou [selection: hours for P FCS_IPSE (2048-bit M (384-bit R TOE], no o FCS_IPSE the [selecti Rationale IPsec is on SFR for th This exten ailure to estab EC_EXT.1 archical to: ndencies: EC_EXT.1.1 EC_EXT.1.2 EC_EXT.1.3 erwise unmat EC_EXT.1.4 ection: the cr ash Algorithm ash Algorithm n RFC 4106] EC_EXT.1.5 xchanges,as d numbers, RF RFC 4868 fo with mandat hash function EC_EXT.1.6 uses the crypt AES-GCM-1 EC_EXT.1.7 EC_EXT.1.8 [selection: nu rs for Phase : number of p Phase 1 SAs a EC_EXT.1.9 MODP), and Random ECP, other DH gro EC_EXT.1.1 ion: RSA, EC : ne of the secu he communica nded compone blish an IPsec Exten No othe FIA_PS FCS_C FCS_C FCS_C FCS_C FCS_C authent FCS_R Generat 1 The T 2 The T 3 The T tched, and dis 4 The T ryptographic m (SHA)-base m (SHA)-base . 5 The T defined in RF FC 4304 for or hash functi tory support f ns, RFC 4868 6 The T tographic alg 128, AES-GC 7 The T 8 The T umber of pack 1 SAs and 8 packets/numb and 8 hours f 9 The T d [selection: 2 , 5 (1536-bit oups]. 10 The T CDSA] algorit ure communic ation protoco ent protects th c SA nded: IPsec s er component SK_EXT.1 Ex KM.1(a) Cry OP.1(a) Cryp OP.1(b) Cryp OP.1(c) Cryp OP.1(g) Cryp tication) RBG_EXT.1 E tion) SF shall impl SF shall impl TSF shall hav scards it. TSF shall im algorithms A ed HMAC, A ed HMAC, AE TSF shall imp FCs 2407, 240 extended seq ions]; IKEv2 for NAT trav for hash func TSF shall ens gorithms AES CM-256 as spe SF shall ensu TSF shall ens kets/number o hours for Ph ber of bytes ; for Phase 2 SA TSF shall en 24 (2048-bit t MODP)), [a TSF shall ensu thm and Pre-s cation protoco ols using cryp he communic 23 selected ts xtended: Pre- yptographic K ptographic Op ptographic Op ptographic Op ptographic Op Extended: Cry lement the IP lement [selec ve a nominal mplement the AES-CBC-12 AES-CBC-256 ES-GCM-128 lement the pr 08, 2409, RF quence numb as defined in versal as spec ctions]]. sure the encry S-CBC-128, ecified in RF ure that IKEv sure that [sel of bytes; leng hase 2 SAs]; I length of tim SAs]]. nsure that a MODP with assignment: o ure that all IK shared Keys. ols, and the C tographic alg cation data us -Shared Key Key Generatio peration (Sym peration (for peration (Has peration (for yptographic O Psec architect ction: tunnel m , final entry IPsec protoc 28 (as specifi 6 (as specifie 8 as specified rotocol: [sele FC 4109, [sele bers], and [s n RFCs 5996[ cified in sect ypted payloa AES-CBC-2 C 5282, no o v1 Phase 1 exc lection: IKEv gth of time, w IKEv1 SA life me, where the all IKE proto h 256-bit PO other DH gr KE protocols Common Crit gorithms. sing cryptogra D Copyrig Composition on (for asymm mmetric encry signature gen sh Algorithm keyed-hash m Operation (Ra ture as specifi mode, transpo in the SPD t col ESP as d fied by RFC 3 ed by RFC 3 d in RFC 41 ction: IKEv1, ection: no oth selection: no [selection: wi ion 2.23], an d in the [sele 256 as specif ther algorithm changes use o v2 SA lifetim where the time fetimes can be e time values ocols implem OS), 19 (256-b roups that ar perform Peer eria does not aphic algorith Date of Issue: 2 ght Canon Inc n metric keys) yption/decryp neration/verif m) message andom Bit fied in RFC 43 ort mode]. that matches defined by R 3602) togeth 3602) togeth 06, AES-GCM , using Main her RFCs for other RFCs ith no suppor nd [selection: ection: IKEv1 fied in RFC m]. only main mo es can be es e values can b e established s can be limit ment DH G bit Random E re implemente r Authenticat provide a su hms, and it is 2022/07/27 c. 2021 ption) fication) 301. anything RFC 4303 her with a er with a M-256 as Mode for r extended for hash rt for NAT : no other 1, IKEv2] 3602 and ode. stablished be limited d based on ted to: 24 Groups 14 ECP), 20 ed by the tion using uitable therefore p 5.5 FC Family be This family secure the Componen FCS_KYC of that cha Managem The follow  Th Audit: The follow PP/ST:  Th FCS_KYC Hiera Depen FCS_KYC BEVor DE following m FCS_SMC FCS_KDF [selection: Rationale Key Chain chain. How layers of e This exten the FCS cl 5.6 FC FCS_ placed in the F CS_KYC_EX ehaviour: y provides th protected dat nt leveling: C_EXT Key ain. ment: wing actions c here are no m wing actions s here are no au C_EXT.1 archical to: ndencies: C_EXT.1.1 EK; intermed method(s): [s C_EXT.1, key F_EXT.1, key 128 bits, 256 : ning ensures t wever, the Co ncryption key nded compone lass with a sin CS_RBG_E _KYC_EXT FCS class wi XT Exten he specificatio ta encrypted o y Chaining, r could be cons management a should be aud uditable even Exten No othe [FCS_C FCS_SM FCS_C FCS_K and/or FCS_C The T diate keys or selection: key y encryption transport as 6 bits]. that the TSF m ommon Criter y to protect e ent protects th ngle compone EXT Exten Key Chainin ith a single co nded: Cryp on to be used on the storag requires the T sidered for the actions forese ditable if FAU nts foreseen. nded: Key Ch er component COP.1(e) Cry MC_EXT.1 E OP.1(i) Cryp KDF_EXT.1 C OP.1(f) Cryp TSF shall mai iginating fro y wrapping as n as specif s specified in maintains the ria does not p encrypted data he TSF data u ent. nded: Cryp ng 24 omponent. ptographic for using mu e. TSF to mainta e managemen een. U_GEN Secu haining ts yptographic o Extended: Su ptographic op Cryptographic ptographic op ntain a key c om one or mo s specified in fied in FCS FCS_COP.1 e key chain, a provide a suit a. using cryptog ptographic Operation ultiple layers ain a key chai nt functions i urity Audit Da peration (Key ubmask Comb eration (Key c Operation ( peration (Key chain of: [sele ore submask n FCS_COP.1 S_COP.1(f), 1(i)]] while m and also speci able SFR for graphic algori Operation D Copyrig (Key Chai of encryption in and specifi n FMT: ata Generatio y Wrapping), bining, Transport), (Key Derivati Encryption)] ection: one, u k(s) to the BE 1(e), key com key derivat maintaining an ifies the chara the managem ithms, and it (Random Date of Issue: 2 ght Canon Inc ning) n keys to ultim ies the charac n is included , ion), ]. using a subma EV or DEK mbining as sp tion as spe n effective st acteristics of ment of multi is therefore p Bit Genera 1 2022/07/27 c. 2021 mately cteristics d in the ask as the using the pecified in ecified in trength of that ple placed in ation) Family be This family selected st Componen FCS_RBG with select Managem The follow  Th Audit: The follow PP/ST:  Fa FCS_RBG Hiera Depen FCS_RBG accordance HMAC_DR FCS_RBG entropy fro [assignmen [selection: 18031:201 generate. Rationale Random b does not pr This exten with a sing 5.7 FC Family be This family submask b Componen FCS_ FCS_ ehaviour: y defines req andards and s nt leveling: G_EXT.1 Ran ted standards ment: wing actions c here are no m wing actions s ailure of HTT G_EXT.1 archical to: ndencies: G_EXT.1.1 e with [selec RBG (any), C G_EXT.1.2 om [selection nt: number o 128 bits, 256 11 Table C.1 : its/number w rovide a suita nded compone gle componen CS_SMC_E ehaviour: y defines the being used to nt leveling: _RBG_EXT. _SMC_EXT.1 quirements for seeded by an ndom Bit Ge and seeded b could be cons management a should be aud TPS session e Exten No othe No dep The T ction: ISO/IEC CTR_DRBG (A The d n: [assignme of hardware- 6 bits] of entr 1 "Security s will be used by able SFR for ent ensures th nt. EXT Exten means by wh derive or pro 1 Extended: R Extended: Su r random bit entropy sour neration requ by an entropy sidered for the actions forese ditable if FAU establishment nded: Random er component endencies. TSF shall pe C 18031:201 (AES)]. eterministic R ent: number o -based sourc ropy at least strength table y the SFRs fo the random b he strength of nded: Subm hich submask otect the BEV Random Bit ubmask Comb 25 generation to rce. uires random y source. e managemen een. U_GEN Secu m Bit Gener ts erform all de 11, NIST SP RBG shall be of software-b ces] hardwar equal to the g e for hash fu or key genera bit generation f encryption k mask Com ks are combin V. Generation bining o ensure that i bit generation nt functions i urity Audit Da ration eterministic r 800-90A] usi e seeded by a based sources re-based nois greatest secur unctions", of ation and dest n. keys, and it is bining ned, if the TO D Copyrig it is performe n to be perfor n FMT: ata Generatio random bit g ing [selection an entropy so s] software-b se source(s)] rity strength, f the keys an truction, and t s therefore pla OE supports m Date of Issue: 2 ght Canon Inc ed in accordan rmed in accor n is included generation se n: Hash_DRB ource that acc based noise s ] with a min according to nd hashes th the Common aced in the FC more than one 1 1 2022/07/27 c. 2021 nce with rdance d in the ervices in BG (any), cumulates source(s), nimum of o ISO/IEC hat it will Criteria CS class e FCS_SMC Managem The follow  Th Audit: The follow PP/ST:  Th FCS_SMC Hiera Depen FCS_SMC exclusive O Rationale Submask C This exten the FCS cl 5.8 FC Family be This family the server Componen FCS_TLS Managem The follow  Th Audit: The follow PP/ST:  Fa FCS_TLS Hiera Depen FCS C_EXT.1Sub ment: wing actions c here are no m wing actions s here are no au C_EXT.1Ext archical to: ndencies: C_EXT.1.1 OR (XOR), S : Combining is nded compone lass with a sin CS_TLS_EX ehaviour: y addresses th using the TL nt leveling: S_EXT.1 TLS ment: wing actions c here are no m wing actions ailure of TLS S_EXT.1 Ext archical to: ndencies: S_TLS_EXT. bmask combi could be cons management a should be aud uditable even tended: Subm No othe FCS_C The T SHA-256, SH s to ensure the ent protects t ngle compone XT Exten he ability for S protocol. S selected, req could be cons management a should be au session estab tended: TLS No othe FCS_C FCS_C 1 Extended: T ning requires sidered for the actions forese ditable if FAU nts foreseen. mask Combi er component OP.1(c) Cryp TSF shall co HA-512] to ge e TSF combin the TSF data ent. nded: TLS r a server and/ quires the TL sidered for the actions forese uditable if FA blishment S selected er component KM.1(a) Cry OP.1(a) Cryp TLS selected 26 s the TSF to c e managemen een. U_GEN Secu ining ts. ptographic op ombine subm enerate an int ne the subma using crypto selected /or a client to LS protocol im e managemen een. AU_GEN Sec ts yptographic K ptographic Op d combine the s nt functions i urity Audit Da peration (Hash masks using ermediary ke asks in order t graphic algor o use TLS to p mplemented a nt functions i curity Audit D Key Generatio peration (Sym D Copyrig submasks in a n FMT: ata Generatio h Algorithm) the followin ey or BEV. to derive or p rithms, and it protect data b as specified. n FMT: Data Generat on (for asymm mmetric encry Date of Issue: 2 ght Canon Inc a predictable n is included ) dependencie ng method [ protect the BE t is therefore between a clie tion is includ metric keys) yption/decryp 1 2022/07/27 c. 2021 fashion. d in the es. selection: EV. placed in ent and ded in the ption) FCS_TLS TLS 1.0 (R Mandatory • TLS_RS Optional C [selection: • None • TLS_RSA • TLS_DH • TLS_DH • TLS_RSA • TLS_RSA • TLS_DH • TLS_DH • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC ]. Rationale TLS is one SFR for th This exten therefore p S_EXT.1.1 RFC 2246), TL y Ciphersuite SA_WITH_A Ciphersuites: : A_WITH_AE HE_RSA_WIT HE_RSA_WIT A_WITH_AE A_WITH_AE HE_RSA_WIT HE_RSA_WIT CDHE_RSA_W CDHE_RSA_W CDHE_ECDSA CDHE_ECDSA CDHE_RSA_W CDHE_RSA_W CDHE_RSA_W CDHE_RSA_W CDHE_ECDSA CDHE_ECDSA CDHE_ECDSA CDHE_ECDSA : e of the secur he communica nded compon placed in the F FCS_C FCS_C FCS_C authent FCS_R Generat The T TLS 1.1 (RFC es: AES_128_CB ES_256_CBC_ TH_AES_128_ TH_AES_256_ ES_128_CBC_ ES_256_CBC_ TH_AES_128_ TH_AES_256_ WITH_AES_1 WITH_AES_2 SA_WITH_AE SA_WITH_AE WITH_AES_1 WITH_AES_2 WITH_AES_1 WITH_AES_2 SA_WITH_AE SA_WITH_AE SA_WITH_AE SA_WITH_AE re communica ation protoco nent protects FCS class wi OP.1(b) Cryp OP.1(c) Cryp OP.1(g) Cryp tication) RBG_EXT.1 E tion) SF shall impl 4346), TLS 1 C_SHA _SHA _CBC_SHA 6_CBC_SHA _SHA256 _ SHA256 _CBC_ SHA2 6_CBC_ SHA2 128_CBC_SH 256_CBC_SH ES_128_CBC_ ES_256_CBC_ 128_CBC_SH 256_CBC_SH 128_GCM_SH 256_GCM_SH ES_128_GCM ES_256_GCM ES_128_CBC_ ES_256_CBC_ ation protoco ols using cryp s the comm ith a single co 27 ptographic Op ptographic Op ptographic Op Extended: Cry lement one o 1.2 (RFC 524 256 256 HA HA C_SHA C_SHA HA256 HA384 HA256 HA384 M_SHA256 M_SHA384 C_SHA256 C_SHA384 ls, and the Co tographic alg munication da omponent. peration (for peration (Has peration (for yptographic O r more of the 46)] supportin ommon Crite gorithms. ata using cry D Copyrig signature gen sh Algorithm keyed-hash m Operation (Ra e following pr ng the followi eria does not p yptographic Date of Issue: 2 ght Canon Inc neration/verif m) message andom Bit rotocols [sele ing ciphersuit provide a suit algorithms, 2022/07/27 c. 2021 fication) ection: tes: table and it is 5.9 FD Family be This family Componen FDP_DSK TSF and U these data Managem The follow  Th Audit: The follow PP/ST:  Th FDP_DSK Hiera Depen FDP_DSK FCS_COP certified to contains no FDP_DSK Rationale Extended: interventio This exten componen 5.10 FD Family be This family connected. Componen FDP DP_DSK_EX ehaviour: y is to manda nt leveling: K_EXT.1 Ext User Data stor in plaintext o ment: wing actions c here are no m wing actions here are no au K_EXT.1 Ext archical to: ndencies: K_EXT.1.1 P.1(d), use a s o conform to t o plaintext U K_EXT.1.2 : Protection of on, and the Co nded compone nt. DP_FXS_EX ehaviour: y addresses th . nt leveling: P_DSK_EXT XT Exten ate the encryp tended: Prote red on the Fie on the devices could be cons management a should be au uditable even tended: Prot No othe FCS_C The T self-encryptin the FDE EE c User Documen The T f Data on Dis ommon Crite ent protects t XT Exten he requireme .1 Extended: nded: Prote ption of all pr ection of Data eld-Replaceab s. sidered for the actions forese uditable if FA nts foreseen. tection of Da er component OP.1(d) Cryp SF shall [sele ng Field-Repl cPP] such tha nt Data and no SF shall encr sk is to specif eria does not p the Data on D nded: Fax S ents for separa Protection of 28 ection of D rotected data a on Disk, req ble Nonvolati e managemen een. AU_GEN Sec ata on Disk ts ptographic op ection: perfor laceable Nonv at any Field-R o plaintext co rypt all protec fy that encryp provide a suit Disk, and it is Separation ation between f Data on Dis Data on Dis written to the quires the TSF ile Storage D nt functions i curity Audit D peration (AES rm encryption volatile Stora Replaceable N onfidential TS cted data with ption of any c table SFR for s therefore pla n n Fax PSTN l sk D Copyrig sk e storage. F to encrypt a Devices in ord n FMT: Data Generat S Data Encry n in accordan age Device th Nonvolatile S SF Data. hout user inte confidential d r the Protectio aced in the F line and the L Date of Issue: 2 ght Canon Inc all the Confid der to avoid st tion is includ yption/Decryp nce with hat is separate Storage Devic ervention. data without u on of Data on DP class with LAN to which 1 2022/07/27 c. 2021 dential toring ded in the ption) ely CC ce user n Disk. h a single h TOE is FDP_FXS between a Managem The follow  Audit: The follow PP/ST:  FDP_FXS Hiera Depen FDP_FXS receiving U Rationale Fax Separa provide a s This exten with a sing 5.11 FIA Family be This family strong pass Componen FIA_PMG requiremen Managem The follow  Th Audit: The follow PP/ST: FDP FIA_ S_EXT.1 Fax PSTN and a ment: wing actions c There are no wing actions There are no S_EXT.1 Ext archical to: ndencies: S_EXT.1.1 User Data usi : ation is to pro suitable SFR nded compon gle componen A_PMG_EX ehaviour: y defines req swords and p nt leveling: G _EXT.1 Pa nts, minimum ment: wing actions c here are no m wing actions P_FXS_EXT. _PMG _EXT x Separation, LAN to whic could be cons o managemen should be au o auditable ev tended: Fax No othe No dep The TSF sh ing fax protoc otect a LAN a for the Prote nent protects nt. XT Exten quirements for passphrases ca assword mana m lengths, ma could be cons management a should be au .1 Extended: T.1 Extended: requires the f ch TOE is con sidered for the nt actions fore uditable if FA vents foreseen separation er component endencies. hall prohibit c cols. against attack ction of TSF the TSF Dat nded: Pass r the attribute an be chosen agement requ aximum lifetim sidered for the actions forese uditable if FA Fax Separatio : Password M 29 fax interface nnected. e managemen eseen. AU_GEN Sec n. ts communicatio k from PSTN or User Data ta or User Da sword Man es of passwor and maintain uires the TSF me, and simil e managemen een. AU_GEN Sec on Management cannot be use nt functions i curity Audit D on via the fax line, and the a. ata, and it is agement rds used by ad ned. to support pa larity constra nt functions i curity Audit D D Copyrig ed to create a n FMT: Data Generat x interface, ex Common Cr therefore pla dministrative asswords with aints. n FMT: Data Generat Date of Issue: 2 ght Canon Inc a network brid tion is includ xcept transmi riteria does no aced in the F e users to ensu h varying com tion is includ 1 1 2022/07/27 c. 2021 dge ded in the itting or ot FDP class ure that mposition ded in the  Th FIA_PMG Hiera Depen FIA_PMG passwords  P n  M p Rationale Password M the Comm This exten the FIA cla 5.12 FIA Family be This family Componen FIA_PSK_ Managem The follow  Th Audit: The follow PP/ST:  Th FIA_PSK_ Hiera Depen FIA_PSK FIA_PSK_  2 FIA_ here are no au G _EXT.1 archical to: ndencies: G _EXT.1.1 : Passwords sh numbers, and "(", ")", [assi Minimum pa passwords of : Management mon Criteria d nded compone ass with a sin A_PSK_EX ehaviour: y defines req nt leveling: K_EXT.1 Pre- ment: wing actions c here are no m wing actions here are no au K_EXT.1 archical to: ndencies: K_EXT.1.1 K_EXT.1.2 22 characters _PSK_EXT.1 uditable even Exten No othe No dep The TSF s hall be able to d the followin gnment: othe assword length f 15 character t is to ensure t oes not provi ent protects t ngle compone XT Exten quirements for -Shared Key C could be cons management a should be au uditable even Exten No othe FCS_R Generat The TSF sh The TSF sh s in length an 1 Extended: P nts foreseen. nded: Passwo er component endencies. shall provide o be compose ng special cha er characters] h shall be set rs or greater. the strong au ide a suitable the TOE by m ent. nded: Pre-S r the TSF to e Composition sidered for the actions forese uditable if FA nts foreseen. nded: Pre-Sh er component RBG_EXT.1 E tion). hall be able to all be able to d [selection: Pre-Shared K 30 ord managem ts the following ed of any com aracters: [sele ]]; ttable by an A uthentication b SFR for the means of pass Shared Key ensure the ab , ensures auth e managemen een. AU_GEN Sec hared Key Co ts Extended: Cry o use pre-shar accept text-b [assignment: Key Composit ment g password m mbination of u ection: "!", "@ Administrator between the e Password Ma sword manag y Composi ility to use pr henticity and nt functions i curity Audit D omposition yptographic O red keys for I based pre-sha other suppor tion D Copyrig management c upper and low @", "#", "$", r, and have th endpoints of c anagement. gement, and it ition re-shared key access contro n FMT: Data Generat Operation (Ra Psec. ared keys that rted lengths], Date of Issue: 2 ght Canon Inc capabilities fo wer case letter "%", "^", "& he capability t communicati t is therefore ys for IPsec. ol for updates tion is includ andom Bit t are. no other leng 1 2022/07/27 c. 2021 or User rs, &", "*", to require on, and placed in s. ded in the gths];  c ( FIA_PSK SHA-256, pre-shared generator Rationale Pre-shared and the Co This exten the FIA cla 5.13 FP Family be This family nonvolatile Componen FPT_ KY plaintext k Managem The follow  Th Audit: The follow PP/ST:  Th FPT_ KY Hiera Depen FPT_ KY FCS_KYC key on a d Rationale Protection nonvolatile key materi This exten componen FPT composed of (that include: K_EXT.1.3 SHA-512, [as d keys; accep specified in F : d Key Compo ommon Criter nded compon ass with a sin PT_KYP_EX ehaviour: y addresses th e storage. nt leveling: P _EXT.1 Ex key or key ma ment: wing actions c here are no m wing actions here are no au P _EXT.1 archical to: ndencies: YP _EXT.1.1 C_EXT.1 in a evice that use : of Key and K e storage, and ial. nded compon nt. T_ KYP _EXT f any combina : "!", "@", "# The TSF sh ssignment: m t bit-based pr FCS_RBG_EX osition is to en ria does not p ent protects t ngle compone XT Exten he requireme xtended: Prot aterials are wr could be cons management a should be au uditable even Exten No othe No dep The TSF any Field-Rep es the key for Key Material d the Commo nent protects T.1 Protection ation of upper #", "$", "%", " hall condition ethod of cond re-shared key XT.1]. nsure the stro provide a suit the TOE by m ent. nded: Prote ents for keys a tection of key ritten to nonv sidered for the actions forese uditable if FA nts foreseen. nded: Protect er component endencies. shall not stor placeable Non r its encryptio is to ensure t on Criteria do the TSF data n of key and k 31 r and lower c "^", "&", "*", the text-base ditioning text ys; generate b ong authentic able SFR for means of stro ection of K and key mate y and key mat volatile storag e managemen een. AU_GEN Sec tion of Key a ts re plaintext ke nvolatile Stor on. that no plaint oes not provid a, and it is th key material case letters, nu , "(", and ")") ed pre-shared t string]] and bit-based pre ation between the Pre-share ong authentic Key and Ke erials to be pr terial, require ge. nt functions i curity Audit D and Key Mat eys that are p rage Device, a text key or ke de a suitable S herefore plac D Copyrig umbers, and s ). d keys by usin be able to [se -shared keys n the endpoin ed Key Comp cation, and it y Material rotected if and es the TSF to n FMT: Data Generat terial part of the key and not store ey material ar SFR for the p ced in the FP Date of Issue: 2 ght Canon Inc special chara ng [selection: election: use using the ran nts of commu position. t is therefore d when writte ensure that n tion is includ ychain specifi any such pla re written to protection of k PT class with 1 2022/07/27 c. 2021 acters SHA-1, no other ndom bit unications, placed in en to no ded in the fied by aintext key and h a single 5.14 FP Family be This family keys. This Componen FPT_SKP keys from Managem The follow  Th Audit: The follow PP/ST:  Th FPT_SKP Hiera Depen FPT_SKP keys. Rationale Protection securely, a This exten therefore p 5.15 FP Family be This family Componen FPT_TST demonstra Managem FPT FPT PT_SKP_EX ehaviour: y addresses th is a new fam nt leveling: P_EXT.1 Pro being read by ment: wing actions c here are no m wing actions here are no au P_EXT.1 Ext archical to: ndencies: P_EXT.1.1 : of TSF Data and the Comm nded compone placed in the F PT_TST_EX ehaviour: y addresses th nt leveling: T_EXT.1 TSF ate correct ope ment: T_SKP_EXT. T_TST_EXT. XT Exten he requireme mily modelled tection of TS y any user or could be cons management a should be au uditable even tended: Exte No othe No dep The TSF sh a is to ensure t mon Criteria d ent protects th FPT class wi XT Exten he requireme F testing requ eration of the 1 Extended: P 1 Extended: T nded: Prote ents for mana d as the FPT C SF Data (for r r subject. It is sidered for the actions forese uditable if FA nts foreseen. ended: Prote er component endencies. hall prevent r the pre-share does not prov he TOE by m th a single co nded: TSF ents for self-te uires a suite o e TSF. Protection of TSF testing 32 ection of T ging and prot Class. reading all sym the only com e managemen een. AU_GEN Sec ection of TSF ts eading of all ed keys, symm vide a suitable means of stron omponent. testing esting the TS f self-testing f TSF Data TSF Data tecting the TS mmetric keys mponent of th nt functions i curity Audit D F Data pre-shared ke metric keys an e SFR for the ng authenticat F for selected to be run dur D Copyrig SF data, such s), requires pr his family. n FMT: Data Generat eys, symmetr nd private key e protection o tion using Pr d correct oper ring initial sta Date of Issue: 2 ght Canon Inc h as cryptogra reventing sym tion is includ ric keys, and ys are protect of such TSF d e-shared Key ration. art-up in orde 1 1 2022/07/27 c. 2021 aphic mmetric ded in the private ted data. y, and it is er to The follow  Th Audit: The follow PP/ST:  Th FPT_TST Hiera Depen FPT_TST demonstra Rationale TSF testin suitable SF This exten componen 5.16 FP Family be This family firmware/s Componen FPT_TUD Managem The follow  Th Audit: The follow PP/ST:  Th FPT_TUD FPT_TUD Hiera FPT wing actions c here are no m wing actions here are no au T_EXT.1 Ext archical to: ndencies: T_EXT.1.1 ate the correct : g is to ensure FR for the TS nded compon nt. PT_TUD_EX ehaviour: y defines req software, and nt leveling: D_EXT.1 Tru ment: wing actions c here are no m wing actions here are no au D_EXT.1 Tru Hiera Depen D_EXT.1 Tru archical to: T_TUD_EXT could be cons management a should be au uditable even tended: TSF No othe No dep The TSF sh t operation of e the TSF can SF testing. In nent protects XT Exten quirements for d that such firm usted Update, could be cons management a should be au uditable even usted Update archical to: ndencies: usted Update No othe .1 Extended: sidered for the actions forese uditable if FA nts foreseen. testing er component endencies. hall run a suit f the TSF. n be operated particular, th s the TOE, a nded: Trus r the TSF to e mware/softw , ensures auth sidered for the actions forese uditable if FA nts foreseen. e No oth FCS_C genera FCS_C e er component Trusted Upd 33 e managemen een. AU_GEN Sec ts te of self-tests correctly, an here is no SFR and it is the sted Update ensure that on ware is authent henticity and e managemen een. AU_GEN Sec her componen COP.1(b) Cry ation/verifica COP.1(c) Cry ts date nt functions i curity Audit D s during initia nd the Commo R defined for erefore placed e nly administr tic. access contro nt functions i curity Audit D nts yptographic O ation), yptographic o D Copyrig n FMT: Data Generat al start-up (an on Criteria do TSF testing. d in the FPT rators can upd ol for updates n FMT: Data Generat Operation (fo operation (Ha Date of Issue: 2 ght Canon Inc tion is includ nd power on) oes not provid T class with date the TOE s. tion is includ or signature ash Algorithm 1 2022/07/27 c. 2021 ded in the to de a h a single ded in the m). Depen FPT_TUD version of FPT_TUD TOE firmw FPT_TUD using a dig those upda Rationale Firmware/ manageme This exten componen ndencies: D_EXT.1.1 the TOE firm D_EXT.1.2 ware/software D_EXT.1.3 gital signature ates. : /software is a ent of firmwa nded compon nt. FCS_C FCS_C The TSF sh mware/softwa The TSF sh e. The TSF sh e mechanism form of TSF are/software. I nent protects OP.1(b) Cryp OP.1(c) Cryp hall provide a are. hall provide a hall provide a and [selectio F Data, and th In particular, s the TOE, a 34 ptographic Op ptographic op authorized ad authorized ad a means to ve on: published he Common C there is no S and it is the peration (for peration (Hash dministrators dministrators erify firmwar d hash, no oth Criteria does n SFR defined f erefore placed D Copyrig signature gen h Algorithm) the ability to the ability to re/software up er functions] not provide a for importing d in the FPT Date of Issue: 2 ght Canon Inc neration/verif ). query the cu initiate upda pdates to the prior to insta a suitable SFR TSF Data. T class with 2022/07/27 c. 2021 fication), urrent ates to TOE alling R for the h a single 6 SEC 6.1 No - Bold typ to the origi - Italic typ - Bold itali PP and ind - [] indicat in this ST - A charac defined in 6.2 Se 6.2.1 C FAU_GE FAU_GEN FAU_GEN CURITY RE otation peface indicat inal SFR defi eface indicat ic typeface in dicates the tex tes the portio is shown afte cter in (), for HCD PP. To ecurity func Class FAU EN.1 Audi Hierar Depen N.1.1 The TS a) b) c) [assign – N.1.2 The TS a) b) [assign – EQUIREME tes the portio inition in Com es the text wi ndicates the p xt within an S on indicating er the [] part i r example, an o repeat furthe ctional req : Security A t data gen rchical to: ndencies: SF shall be ab Start-up and s All auditable All auditable auditable eve nment: other s None SF shall recor Date and time (success or fa For each audi components i [assignment: nment: other a None ENTS on of an SFR mmon Criteri ithin an SFR portion of an S SFR that mus "Assignment is extracted af n SFR compo er in ST, defi uirements Audit eration No oth FPT_S ble to generate shutdown of t events for the e events speci ents]. specifically de rd within each e of the event ailure) of the e it event type, b included in th other audit re audit relevant Table 14 - A 35 that has been ia Part 2 or to that must be SFR that has t be selected t" or "Selecti fter the text. onent follow ne as (a) (ssd her componen STM.1 Reliab e an audit reco the audit funct e not specified ified in Table efined auditab h audit record , type of even event; and based on the a e PP/ST, addi elevant inform t information] Auditable E n "completed o its Extended selected and/ been partiall and/or comp ion". The resu ed by (a) and d). nts. le time stamp ord of the follo tions; d level of aud e 14, [assignm ble events]. at least the fol nt, subject iden auditable even itional inform mation]. Events D Copyrig d" or "refined d Component /or completed y "completed leted in this S ult of "Assig d (b), indicat s owing auditab dit; and ment: other spe llowing inform ntity (if applic nt definitions o mation specifi Date of Issue: 2 ght Canon Inc d" in HCD PP t Definition. d in this ST. d" or "refined ST. gnment" or "S tes that repet ble events: ecifically defin mation: cable), and the of the function fied in Table 1 2022/07/27 c. 2021 P, relative d" in HCD Selection" tition was ned e outcome nal 14, FAU_GE FAU_GEN FAU_SA FAU_SAR FAU_SAR FAU_SA FAU_SAR Audit Job co Unsuc Unsuc Use o Modi are pa Chang Failur EN.2 User Hierar Depen N.2.1 For au auditab AR.1 Audi Hierar Depen R.1.1 The TS from th [assign – R.1.2 The TS inform AR.2 Rest Hierar Depen R.2.1 The TS table event ompletion ccessful User ccessful User of managemen fication to the art of a role ges to the time re to establish r identity a rchical to: ndencies: udit events resu ble event with t review rchical to: ndencies: SF shall provi he audit recor nment: an Ad U. ADMIN SF shall provi mation. ricted aud rchical to: ndencies: SF shall prohi authentication identification nt functions e group of Use e h session ssociation No oth FAU_ FIA_U ulting from ac h the identity o No oth FAU_ ide [assignmen rds. dministrator] N ide the audit r dit review No oth FAU_ ibit all users re 36 Rel FDP n FIA n FIA FM ers that FM FPT FTP FTP FTP n her componen _GEN.1 A UID.1 T ctions of ident of the user tha her componen _GEN.1 A nt: an Admin ecords in a ma her componen _SAR.1 A ead access to levant SFR P_ACF.1 A_UAU.1 A_UID.1 MT_SMF.1 MT_SMR.1 T_STM.1 P_ITC.1, P_TRP.1(a), P_TRP.1(b) nts Audit data gene iming of iden tified users, th at caused the e nts. Audit data gene istrator] with anner suitable nts Audit review the audit reco D Copyrig eration ntification he TSF shall b event. eration the capability e for the user t ords, except th Date of Issue: 2 ght Canon Inc Additional informatio Type of job None None None None None Reason for be able to asso y to read all re to interpret the hose users that 2022/07/27 c. 2021 l n b failure ociate each ecords e t have FAU_ST FAU_STG FAU_STG FAU_ST FAU_STG FAU_ST FAU_STG 6.2.2 C Th 6.2.3 C FCS_CK been g TG.1 Prote Hierar Depen G.1.1 The TS G.1.2 The TS audit tr TG.4 Preve Hierar Depen G.4.1 Refinem taken b and [as full. [select with – [assign – TG_EXT.1 Hierar Depen G_EXT.1.1 using a Class FCO here are no cl Class FCS KM.1(a) Hierar Depen granted explici ected audi rchical to: ndencies: SF shall prote SF shall be ab rail. ention of a rchical to: ndencies: ment: The TS by the authori ssignment: oth tion, choose o h special rights "overwrite nment: other a None Exten rchical to: ndencies: The TS a trusted chan O: Commun lass FCO req : Cryptogra Cryp rchical to: ndencies: it read-access t trail stor No oth FAU_ ect the stored a ble to prevent audit data FAU_ FAU_ SF shall [selec ised user with her actions to one of: "preven s", "overwrite e the oldest st actions to be t nded: Exte No oth FAU_ FTP_I SF shall be ab nnel according nication quirements. aphic Supp ptographic No oth [FCS_C FCS_C verifica FCS_C 37 . rage her componen _GEN.1 A audit records i t unauthorised loss _STG.3 A _STG.1 Pr ction, choose special rights be taken in c nt audited eve e the oldest sto tored audit rec taken in case o ernal Audi her componen _GEN.1 A ITC.1 In ble to transmit g to FTP_ITC. port Key Gene er component CKM.2 Crypt COP.1(b) Cryp ation), COP.1(i) Cryp nts Audit data gene in the audit tra d modification Action in case o rotected audit one of: "preve s", "overwrite ase of audit st ents, except th ored audit rec cords" of audit storag t Trail Sto nts Audit data gene nter-TSF trust t the generated 1. eration (for ts. tographic key ptographic Op tographic ope D Copyrig eration ail from unaut ns to the stored of possible au trail storage ent audited ev e the oldest sto torage failure hose taken by t cords"] ge failure] rage eration, ted channel. d audit data to r asymmet distribution, o peration (for si eration (Key T Date of Issue: 2 ght Canon Inc thorised deleti d audit records udit data loss vents, except t ored audit rec e] if the audit t the authorised o an External I tric keys) or ignature gener Transport)] 2022/07/27 c. 2021 ion. s in the those cords"] trail is d user IT Entity ration/ FCS_CKM M.1.1(a) Refin establi    ] and stren [select    ]    [select – nement: ishment in ac NIST Specia Establishmen key establish NIST Specia Establishmen curve-based k and [selection Signature Sta NIST Specia Establishmen establishmen specified cry ngth of 112 b tion: NIST Specia Establishmen key establish NIST Specia Establishmen curve-based k and [selection Signature Sta NIST Specia Establishmen establishmen NIST Spec Establishme field-based k NIST Spec Establishme curve-based P-384 and "Digital Sign NIST Spec Establishme key establish tion: P-521, n no other cu FCS_C Destruc The TSF ccordance with l Publication nt Schemes U ment schemes l Publication nt Schemes U key establishm n: P-521, no o andard") l Publication nt Schemes U nt schemes yptographic k bits. l Publication nt Schemes U ment schemes l Publication nt Schemes U key establishm n: P-521, no o andard") l Publication nt Schemes U nt schemes cial Publica ent Schemes key establishm cial Publica ent Schemes d key establis [selection: P nature Standa cial Publica ent Schemes hment schem no other curve urves 38 CKM_EXT.4 E ction shall generate h [selection: 800-56A, "R Using Discrete s; 800-56A, "R Using Discrete ment schemes other curves] 800-56B, "R Using Integer F key sizes equiv 800-56A, "R Using Discrete s; 800-56A, "R Using Discrete ment schemes other curves] 800-56B, "R Using Integer F ation 800-56 s Using Di ment scheme ation 800-56 Using Dis shment schem P-521, no oth ard") ation 800-56 Using Intege mes es] Extended: Cry e asymmetric Recommendati e Logarithm C Recommendati e Logarithm C s and impleme ] (as defined in Recommendati Factorization valent to, or Recommendati e Logarithm C Recommendati e Logarithm C s and impleme ] (as defined in Recommendati Factorization 6A, "Recom iscrete Loga es; 6A, "Recom screte Logar mes and imp her curves] 6B, "Recom er Factorizati D Copyrig yptographic K c cryptographi ion for Pair-W Cryptography ion for Pair-W Cryptography enting "NIST n FIPS PUB ion for Pair-W n Cryptograph greater than, ion for Pair-W Cryptography ion for Pair-W Cryptography enting "NIST n FIPS PUB ion for Pair-W n Cryptograph mmendation arithm Cryp mmendation rithm Crypto plementing " (as defined mmendation ion Cryptogr Date of Issue: 2 ght Canon Inc Key Material ic keys used f Wise Key " for finite fie Wise Key " for elliptic T curves" P-2 186-4, "Digit Wise Key hy" for RSA-b , a symmetric Wise Key " for finite fie Wise Key " for elliptic T curves" P-2 186-4, "Digit Wise Key hy" for RSA-b for Pair-W ptography" f for Pair-W ography" fo "NIST curve in FIPS PU for Pair-W raphy" for R 2022/07/27 c. 2021 for key eld-based 256, P-384 tal based key c key eld-based 256, P-384 tal based key Wise Key for finite Wise Key r elliptic s" P-256, UB 186-4, Wise Key SA-based FCS_CK FCS_CKM FCS_CK FCS_CKM FCS_CK FCS_CKM KM.1(b) Hierar Depen M.1.1(b) Refin Bit Ge [select [select – KM_EXT.4 Hierar Depen M_EXT.4.1 crypto KM.4 Hierar Depend M.4.1 Refinem crypto For v [assig For n Cryp rchical to: ndencies: nement: enerator as sp tion: 128 bit, 2 tion: 128 bit, 128 bit, 25 Exten rchical to: ndencies: The TS graphic critica Cryp rchical to: dencies: ment: graphic key d volatile memo gnment: othe nonvolatile st ptographic No oth [FCS_ FCS_C encryp FCS_C Encryp FCS_C FCS_C FCS_C authen FCS_C authen FCS_C Destru FCS_R Genera The TSF pecified in FC 256 bit] that m 256 bit] 56 bit nded: Cryp No oth [FCS_C keys), o FCS_C FCS_C SF shall destro al security par ptographic No oth [FCS_C keys), o FCS_C The TSF destruction me ory, the destru er mechanism torage, the des 39 key gener her componen _CKM.2 Cryp COP.1(a) Cryp ption/decryptio COP.1(d) Cry ption/Decrypt COP.1(e) Cryp COP.1(f) Cryp COP.1(g) Cry ntication) COP.1(h) Cry ntication)] CKM_EXT.4 uction RBG_EXT.1 E ation) shall generate CS_RBG_EX meet the follo ptographic er component CKM.1(a) Cry or CKM.1(b) Cry CKM.4 Crypto oy all plaintex rameters when key destr er component CKM.1(a) Cry or CKM.1(b) Cry shall destroy ethod [selectio uction shall be that ensures struction shal ration (Sym nts. tographic key ptographic Op on) yptographic Op tion) ptographic Op ptographic op yptographic Op yptographic Op Extended: Cr Extended: Cry e symmetric c XT.1 and spec owing: No St c Key Mate ts. yptographic K yptographic ke ographic key d xt secret and p n no longer ne uction ts. yptographic K yptographic ke cryptographic on: e executed by keys are dest ll be executed D Copyrig mmetric K y distribution, peration (Sym peration (AES peration (Key eration (Key E peration (for k peration (for k ryptographic K yptographic O cryptographic cified cryptog andard. erial Destr Key Generation ey generation destruction private cryptog eeded. Key Generation ey generation c keys in acco y [selection: po troyed]]. d by a [selectio Date of Issue: 2 ght Canon Inc Keys) or mmetric S Data Wrapping) Encryption) keyed-hash m keyed-hash m Key Material Operation (Ran keys using a graphic key s ruction n (for asymm (Symmetric K graphic keys a n (for asymm (Symmetric K rdance with a owering off a on: single, thr 2022/07/27 c. 2021 essage essage ndom Bit Random izes etric Keys)], and etric Keys)] a specified a device, ree or FCS_CO FCS_COP more patte by a [ proce ] that m [select For vo [assi For no mor rand follo fails ] – – [sele destr – [select – [select a sta [select – [select – OP.1(a) Cry Hierar Depen P.1.1(a) Refin specifi crypto e times] overw ern using the T [selection: rea ess shall be re meets the foll tion: olatile memo ignment: oth onvolatile sto re times] overw dom pattern u owed by a [se s, the process For volatil device, [as For nonvo three or m a pseudo r a static pat the overwr ction: poweri royed]] powering o tion: single, t single tion: a pseudo atic pattern] – a st tion: read-ver none tion: NIST SP no standard yptograph rchical to: ndencies: ement: ied cryptograp graphic key si write of key da TSF's RBG (a ad-verify, non epeated again owing: [select ry, the destru er mechanism orage, the des write of key d using the TSF election: read- shall be repe le memory, th ssignment: oth olatile storage more times] ov random patter ttern], follow ritten data fai ing off a devic off a device three or more do random pat atic pattern rify, none] P800-88, no s d hic Operati No oth [FDP_I FDP_IT FCS_C FCS_C Destruc The TSF phic algorithm izes 128-bits 40 ata storage loc (as specified in ne]. If read-ve n; tion: NIST SP uction shall b m that ensures struction shal data storage F's RBG (as sp -verify, none] eated again; he destruction her mechanis e, the destruc verwrite of ke rn using the T wed by a [sele ils, the proces ce, [assignme times] ttern using th standard] ion (Symm er component ITC.1 Import TC.2 Import o CKM.1(b) Cry CKM_EXT.4 E ction shall perform m AES operat and 256-bits cation consist n FCS_RBG_ erification of P800-88, no s be executed b s keys are des ll be executed location cons pecified in FC . If read-veri n shall be exe sm that ensur ction shall be ey data storag TSF's RBG (a ection: read-v ss shall be rep ent: other mec e TSF's RBG metric encr ts. of user data w of user data w yptographic ke Extended: Cry m encryption a ting in [assign that meets the D Copyrig ting of [select _EXT.1), a sta the overwritte standard]. y [selection: p stroyed]]. d by a [selecti sisting of [sele CS_RBG_EX ification of th ecuted by [sel es keys are d e executed b ge location co as specified i verify, none]. peated again; chanism that G (as specified ryption/dec without securit with security at ey generation yptographic K and decryptio nment: one or e following: Date of Issue: 2 ght Canon Inc tion: a pseudo atic pattern], f en data fails, powering off ion: single, th ection: a pseu XT.1), a static p he overwritte lection: powe destroyed]]. by a [selectio onsisting of [ in FCS_RBG If read-verif ensures keys d in FCS_RBG cryption) ty attributes, o ttributes, or (Symmetric K Key Material on in accordan r more modes 2022/07/27 c. 2021 o random followed the f a device, hree or udo pattern], n data ering off a on: single, selection: G_EXT.1), fication of are G_EXT.1), or Keys)] nce with a ] and FCS_CO FCS_COP   [assig – [Selec – OP.1(b) (up gene Hierar Depen P.1.1(b) (upda with a    that m C C C ] [selec  FIPS PUB 19 [Selection: N 800-38D] gnment: one CBC, GCM ction: NIST S NIST SP 8 pdate) eration/ver rchical to: ndencies: ate) Refineme [selection: Digital Signa or greater], RSA Digital S 2048 bits or g Elliptic Curv bits or greate meets the follow Case: Digital S  F Case: RSA Dig  F Case: Elliptic  F  T n S ction: Digital Signa 97, "Advance NIST SP 800-3 or more mod M SP 800-38A, N 800-38A, NIS Crypto rification) No oth [FDP_ FDP_I FCS_C FCS_C keys)] FCS_C Destru ent: The TSF ature Algorith Signature Alg greater], or ve Digital Sign er]] wing [selectio Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). ature Algorith 41 ed Encryptio 38A, NIST SP des] NIST SP 800-3 ST SP 800-38 graphic O her componen _ITC.1 Import ITC.2 Import CKM.1 Crypto CKM.1(a) Cr ] CKM_EXT.4 uction shall perform hm (DSA) with gorithm (rDSA nature Algori on: gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined hm (DSA) with n Standard ( P 800-38B, NI 38B, NIST SP 8D peration (f nts. t of user data w of user data w ographic key ryptographic Extended: Cr m cryptograph h key sizes (m SA) with key si ithm (ECDSA) Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU h key sizes (m D Copyrig (AES)" NIST SP 800-3 P 800-38C, NI for signatu without secur with security a generation Key Generat ryptographic K hic signature modulus) of [a izes (modulus A) with key siz andard" andard" andard" " P-256, P384 UB 186-4, "Dig modulus) of [a Date of Issue: 2 ght Canon Inc 38C, NIST SP NIST SP 800-3 ure ity attributes, attributes, or tion (for asym Key Material services in ac assignment: 2 s) of [assignm zes of [assignm 4 and [selecti igital Signatur assignment: 2 2022/07/27 c. 2021 P 38D] or mmetric ccordance 2048 bits ment: ment: 256 ion: P521, re 2048 bits FCS_CO FCS_COP   – [assig – [select C C C ] – OP.1(b)(tls) gene Hierar Depen P.1.1(b)(tls) R with a    or greater], RSA Digital S 2048 bits or g Elliptic Curv bits or greate RSA Digit 2048 bits o nment: 2048 2048 bits tion: Case: Digital S  F Case: RSA Dig  F Case: Elliptic  F  T n S Case: RSA  F ) Cryp eration/ver rchical to: ndencies: Refinement: [selection: Digital Signa or greater], RSA Digital S 2048 bits or g Elliptic Curv Signature Alg greater], or ve Digital Sign er]] tal Signature or greater] bits or greate Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). A Digital Sign FIPS PUB 186 ptographic rification) No oth [FDP_ FDP_I FCS_C FCS_C keys)] FCS_C Destru The TSF ature Algorith Signature Alg greater], or ve Digital Sign 42 gorithm (rDSA nature Algori Algorithm (r er] gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined nature Algori 6-4, "Digital S Operation er component _ITC.1 Import ITC.2 Import CKM.1 Crypto CKM.1(a) Cr ] CKM_EXT.4 uction shall perform hm (DSA) with gorithm (rDSA nature Algori SA) with key si ithm (ECDSA) rDSA) with k Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU thm Signature Stan n (for signa ts. t of user data w of user data w ographic key ryptographic Extended: Cr m cryptograph h key sizes (m SA) with key si ithm (ECDSA) D Copyrig izes (modulus A) with key siz key sizes (mo andard" andard" andard" " P-256, P384 UB 186-4, "Dig ndard" ature without secur with security a generation Key Generat ryptographic K hic signature modulus) of [a izes (modulus A) with key siz Date of Issue: 2 ght Canon Inc s) of [assignm zes of [assignm dulus) of [ass 4 and [selecti igital Signatur ity attributes, attributes, or tion (for asym Key Material services in ac assignment: 2 s) of [assignm zes of [assignm 2022/07/27 c. 2021 ment: ment: 256 signment: ion: P521, re or mmetric ccordance 2048 bits ment: ment: 256 that m C C C ] [sele    – – [assi – [assig – [sele C C C ] – – bits or greate meets the follow Case: Digital S  F Case: RSA Dig  F Case: Elliptic  F  T n S ection: Digital Signa or greater], RSA Digital S 2048 bits or g Elliptic Curv bits or greate RSA Digit 2048 bits o Elliptic C [assignmen gnment: 2048 2048 bits nment: 256 b 256 bits, 3 ction: Case: Digital S  F Case: RSA Dig  F Case: Elliptic  F  T n S Case: RSA  FIPS P Case: Ellip er]] wing [selectio Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). ature Algorith Signature Alg greater], or ve Digital Sign er]] tal Signature or greater] Curve Digita nt: 256 bits o 8 bits or great bits or greater 84bits Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). A Digital Sign PUB 186-4, " ptic Curve Di 43 on: gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined hm (DSA) with gorithm (rDSA nature Algori Algorithm (r al Signature or greater] ter] r] gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined nature Algori "Digital Signa igital Signatu Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU h key sizes (m SA) with key si ithm (ECDSA) rDSA) with k e Algorithm Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU thm ature Standar ure Algorithm D Copyrig andard" andard" andard" " P-256, P384 UB 186-4, "Dig modulus) of [a izes (modulus A) with key siz key sizes (mo (ECDSA) andard" andard" andard" " P-256, P384 UB 186-4, "Dig rd" m Date of Issue: 2 ght Canon Inc 4 and [selecti igital Signatur assignment: 2 s) of [assignm zes of [assignm dulus) of [ass with key 4 and [selecti igital Signatur 2022/07/27 c. 2021 ion: P521, re 2048 bits ment: ment: 256 signment: sizes of ion: P521, re FCS_CO FCS_COP [sele – OP.1(b)(ips gene Hierar Depend P.1.1(b)(ipsec) with a    that m C C C ] [sele    FIPS P  The T other c ction: P521, n no other cu sec) Cryp eration/ver rchical to: dencies: ) Refinement [selection: Digital Signa or greater], RSA Digital S 2048 bits or g Elliptic Curv bits or greate meets the follow Case: Digital S  F Case: RSA Dig  F Case: Elliptic  F  T n S ection: Digital Signa or greater], RSA Digital S PUB 186-4, “ TSF shall imp curves] (as de no other curv urves ptographic rification) No oth [FDP_I FDP_IT FCS_C FCS_C keys)] FCS_C Destruc t: The TSF ature Algorith Signature Alg greater], or ve Digital Sign er]] wing [selectio Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). ature Algorith Signature Alg 44 “Digital Signa plement “NIS efined in FIP ves] Operation er component ITC.1 Import TC.2 Import o CKM.1 Crypto CKM.1(a) Cry CKM_EXT.4 E ction shall perform hm (DSA) with gorithm (rDSA nature Algori on: gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined hm (DSA) with gorithm (rDSA ature Standar T curves” P-2 S PUB 186-4 n (for signa ts. of user data w of user data w ographic key g yptographic K Extended: Cry m cryptograph h key sizes (m SA) with key si ithm (ECDSA) Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU h key sizes (m SA) with key si D Copyrig rd” 256, P384 an 4, “Digital Sig ature without securit with security at generation Key Generati yptographic K hic signature modulus) of [a izes (modulus A) with key siz andard" andard" andard" " P-256, P384 UB 186-4, "Dig modulus) of [a izes (modulus Date of Issue: 2 ght Canon Inc nd [selection: gnature Stand ty attributes, o ttributes, or ion (for asym Key Material services in ac assignment: 2 s) of [assignm zes of [assignm 4 and [selecti igital Signatur assignment: 2 s) of [assignm 2022/07/27 c. 2021 P521, no dard”). or mmetric ccordance 2048 bits ment: ment: 256 ion: P521, re 2048 bits ment: FCS_CO FCS_COP FCS_CO  – – [assig – [assig – [select C C C ] – – [select – OP.1(c) Cry Hierar Depen P.1.1(c) Refine with [s 10118- [select – OP.1(d) Cry Hierar 2048 bits or g Elliptic Curv bits or greate RSA Digit 2048 bits o Elliptic C [assignmen nment: 2048 2048 bits nment: 256 b 256 bits, 3 tion: Case: Digital S  F Case: RSA Dig  F Case: Elliptic  F  T n S Case: RSA  FIPS P Case: Ellip  FIPS P  The T other c tion: P521, no no other cu yptograph rchical to: ndencies: ement: selection: SHA -3:2004]. tion: SHA-1, S SHA-1, SH yptograph rchical to: greater], or ve Digital Sign er]] tal Signature or greater] Curve Digita nt: 256 bits o bits or greate bits or greater 84 bits Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). A Digital Sign PUB 186-4, " ptic Curve Di PUB 186-4, " TSF shall imp curves] (as de o other curves urves hic operatio No oth No dep The TSF A-1, SHA-256 SHA-256, SH HA-256, SHA hic operatio No oth 45 nature Algori Algorithm (r al Signature or greater] er] r] gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined nature Algori "Digital Signa igital Signatu "Digital Signa plement "NIS efined in FIP ] on (Hash A her componen pendencies shall perform 6, SHA-384, S HA-384, SHA- A-384, SHA-5 on (AES D her componen ithm (ECDSA) rDSA) with k e Algorithm Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU thm ature Standar ure Algorithm ature Standar T curves" P-2 S PUB 186-4 Algorithm) nts. m cryptograph SHA-512] tha -512] 512 Data Encry nts. D Copyrig A) with key siz key sizes (mo (ECDSA) andard" andard" andard" " P-256, P384 UB 186-4, "Dig rd" m rd" 256, P384 an 4, "Digital Sig ) hic hashing se at meet the foll ption/Decr Date of Issue: 2 ght Canon Inc zes of [assignm dulus) of [ass with key 4 and [selecti igital Signatur nd [selection: gnature Stand ervices in acc lowing: [ISO/ ryption) 2022/07/27 c. 2021 ment: 256 signment: sizes of ion: P521, re P521, no dard"). ordance /IEC FCS_COP FCS_CO FCS_COP FCS_HT FCS_HTT FCS_HTT FCS_IPS Depen P.1.1(d) The crypto key siz 18033- and X [select – [select – [select XTS – OP.1(g) Cry Hierar Depend P.1.1(g) Refin accord SHA-2 messa PUB 1 "Secu [select – [assign – [select – TTPS_EXT. Hierar Depen TPS_EXT.1.1 TPS_EXT.1.2 SEC_EXT.1 ndencies: e TSF shall pe graphic algori zes [selection -3, [selection XTS as specifie tion: CBC, G XTS tion: 128 bits, 256 bits tion: CBC as S as specified XTS as sp yptograph rchical to: dencies: ement: dance with a sp 256, SHA-384 ge digest size 198-1, "The K re Hash Stan tion: SHA-1, S SHA-1, SH nment: key si 160, 256, 3 tion: 160, 224 160, 256, 3 .1 Exten rchical to: ndencies: The TS The TS 1 Exten FCS_C FCS_C Destru erform data en ithm AES use : 128 bits, 256 : CBC as spec ed in IEEE 16 GCM, XTS] , 256 bits] specified in I in IEEE 1619 ecified in IEE hic Operati No oth FCS_C FCS_C Destruc The TSF pecified crypt 4, SHA-512], es [selection: Keyed-Hash M ndard." SHA-224, SH HA-256, SHA ze (in bits) us 384 bits 4, 256, 384, 51 384 nded: HTT No oth FCS_T SF shall imple SF shall imple nded: IPse 46 CKM.1(b) Cry CKM_EXT.4 uction ncryption an ed in [selectio 6 bits] that me cified in ISO/ 619]. ISO/IEC 1011 9] EE 1619 ion (for key er component CKM.1(b) Cry CKM_EXT.4 E ction shall perform tographic algo key size [assi 160, 224, 256 Message Auth HA-256, SHA- A-384 sed in HMAC 12] TPS select her componen TLS_EXT.1 E ement the HT ement HTTPS ec selected yptographic k Extended: Cr d decryption on: CBC, GCM eet the followi /IEC 10116, G 16, GCM as sp yed-hash ts. yptographic ke Extended: Cry m keyed-hash orithm HMAC ignment: key s 6, 384, 512] bi hentication C -384, SHA-51 C] ed nts. Extended: TLS TPS protocol S using TLS a d D Copyrig key generation ryptographic K in accordanc M, XTS] mod ing: AES as s GCM as specif pecified in IS message a ey generation yptographic K message auth C-[selection: S size (in bits) u its that meet th Code, and FIP 12] S selected that complies s specified in Date of Issue: 2 ght Canon Inc n (Symmetric K Key Material e with a speci de and cryptog specified in IS ified in ISO/IE SO/IEC 19772 authentica (Symmetric K Key Material hentication in SHA-1, SHA- used in HMA he following: PS PUB 180-3 s with RFC 28 FCS_TLS_EX 2022/07/27 c. 2021 Keys) ified graphic SO/IEC IEC 19772, 2, and ation) Keys) n -224, AC], and FIPS 3, 818. XT.1. FCS_IPSE FCS_IPSE FCS_IPSE FCS_IPSE FCS_IPSE Hierar Depen EC_EXT.1.1 EC_EXT.1.2 [select – EC_EXT.1.3 otherw EC_EXT.1.4 [select with a togethe RFC 4 [select with 3602 spec – EC_EXT.1.5 Phase for ext other R [select specifi functio [select 2409 exten hash trave [sele – rchical to: ndencies: The TS The TS tion: tunnel m transport m The TS wise unmatche The TS tion: the crypt Secure Hash er with a Secu 4106, AES-GC tion: the crypt h a Secure Has 2) together wi cified in RFC 4 the crypto with a Sec by RFC 3 AES-GCM The TS 1 exchanges, tended sequen RFCs for hash tion: with no s ied in section ons]]. tion: IKEv1, u 9, RFC 4109, nded sequenc h functions]; IK ersal, with ma ection: no othe IKEv1, us No oth FIA_P FCS_C keys) FCS_C encryp FCS_C genera FCS_C FCS_C authen FCS_R Genera SF shall imple SF shall imple mode, transpor mode SF shall have ed, and discard SF shall imple tographic algo Algorithm (SH ure Hash Algo CM-256 as spe tographic algo sh Algorithm ith a Secure H 4106, AES-GC graphic algor cure Hash Al 3602) togeth M-128 as speci SF shall imple as defined in nce numbers, R h functions, RF support for NA 2.23], and [se using Main Mo [selection: no e numbers], a KEv2 as defin andatory supp er RFCs for h ing Main Mo 47 her componen PSK_EXT.1 E CKM.1(a) Cry COP.1(a) Cryp ption/decryptio COP.1(b) Cry ation/verificati COP.1(c) Cryp COP.1(g) Cry ntication) RBG_EXT.1 E ation) ement the IPse ement [selecti rt mode] a nominal, fin ds it. ement the IPse orithms AES-C HA)-based HM orithm (SHA)- ecified in RFC orithms AES-C (SHA)-based H Hash Algorithm CM-256 as sp rithms AES-C lgorithm (SH her with a S fied in RFC 4 ement the prot RFCs 2407, 2 RFC 4304 for FC 4868 for h AT traversal, w election: no oth Mode for Phase o other RFCs f and [selection: ned in RFCs 5 port for NAT tr hash functions, ode for Phase nts. Extended: Pre- yptographic K ptographic Op on) yptographic Op ion) ptographic Op yptographic Op Extended: Cry ec architecture ion: tunnel mo nal entry in th ec protocol ES CBC-128 (as s MAC, AES-CB -based HMAC C 4106]. CBC-128 (as HMAC, AES- m (SHA)-base pecified in RFC CBC-128 (as HA)-based HM Secure Hash 4106, AES-GC tocol: [selecti 2408, 2409, R extended sequ hash functions with mandator her RFCs for e 1 exchanges, for extended s no other RFC 5996, [selectio raversal as sp , RFC 4868 fo e 1 exchange D Copyrig -Shared Key C Key Generation peration (Sym peration (for s peration (Hash peration (for k yptographic O e as specified ode, transport he SPD that m SP as defined specified by R BC-256 (as sp C, AES-GCM-1 specified by R CBC-256 (as ed HMAC, AES C 4106] s specified by MAC, AES-C Algorithm ( CM-256 as spe on: IKEv1, us RFC 4109, [sel uence number s]; IKEv2 as d ry support for hash function , as defined in sequence num Cs for hash fu on: with no sup pecified in sec or hash functio es, as defined Date of Issue: 2 ght Canon Inc Composition n (for asymme mmetric signature h Algorithm) keyed-hash m Operation (Ran in RFC 4301 mode]. matches anythin by RFC 4303 RFC 3602) tog pecified by RF 128 as specifi RFC 3602) tog specified by R S-GCM-128 a y RFC 3602) CBC-256 (as (SHA)-based ecified in RFC sing Main Mod lection: no oth rs], and [selec defined in RFC r NAT traversa ns, RFC 4868 f n RFCs 2407, bers, RFC 43 unctions, RFC pport for NAT ction 2.23], an ons]] d in RFCs 24 2022/07/27 c. 2021 etric essage ndom Bit . ng that is 3 using gether FC 3602) ed in gether RFC as ) together specified d HMAC, C 4106 de for her RFCs ction: no Cs 5996, al as for hash 2408, 04 for 4868 for T d 407, 2408, FCS_IPSE FCS_IPSE FCS_IPSE FCS_IPSE FCS_IPSE [select num – [select – EC_EXT.1.6 protoc 3602 a algorit [select – [select – EC_EXT.1.7 EC_EXT.1.8 on [sel limited establi time va [select pack Phas [sele limit – [select limit – EC_EXT.1.9 MODP (384-b implem [select Rand the T – EC_EXT.1.10 [select 2409, RFC 4304 for e functions, tion: no other mbers] RFC 4304 tion: no other RFC 4868 The TS ol uses the cry and [selection thm]. tion: IKEv1, IK IKEv1 tion: AES-GC no other al The TS The TS lection: numb d to: 24 hours ished based on alues can be l tion: IKEv2 SA kets/number of se 1 SAs and 8 ection: numbe ted to: 24 hou IKEv1 SA packets/nu 24 hours fo tion: number o ted to: 24 hou length of t and 8 hour The TS P), and [select bit Random EC mented by the tion: 24 (2048 dom ECP, 5 ( TOE], no othe 19 (256-bi 0 The TS tion: RSA, ECD C 4109, [sele extended seq RFC 4868 fo r RFCs for ext for extended r RFCs for has for hash func SF shall ensur yptographic a : AES-GCM-1 IKEv2] CM-128, AES-G lgorithm SF shall ensur SF shall ensur er of packets/n for Phase 1 S n [selection: n limited to: 24 A lifetimes ca of bytes; length 8 hours for Ph er of packets/n urs for Phase 1 A lifetimes umber of byte for Phase 1 SA of packets/num urs for Phase 1 time, where t rs for Phase 2 SF shall ensur tion: 24 (2048 CP, 5 (1536-b TOE], no oth 8-bit MODP w (1536-bit MOD er DH groups] it Random EC SF shall ensur CDSA] algorith 48 ction: no oth quence numb or hash functi ended sequen d sequence nu sh functions, R ctions re the encrypt lgorithms AE 128, AES-GCM GCM-256 as s re that IKEv1 re that [selecti /number of byt SAs and 8 hou number of pac hours for Pha n be establish h of time, whe hase 2 SAs]; IK number of byte 1 SAs and 8 h can be es es ; length of As and 8 hou mber of bytes; 1 SAs and 8 h the time valu 2 SAs re that all IKE 8-bit MODP w bit MODP)), [a her DH groups with 256-bit P DP)), [assignm ] CP), 20 (384- re that all IKE hm and Pre-sh her RFCs for bers], and [se ons] ce numbers, R umbers RFC 4868 for ed payload in S-CBC-128, A M-256 as spec specified in R Phase 1 exch ion: IKEv2 SA tes; length of urs for Phase 2 ckets/number o ase 1 SAs and hed based on [ ere the time va IKEv1 SA lifet es ; length of t ours for Phas stablished b f time, where rs for Phase ; length of tim ours for Phas ues can be lim E protocols im with 256-bit PO assignment: o s]. OS), 19 (256- ment: other DH -bit Random E E protocols per hared Keys. D Copyrig extended seq election: no RFC 4304 for hash function the [selection AES-CBC-25 cified in RFC RFC 5282, no o hanges use onl A lifetimes can time, where th 2 SAs]; IKEv1 of bytes ; leng 8 hours for P [selection: num alues can be li times can be e time, where th se 2 SAs]] based on [s the time val 2 SAs] me, where the t se 2 SAs] mited to: 24 h mplement DH G OS), 19 (256-b ther DH group -bit Random E DH groups that ECP) rform Peer Au Date of Issue: 2 ght Canon Inc quence numb other RFCs extended sequ ns] n: IKEv1, IKE 6 as specified 5282, no othe other algorith ly main mode. n be establishe he time values 1 SA lifetimes gth of time, wh Phase 2 SAs]]. mber of imited to: 24 h established bas he time values selection: nu lues can be li time values ca hours for Pha Groups 14 (20 bit Random E ups that are ECP), 20 (384 t are impleme uthentication u 2022/07/27 c. 2021 bers, RFC for hash uence Ev2] d in RFC er hm] . ed based s can be can be here the hours for sed on can be umber of imited to: an be ase 1 SAs 048-bit ECP), 20 -bit ented by using the FCS_KY FCS_KYC FCS_RB FCS_RBG [select – YC_EXT.1 Hierar Depend C_EXT.1.1 BEV o using t combin deriva mainta [select more as sp encr key t – [select FCS in F – [sele – BG_EXT.1 Gene Hierar Depen G_EXT.1.1(ne in acco Hash_ [select – [select – tion: RSA, EC RSA, ECD Exten rchical to: dencies: The TS or DEK; interm the following ning as specif tion as specifi aining an effec tion: one, usin e submask(s) pecified in FC ryption as spec transport as sp intermedia using the FCS_COP specified i transport a tion: key wrap S_SMC_EXT.1 FCS_KDF_EX key combi ction: 128 bits 256 bits (network) eration) rchical to: ndencies: etwork): ordance with [ _DRBG (any), tion: ISO/IEC NIST SP 8 tion: Hash_DR CTR_DRB CDSA] DSA nded: Key No oth [FCS_C FCS_S FCS_C FCS_K FCS_C SF shall main mediate keys o method(s): [se fied in FCS_SM fied in FCS_KD ctive strength ng a submask to the BEV or CS_COP.1(e), cified in FCS_ specified in FC ate keys origi e following P.1(e), key com in FCS_COP as specified in pping as specif 1, key encrypt XT.1, key transp ining as speci s, 256 bits] Extend No oth No dep The TSF [selection: ISO HMAC_DRB C 18031:2011, 800-90A RBG (any), H BG (AES) 49 y Chaining er component COP.1(e) Cry SMC_EXT.1 E COP.1(f) Cryp KDF_EXT.1 C COP.1(i) Cryp ntain a key cha originating fro election: key w MC_EXT.1, k KDF_EXT.1, ke of [selection: as the BEV or r DEK using th key combinin _COP.1(f), key CS_COP.1(i)] inating from method(s): mbining as sp P.1(f), key de n FCS_COP. ified in FCS_C ion as specifie sport as specif ified in FCS_ ded: Crypto her componen pendencies. shall perform O/IEC 18031: BG (any), CTR NIST SP 800 HMAC_DRBG ts. yptographic op Extended: Sub ptographic ope Cryptographic tographic ope ain of: [selecti om one or mor wrapping as sp key encryption ey transport a 128 bits, 256 r DEK; interm he following m ng as specified ey derivation a ] one or more [selection: pecified in FC rivation as sp 1(i)] COP.1(e), key ed in FCS_CO fied in FCS_C _SMC_EXT.1 ographic O nts. m all determini 2011, NIST SP R_DRBG (AES 0-90A] G (any), CTR_D D Copyrig peration (Key bmask Combin eration (Key E Operation (K eration (Key T ion: one, using re submask(s) specified in FC n as specified i as specified in 6 bits]. mediate keys o method(s): [se d in FCS_SMC as specified in e submask(s) key wrapp CS_SMC_EX specified in F y combining as OP.1(f), key de COP.1(i)] 1 Operation stic random b SP 800-90A] u S)]. DRBG (AES)] Date of Issue: 2 ght Canon Inc Wrapping), ning, Encryption), Key Derivation Transport)] g a submask a ) to the BEV o CS_COP.1(e), in FCS_COP. FCS_COP.1( originating fro election: key w C_EXT.1, key n FCS_KDF_E ) to the BEV ing as spe XT.1, key encr FCS_KDF_EX s specified in erivation as sp (Random B bit generation using [selection ] 2022/07/27 c. 2021 n), and/or as the or DEK , key 1(f), key (i)]] while om one or wrapping EXT.1, V or DEK ecified in ryption as XT.1, key pecified Bit services n: FCS_RBG FCS_RB FCS_RBG FCS_RBG FCS_SM G_EXT.1.2(ne that ac softwa hardwa least e "Secur [select [assi – [assign – [select – BG_EXT.1(s Hierar Depen G_EXT.1.1(ss accord Hash_ [select – [select – G_EXT.1.2(ss accum softwa hardwa least e "Secur [select [assi [assign – [select – MC_EXT.1 Hierar Depen etwork): ccumulates ent are-based nois are-based nois qual to the gre rity Strength T tion: [assignm ignment: num [assignmen nment: numbe 1 tion: 128 bits, 256 bits ssd) Exten rchical to: ndencies: d): The TS dance with [se _DRBG (any), tion: ISO/IEC NIST SP 8 tion: Hash_DR Hash_DRB d): The de mulates entropy are-based nois are-based nois qual to the gre rity Strength T tion: [assignm ignment: num – [ass sou nment: numbe 1 tion: 128 bits, 256 bits Exten rchical to: ndencies: The deter tropy from [se se source(s), [a se source(s)] w eatest security Table for Hash ment: number o mber of hardwa nt: number of er of hardwar 256 bits] nded: Cryp No oth No dep SF shall perfo lection: ISO/I HMAC_DRB C 18031:2011, 800-90A RBG (any), H BG (SHA-25 eterministic R y from [select se source(s), [a se source(s)] w eatest security Table for Hash ment: number o mber of hardwa signment: nu rce(s) er of hardwar 256 bits] nded: Sub No oth FCS_C 50 rministic RBG election: [assi assignment: n with a minimu y strength, acc h Functions", of software-ba are-based sou f hardware-b re-based sourc ptographic her componen pendencies. orm all determ IEC 18031:20 BG (any), CTR NIST SP 800 HMAC_DRBG 6) RBG shall be s tion: [assignm assignment: n with a minimu y strength, acc h Functions", of software-ba are-based sou umber of ha re-based sourc bmask Com her componen COP.1(c) Cryp G shall be seed gnment: numb umber of hard um of [selecti cording to ISO of the keys an ased sources] urces] hardwar ased sources ces] c Operatio nts. ministic random 011, NIST SP 8 R_DRBG (AES 0-90A] G (any), CTR_D eeded by at le ment: number o umber of hard um of [selecti cording to ISO of the keys an ased sources] urces] hardwar ardware-base ces] mbining nts. ptographic op D Copyrig ded by at least ber of softwar dware-based s on: 128 bits, 2 O/IEC 18031:2 nd hashes that software-base re-based noise s] hardware-b n (Random m bit generatio 800-90A] usin S)]. DRBG (AES)] east one entrop of software-ba dware-based s on: 128 bits, 2 O/IEC 18031:2 nd hashes that software-base re-based noise d sources] h peration (Hash Date of Issue: 2 ght Canon Inc t one entropy re-based sourc sources] 256 bits] of en 2011 Table C. t it will genera ed noise sourc e source(s)] based noise so m Bit Gene on services in ng [selection: ] py source that ased sources] sources] 256 bits] of en 2011 Table C. t it will genera ed noise sourc e source(s)] hardware-bas h Algorithm) 2022/07/27 c. 2021 source ces] ntropy at .1 ate. ce(s), ource(s) eration) n t ntropy at .1 ate. ce(s), sed noise FCS_SMC FCS_TL FCS_TLS_ C_EXT.1.1: OR (X [select S_EXT.1 Hierar Depend _EXT.1.1The 2246), Manda  Option [select The TS XOR), SHA-25 tion: exclusive – SHA Exten rchical to: dencies: e TSF shall im TLS 1.1 (RFC atory Ciphersu TLS_RSA nal Ciphersuit tion: None TLS_RSA TLS_DH TLS_DH TLS_RSA TLS_RSA TLS_DH TLS_DH TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD SF shall comb 6, SHA-512] t e OR (XOR), S A-256 nded: TLS No oth FCS_C FCS_C encrypt FCS_C generat FCS_C FCS_C authent FCS_R Genera mplement one C 4346), TLS uites: A_WITH_AE tes: A_WITH_AE HE_RSA_WIT HE_RSA_WIT A_WITH_AE A_WITH_AE HE_RSA_WIT HE_RSA_WIT DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA 51 bine submasks to generate an SHA-256, SHA S selected er component CKM.1(a) Cry COP.1(a) Cryp tion/decryptio COP.1(b) Cryp tion/verificatio COP.1(c) Cryp COP.1(g) Cryp tication) RBG_EXT.1 E ation) or more of the 1.2 (RFC 524 ES_128_CBC_ ES_256_CBC TH_AES_128 TH_AES_256 ES_128_CBC ES_256_CBC TH_AES_128 TH_AES_256 WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE WITH_AES_ WITH_AES_ WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE s using the fol n intermediary A-512 ] ts. yptographic Ke ptographic Op on) ptographic Op on) ptographic Op ptographic Op Extended: Cry e following pr 46)] supportin _SHA C_SHA 8_CBC_SHA 6_CBC_SHA C_SHA256 C_ SHA256 8_CBC_ SHA 6_CBC_ SHA _128_CBC_S _256_CBC_S ES_128_CBC ES_256_CBC _128_CBC_S _256_CBC_S _128_GCM_S _256_GCM_S ES_128_GCM ES_256_GCM D Copyrig llowing metho y key or BEV. ey Generation peration (Symm peration (for si peration (Hash peration (for k yptographic Op rotocols [selec g the followin A A A256 A256 SHA SHA C_SHA C_SHA SHA256 SHA384 SHA256 SHA384 M_SHA256 M_SHA384 Date of Issue: 2 ght Canon Inc od [selection: n (for asymme metric ignature h Algorithm) keyed-hash me peration (Ran ction: TLS 1.0 ng ciphersuite 2022/07/27 c. 2021 exclusive etric keys) essage ndom Bit 0 (RFC s: 6.2.4 C FDP_AC ]. [select – [select ]. Class FDP CC.1 Subs Hierar Depen TLS_ECD TLS_ECD tion: TLS 1.0 TLS 1.2 (R tion: None TLS_RSA TLS_DH TLS_DH TLS_RSA TLS_RSA TLS_DH TLS_DH TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_RSA TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD : User Data set access rchical to: ndencies: DHE_ECDSA DHE_ECDSA (RFC 2246), T RFC 5246) A_WITH_AE HE_RSA_WIT HE_RSA_WIT A_WITH_AE A_WITH_AE HE_RSA_WIT HE_RSA_WIT DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA DHE_ECDSA DHE_ECDSA A_WITH_AE DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA a Protectio s control No oth FDP_A 52 A_WITH_AE A_WITH_AE TLS 1.1 (RFC ES_256_CBC TH_AES_128 TH_AES_256 ES_128_CBC ES_256_CBC TH_AES_128 TH_AES_256 WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE WITH_AES_ WITH_AES_ WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE A_WITH_AE A_WITH_AE ES_256_CBC WITH_AES_ WITH_AES_ WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE on her componen ACF.1 Securit ES_128_CBC ES_256_CBC C 4346), TLS 1 C_SHA 8_CBC_SHA 6_CBC_SHA C_SHA256 C_ SHA256 8_CBC_ SHA 6_CBC_ SHA _128_CBC_S _256_CBC_S ES_128_CBC ES_256_CBC _128_CBC_S _256_CBC_S _128_GCM_S _256_GCM_S ES_128_GCM ES_256_GCM ES_128_CBC ES_256_CBC C_SHA _128_CBC_S _256_CBC_S _128_GCM_S _256_GCM_S ES_128_GCM ES_256_GCM nts. ty attribute ba D Copyrig C_SHA256 C_SHA384 1.2 (RFC 5246 A A A256 A256 SHA SHA C_SHA C_SHA SHA256 SHA384 SHA256 SHA384 M_SHA256 M_SHA384 C_SHA256 C_SHA384 SHA SHA SHA256 SHA384 M_SHA256 M_SHA384 ased access co Date of Issue: 2 ght Canon Inc 6)] ontrol 2022/07/27 c. 2021 FDP_ACC FDP_AC FDP_ACF FDP_ACF FDP_ACF FDP_ACF Prin Sca C.1.1 Refinem and op CF.1 Secu Hierar Depend F.1.1 Refinem follow F.1.2 Refinem contro subjec Table F.1.3 Refinem follow Contro objects [assign secu – F.1.4 Refinem additio based [assign secu – nt Job ow U.ADM U.NOR Unauth an Job ow U.ADM U.NOR ment: The TS perations amon urity attribu rchical to: dencies: ment: The TS wing: subjects, ment: The TS lled subjects a cts and contro 15 and Table ment: The TS wing additional ol SFP, based s]. nment: rules t urity attributes None ment: The TS onal rules: [as on security at nment: rules t urity attributes None Table 15 Operation: wner MIN RMAL henticated Operation: wner MIN RMAL SF shall enfor ng subjects an ute based No oth FDP_A FMT_M SF shall enfor objects, and a SF shall enfor and controlled olled objects u e 16. SF shall expli l rules: [assign d on security a that do not co s, that explicit SF shall expli signment: rul ttributes, that that do not co s, that explicit - D.USER.D "Create Submit document t printed (note 1 allowed allowed allowed denied Submit document scannin (note 2 allowed allowed allowed 53 rce the User D nd objects spe access co er component ACC.1 Subset MSA.3 Static rce the User D attributes spec rce the follow d objects is all using controlle icitly authorise nment: rules t attributes, that onflict with th tly authorise a icitly deny acc les that do not explicitly deny onflict with th tly deny acces DOC Acces e" "R a to be d View or R pri ou ) d allo d de d de d de a t for ng View s im ) d allo d de d de Data Access C cified in Tabl ontrol ts. access contro c attribute init Data Access C cified in Tabl ing rules to de lowed: rules g ed operations e access of sub that do not co t explicitly au e User Data A access of subje cess of subject t conflict with ny access of su e User Data A ss of subjects t ss Control S Read" w image Release inted utput M owed enied enied enied scanned mage M owed enied enied D Copyrig Control SFP o le 15 and Tab ol tialization Control SFP t e 15 and Tab etermine if an governing acc s on controlled bjects to objec onflict with th thorise access Access Contro ects to objects ts to objects b h the User Da ubjects to obje Access Contro to objects] SFP "Modify" Modify stored document allowed denied denied denied Modify stored image allowed denied denied Date of Issue: 2 ght Canon Inc on subjects, ob ble 16. to objects base ble 16. n operation am cess among co d objects spec cts based on th e User Data A s of subjects to ol SFP, based s] based on the fo ata Access Con ects]. ol SFP, based "Delete" Delete stor documen allowed allowed denied denied Delete stor image allowed allowed denied 2022/07/27 c. 2021 bjects, ed on the mong ontrolled cified in he Access o d on ollowing ntrol SFP, d on " red nt red Cop Fax se Fax recei Stora retrie Prin Unauth py Job ow U.ADM U.NOR Unauth end Job ow U.ADM U.NOR Unauth x ive Fax ow U.ADM U.NOR Unauth ge / eval Job ow U.ADM U.NOR Unauth nt Job ow henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated Table 16 Operation: wner denied Submit a document f copying (note 2 allowed allowed allowed denied Submit documen send as a f (note 2 allowed allowed allowed denied Receive a f and store it (note 3 allowed (note 4 allowed (note 4 allowed allowed Store document (note 1 allowed allowed allowed denied - D.USER.J "Create" Create pri job (note 1) allowed 54 d de for View s image Releas printe outpu ) d allo d de d de d de a t to fax View s im ) d allo d de d de d de fax t View f image Releas printe outpu ) d allo ) d allo ) d de d de Retrie stored docum ) d allo d allo d de d de JOB Acces " * "R int View queu ) d allo enied scanned e or se ed copy t Mo im owed enied enied enied scanned mage M owed enied enied enied fax e or se ed fax t Mo of fax owed owed enied enied eve d ment Mo do owed owed enied enied ss Control S ead" " w print ue / log M owed D Copyrig denied Modify stored mage allowed denied denied denied Modify stored image allowed denied denied denied Modify image f received x allowed allowed denied denied Modify stored ocument allowed denied denied denied SFP "Modify" Modify print job allowed Date of Issue: 2 ght Canon Inc denied Delete store image allowed allowed denied denied Delete stor image allowed allowed denied denied Delete imag of received fax allowed allowed denied denied Delete store document allowed allowed denied denied "Delete" Cancel prin job allowed 2022/07/27 c. 2021 ed red ge ed nt Sca Cop Fax se Fax recei Stora retrie Applica The fol Note 1: U.ADM U.NOR Unaut an Job ow U.ADM U.NOR Unaut py Job ow U.ADM U.NOR Unaut end Op Job ow U.ADM U.NOR Unaut x ive Fax ow U.ADM U.NOR Unaut age / eval Job ow U.ADM U.NOR Unaut ation notes: lowing Notes Job Owner is MIN RMAL henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated peration: wner MIN RMAL henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated that are refere s identified by allowed allowed denied Create sca job (note 2) allowed allowed allowed denied Create cop job (note 2) allowed allowed allowed denied Create fa send job (note 2) allowed allowed allowed denied Create fax receive job (note 3) allowed (note 4) allowed (note 4) allowed allowed Create stor / retrieval j (note 2) allowed allowed allowed denied enced in Tabl y a credential o 55 d allo d den den an View statu ) d allo d allo d allo den opy View statu ) d allo d allo d den den ax b View f queu ) d allo d allo d allo den View f receive / log ) d allo ) d allo ) d allo d den rage job View s retriev ) d allo d allo d allo den e 15 and Tabl or assigned to owed nied nied w scan us / log M owed owed owed nied w copy us / log M owed owed nied nied fax job ue / log M owed owed owed nied fax e status Mo rec owed owed owed nied storage / val log Mo sto ret owed owed owed nied le 16: o an authorized D Copyrig denied denied denied Modify scan job allowed allowed denied denied Modify copy job denied denied denied denied Modify fax send job allowed allowed denied denied Modify fax ceive job denied denied denied denied Modify orage / trieval job denied denied denied denied d User as part Date of Issue: 2 ght Canon Inc allowed denied denied Cancel scan job allowed allowed denied denied Cancel copy job allowed allowed denied denied Cancel fax send job allowed allowed denied denied Cancel fax receive job denied allowed denied denied Cancel storage / retrieval job allowed allowed denied denied t of the proces 2022/07/27 c. 2021 n y x b ss of submitt Note 2: or retrie Note 3: faxes is Note 4: FDP_DS FDP_DSK FDP_DSK FDP_FX FDP_FXS_ 6.2.5 C FIA_AFL FIA_AFL. ting a print or Job Owner is eval Job. Job Owner o s assigned to a PSTN faxes a SK_EXT.1 E Hierar Depen K_EXT.1.1 use a s certifie Device [select Field the F – K_EXT.1.2 XS_EXT.1 Hierar Depen _EXT.1.1The User D Class FIA: L.1 Auth Hierar Depen .1.1 The TS config authen [select with – storage Job. s assigned to a f received fax a specific user are received f Extended: rchical to: ndencies: The TS self-encrypting ed to conform e contains no p tion: perform d-Replaceable FDE EE cPP] perform en The TS Exten rchical to: ndencies: e TSF shall pr Data using fax Identificat hentication rchical to: ndencies: SF shall detec urable positiv ntication attem tion: [assignm hin [assignmen an admin acceptable an authorized xes is assigned r or U.ADMIN from outside o Protect No oth FCS_C Encryp SF shall [selec g Field-Repla to the FDE E plaintext User encryption in e Nonvolatile ] ncryption in a SF shall encry nded: Fax No oth No dep rohibit commu x protocols. ion and Au n failure ha No oth FIA_U ct when [selec ve integer with mpts occur rela ment: positive nt: range of ac istrator conf e values] 56 User as part o d by default or N role. of the TOE, th tion of Dat her componen COP.1(d) Cry ption/Decrypt ction: perform aceable Nonvo EE cPP], such r Document D accordance w Storage Devi accordance w ypt all protecte separatio her componen pendencies. unication via t uthenticatio andling her componen UAU.1 Timing tion: [assignm hin [assignmen ated to [assign integer numbe cceptable valu figurable po of the process r configuration hey are not init ta on Disk nts. yptographic op tion). m encryption in olatile Storage h that any Field Data and no pl with FCS_CO ice that is sepa with FCS_COP ed data withou n nts. the fax interfa on nts. g of authentica ment: positive nt: range of ac nment: list of a er], an admini ues]] ositive intege D Copyrig of initiating a n. Minimally, tiated by User peration (AES n accordance e Device that i d-Replaceable aintext Confid OP.1(d), use a arately CC ce P.1(d) ut user interve ace, except tran ation integer numb cceptable valu authentication istrator config er within [a Date of Issue: 2 ght Canon Inc a scan, copy, f ownership of rs of the TOE. Data with FCS_CO is separately C e Nonvolatile dential TSF D self-encryptin rtified to conf ention. nsmitting or r er], an admini ues]] unsucce n events]. gurable positiv assignment: 2022/07/27 c. 2021 fax send, f received . OP.1(d), CC Storage Data. ng form to receiving istrator ssful ve integer range of FIA_AFL. FIA_ATD FIA_ATD FIA_PMG FIA_PMG FIA_PSK [assign – [assign – .1.2 When surpas [select – [assign – D.1 User Hierar Depen .1.1 The TS [assign [assign – G_EXT.1 Hierar Depen G_EXT.1.1 passwo   [select – [assign – K_EXT.1 Hierar Depen nment: range positive in nment: list of Login attem the defined nu sed], the TSF tion: met, surp met nment: list of lock out un r attribute d rchical to: ndencies: SF shall main nment: list of s nment: list of User Name Exten rchical to: ndencies: The TS ords: Passwords sh letters, numb "^", "&", "*" Minimum pas to require pas tion: "!", "@" "!", "@", " nment: other c "(space)", "{", "|", "} Exten rchical to: ndencies: of acceptable nteger within f authenticatio mpts from th umber of unsu shall [assignm passed] f actions] ntil preset tim definition No oth No dep tain the follow security attrib f security attrib e, Role nded: Pas No oth No dep SF shall provi hall be able to ers, and the fo , "(", ")", [assi ssword length sswords of 15 , "#", "$", "% "#", "$", "%", characters] """, "'", "+", ", "~" nded: Pre- No oth FCS_R Genera 57 e values] 1 to 10 n events] e control pan uccessful auth ment: list of a me has passed her componen pendencies. wing list of se butes]. butes] sword Ma her componen pendencies. ide the follow be composed ollowing spec ignment: othe h shall be setta characters or ", "^", "&", "* , "^", "&", "* ",", "-", "/", -Shared Ke her componen RBG_EXT.1 E ation) nel or remote hentication att ctions]. d that can set nts. curity attribut nagement nts. wing password of any combi ial characters: er characters]] able by an Adm greater; *", "(", ")", [as ", "(", ")", [as ":", ";", "<", ey Compo nts. Extended: Cry D Copyrig UIs or Printe empts has bee in 1 - 60 min tes belonging management ination of upp : [selection: "! ]; ministrator, an ssignment: oth ssignment: ot "=", ">", "?" osition yptographic O Date of Issue: 2 ght Canon Inc er Driver. en [selection: nutes to individual capabilities fo per and lower !", "@", "#", " nd have the ca her character ther character , "[", "¥", "]" Operation (Ran 2022/07/27 c. 2021 met, users: for User case "$", "%", apability rs]] rs] ", "_", "`", ndom Bit FIA_PSK_ FIA_PSK_ FIA_PSK_ FIA_UAU FIA_UAU FIA_UAU FIA_UAU FIA_UAU _EXT.1.1 The _EXT.1.2 The   [select – [assign – _EXT.1.3 The SHA-5 other p using t [select – [assig – [select pre- – U.1 Timin Hierar Depen U.1.1 Refinem with th not ch [assign SFP – U.1.2 The TS TSF-m U.7 Prote Hierar Depen U.7.1 The TS e TSF shall be e TSF shall be 22 character lengths]; composed o characters ( tion: [assignm [assignmen nment: other s Up to 24 c e TSF shall co 512, [assignme pre-shared key the random bi tion: SHA-1, S SHA-1, SH gnment: meth SHA-384 tion: use no o shared keys u use no oth ng of auth rchical to: ndencies: ent: The TS he User Data ange any TSF nment: list of P, and do not p Submit Fa SF shall requi mediated action ected auth rchical to: ndencies: SF shall provi e able to use p e able to accep rs in length an of any combin that include: " ment: other sup nt: other supp supported len characters ondition the te ent: method of ys; accept bit- it generator sp SHA-256, SHA HA-256, [assi od of conditio ther pre-share using the rand er pre-shared entication No oth FIA_U SF shall allow Access Contr F data] on beh f TSF mediated provide access x receive job ire each user t ns on behalf o hentication No oth FIA_U ide only [assig 58 pre-shared key pt text-based p nd [selection: nation of upper "!", "@", "#", pported length ported length gths] ext-based pre-s f conditioning -based pre-sh pecified in FC A-512, [assign ignment: met oning text strin ed keys; accep dom bit genera d keys her componen UID.1 Timing w [assignment rol SFP, and d half of the use d actions that s to D.TSF.CO b o be successfu of that user. n feedback her componen UAU.1 Timing gnment: list of ys for IPsec. pre-shared key [assignment: r and lower ca "$", "%", "^" hs], no other l hs] shared keys by g text string]] a ared keys; gen CS_RBG_EXT nment: method thod of condi ng] pt bit-based pr ator specified nts. of identificati : list of TSF m do not provide er to be perfor do not conflic ONF, and do n ully authentica k nts. g of authentica f feedback] to D Copyrig ys that are: other support ase letters, num , "&", "*", "(" lengths] y using [selec and be able to nerate bit-bas T.1]. d of condition tioning text s re-shared key in FCS_RBG_ ion mediated actio de access to D. rmed before th ct with the Use not change an ated before al ation the user whil Date of Issue: 2 ght Canon Inc ted lengths], n mbers, and sp ", and ")"). ction: SHA-1, S o [selection: us sed pre-shared ing text string tring] ys; generate bi _EXT.1] ons that do no .TSF.CONF, he user is auth er Data Acces ny TSF data] llowing any ot e the authenti 2022/07/27 c. 2021 no other pecial SHA-256, se no d keys g]] it-based t conflict and do henticated. ss Control ther cation is FIA_UID FIA_UID. FIA_UID. FIA_USB FIA_USB. FIA_USB. FIA_USB. 6.2.6 C FMT_MO in prog [assign – D.1 Timin Hierar Depen 1.1 Refineme with th not ch [assign Con – 1.2 The TS TSF-m B.1 User Hierar Depen .1.1 The TS of that [assign – .1.2 The TS with su attribu [assign – .1.3 The TS associa attribu [assign – Class FMT OF.1 Mana Hierar Depend gress. nment: list of f *, ● ng of identi rchical to: ndencies: ent: The TS he User Data ange any TSF nment: list of ntrol SFP, and Submit Fa SF shall requi mediated action r-subject b rchical to: ndencies: SF shall assoc t user: [assignm nment: list of User Name SF shall enfor ubjects acting utes]. nment: rules f None SF shall enfor ated with subj utes]. nment: rules f None : Security agement o rchical to: dencies: f feedback] fication No oth No dep SF shall allow Access Contr F data] on beh f TSF-mediated d do not provi x receive job ire each user t ns on behalf o binding No oth FIA_A ciate the follow ment: list of u user security e, Role rce the followi g on the behalf for the initial a rce the followi jects acting on for the changi Manageme of security No oth FMT_S 59 her componen pendencies. w [assignment rol SFP, and d half of the use d actions that ide access to D b o be successfu of that user. her componen ATD.1 U wing user secu user security a attributes] ing rules on th f of users: [ass association of ing rules gove n the behalf of ing of attribut ent functions er component SMR.1 Se nts. : list of TSF-m do not provide er to be perfor t do not confli D.TSF.CONF ully identified nts. User attribute d urity attribute attributes]. he initial assoc signment: rule f attributes] erning change f users: [assign es] behavior ts. ecurity roles D Copyrig mediated actio de access to D. rmed before th ict with the Us F, and do not d before allow definition s with subject ciation of user es for the initi es to the user s nment: rules f Date of Issue: 2 ght Canon Inc ons that do no .TSF.CONF, he user is iden User Data Acce change any T wing any other ts acting on th r security attri ial association security attribu for the changi 2022/07/27 c. 2021 ot conflict and do ntified. ess TSF data] he behalf ibutes n of utes ing of FMT_MO FMT_MS FMT_MSA FMT_MS FMT_MSA OF.1.1 Refinem enable [select – [assign – SA.1 Mana Hierar Depend A.1.1 Refinem [select attribu [select – [assig – [assign – [assign Security at User Name Role SA.3 Static Hierar Depen A.3.1 Refinem ment: The TS e, modify the b tion: determin disable, ena nment: list of f TLS agement o rchical to: dencies: ment: The TS tion: change_d utes [assignme tion: change_ query, mod gnment: other create nment: list of Refer to " nment: the au – Ref Table 17 ttributes e c attribute rchical to: ndencies: ment: The TS FMT_S SF shall restri behaviour of] t ne the behavio able f functions] of security No oth FDP_A FMT_S FMT_S SF shall enfor default, query ent: list of secu _default, query dify, delete, [ operations] f security attrib Security attri uthorised ident fer to " Autho - Managem Operation query create,delete query create,modify e initializat No oth FMT_ FMT_ SF shall enfor 60 SMF.1 Sp ict the ability t the functions our of, disable attributes er component ACC.1 Su SMR.1 Se SMF.1 Sp rce the User D y, modify, dele urity attribute y, modify, dele [assignment: butes] ibutes " in Ta tified roles] orised role(s)" ment of secu y,delete ion her componen _MSA.1 M _SMR.1 Se rce the User D pecification o to [selection: [assignment: e, enable, mod ts. ubset access c ecurity roles pecification o Data Access C ete, [assignme s] to [assignm ete, [assignme other operati able 17 - Man " in Table 17 urity attribu Authorised r U.ADMIN, the owning U U.ADMIN U.ADMIN U.ADMIN nts. Management of ecurity roles Data Access C D Copyrig f Managemen determine the list of function dify the behavi control f Managemen Control SFP t ent: other oper ment: the autho ent: other oper ons] nagement secu - Manageme utes role(s) U.NORMAL f security attri Control SFP t Date of Issue: 2 ght Canon Inc nt Functions e behaviour of ns] to U.ADM iour of] nt Functions to restrict the rations]] the s orised identifi rations]] urity attribute ent security at ibutes to provide [se 2022/07/27 c. 2021 f, disable, MIN. ability to security ied roles]. es ttributes lection, FMT_MSA FMT_MT FMT_MTD FMT_SM FMT_SMF choose attribu [select – A.3.2 Refinem initial [select – TD.1 Mana Hierar Depend D.1.1 Refinem specifi Data User passw Audit log Date/Time IPSec setti TLS setting Auto Reset Lockout po Password p Audit log e Firmware MF.1 Spec Hierar Depen F.1.1: The e one of: restr utes that are us tion, choose o restrictive ment: The TS values to over tion: U.ADMI no role agement o rchical to: dencies: ment: The TS ied TSF Data Table word e setting ngs gs t Time setting olicy settings policy setting export setting cification o rchical to: ndencies: e TSF shall be rictive, permis sed to enforce one of: restrict SF shall allow rride the defau IN, no role] of TSF data No oth FMT_S FMT_S SF shall restri a to the roles 18- Device g s gs gs of Managem No oth No dep e capable of pe 61 ssive, [assignm the SFP. tive, permissiv w the [selection ult values whe a er component SMR.1 Se SMF.1 Sp ict the ability t specified in T manageme Operation create, delet modify query modify query, modi query, modi query, modi query, modi query, modi query, modi modify ment Func her componen pendencies. erforming the ment: other pr ve, [assignme n: U.ADMIN, en an object o ts. ecurity roles pecification o to perform th Table 18. ent Function te ify ify ify ify ify ify ctions nts. following ma D Copyrig roperty]] defau nt: other prop N, no role] to s or information f Managemen he specified o n Authorised r U.ADMIN U.ADMIN, the owning U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN anagement fun Date of Issue: 2 ght Canon Inc ult values for perty]] pecify alterna is created. nt Functions operations on role(s) U.NORMAL nctions: [assig 2022/07/27 c. 2021 security ative the L gnment: FMT_SM FMT_SMR FMT_SMR 6.2.7 C There are n 6.2.8 C FPT_KY FPT_KYP FPT_SK FPT_SKP_ FPT_STM list of m [assign – MR.1 Secu Hierar Depen R.1.1 Refinem R.1.2 The T Class FPR no class FPR Class FPT: YP_EXT.1 E Hierar Depen P_EXT.1.1 Re specifi KP_EXT.1 E Hierar Depen _EXT.1.1The M.1 Relia management f nment: list of Refer to T Ta Managem User Man Date/Tim IPSec sett TLS settin Auto Rese Lockout p Password Audit log Trusted U urity roles rchical to: ndencies: ment: The TS SF shall be a : Privacy R requirement : Protection Extended: rchical to: ndencies: efinement: ied by FCS_K Extended: rchical to: ndencies: e TSF shall pr able time s functions prov f management f able 19. ble 19– Man ment Function negement Fun me setting Man tings Manege ngs Manegem et Time settin policy setting d policy settin Manegemen Update Maneg No oth FIA_U SF shall main able to associa s. n of the TS Protect No oth No dep The TSF KYC_EXT.1 in Protect No oth No dep revent reading stamps 62 vided by the T functions pro nagement F ns nction negement Fun ement Functio ment Function ng Manegeme gs Manegeme ngs Manegem nt Function gement Funct her componen UID.1 Ti ntain the roles ate users with SF tion of Key her componen pendencies. shall not store n any Field-R tion of TSF her componen pendencies. g of all pre-sha TSF]. vided by the T unctions nction on n ent Function nt Function ment Function tion nts. iming of ident U.ADMIN, U h roles. y and Key nts. e plaintext key Replaceable N F Data nts. ared keys, sym D Copyrig TSF] tification U.NORMAL Material ys that are par Nonvolatile St mmetric keys, Date of Issue: 2 ght Canon Inc rt of the keych torage Device and private k 2022/07/27 c. 2021 hain e. eys. FPT_STM FPT_TST FPT_TST_ FPT_TU FPT_TUD FPT_TUD FPT_TUD 6.2.9 C There are n 6.2.10 C FTA_SS FTA_SSL. Hierar Depen M.1.1 The TS T_EXT.1 Hierar Depen _EXT.1.1The the cor D_EXT.1 Hierar Depend D_EXT.1.1 version D_EXT.1.2 TOE f D_EXT.1.3 using a installi [select – Class FRU no class FRU Class FTA: L.3 (LUI) Hierar Depen .3.1 (LUI) user in [assign – rchical to: ndencies: SF shall be ab Exten rchical to: ndencies: e TSF shall ru rrect operation Exten rchical to: dencies: The TS n of the TOE The TS firmware/softw The TS a digital signa ing those upda tion: publishe no other fu : Resource U requirement : TOE Acce TSF- rchical to: ndencies: The TS nactivity]. nment: time in User inacti No oth No dep ble to provide nded: TSF No oth No dep un a suite of se n of the TSF. nded: Trus No oth FCS_C generat FCS_C SF shall provi firmware/soft SF shall provi ware. SF shall provi ature mechanis ates. ed hash, no oth unctions e Utilization ts. ess initiated te No oth No dep SF shall termi nterval of user ivity at the co 63 her componen pendencies. reliable time F testing her componen pendencies. elf-tests during sted Upda er component COP.1(b) Cryp tion/verificatio COP.1(c) Cryp ide authorized tware. ide authorized ide a means to sm and [select her functions] n ermination her componen pendencies. inate an intera r inactivity] ontrol panel l nts. stamps. nts. g initial start-u te ts. ptographic Op on), ptographic ope d administrato d administrato o verify firmw tion: publishe n nts. active session asting for the D Copyrig up (and power peration (for si eration (Hash ors the ability t ors the ability t ware/software u ed hash, no oth after a [assign e specified pe Date of Issue: 2 ght Canon Inc r on) to demon ignature Algorithm). to query the c to initiate upd updates to the her functions] nment: time in eriod of time 2022/07/27 c. 2021 nstrate urrent dates to e TOE prior to nterval of FTA_SS FTA_SSL. 6.2.11 C FTP_ITC FTP_ITC. FTP_ITC. FTP_ITC. FTP_TR L.3 (RUI) Hierar Depen .3.1 (RUI) user in [assign – Class FTP: C.1 Inter- Hierar Depend .1.1 Refineme trusted follow is logic end po the ch [select – [select – [assig – .1.2 Refineme commu .1.3 Refineme of serv [assign P.1(a) Tru Hierar Depend TSF- rchical to: ndencies: The TS nactivity]. nment: time in User inacti : Trusted P -TSF trust rchical to: dencies: ent: The TS d communica wing capabilit cally distinct f oints and prote hannel data. tion: IPsec, S IPsec tion: authenti [assignmen gnment: other File server ent: The TS unication via ent: The TS vices for whic nment: list of – Sen usted path rchical to: dencies: initiated te No oth No dep SF shall termi nterval of user ivity at the R Paths/Chan ed channe No oth [FCS_I FCS_T FCS_S FCS_H SF shall use [ ation channel b ies: [selection from other co ection of the c SSH, TLS, TL tication server nt: other cap capabilities] r, Audio log s SF shall perm the trusted ch SF shall initia ch the TSF is f services for w nd service, Au h (for Adm No oth [FCS_I 64 ermination her componen pendencies. inate an intera r inactivity] Remote UI las nnels el er component IPSEC_EXT.1 TLS_EXT.1 Ex SSH_EXT.1 E HTTPS_EXT.1 selection: IPs between itself n: authenticat mmunication channel data fr LS/HTTPS] r, [assignmen abilities] server, Time s mit the TSF, or hannel ate communica able to initiat which the TSF udit log servic inistrators er component IPSEC_EXT.1 n nts. active session ting for the sp ts. 1 Extended: IP xtended: TLS xtended: SSH 1 Extended: H sec, SSH, TLS f and authoriz tion server, [a channels and rom disclosur t: other capab server r the authoriz ation via the tr te communica F is able to in ce, Time serv s) ts. 1 Extended: IP D Copyrig after a [assign pecified perio Psec selected, selected, or H selected, or HTTPS selecte S, TLS/HTTP zed IT entitie assignment: o provides assu re and detecti bilities]] zed IT entitie rusted channe ations]. nitiate commu vice Psec selected, Date of Issue: 2 ght Canon Inc nment: time in od of time , or ed]. PS] to provide es supporting other capabilit ured identifica ion of modifi es, to initiate el for [assignm unications] , or 2022/07/27 c. 2021 nterval of e a the ties]] that ation of its cation of ment: list FTP_TRP FTP_TRP FTP_TRP FTP_TR FTP_TRP FTP_TRP initiate co FTP_TRP user auth 6.3 Se Table 20 li EAL1 augm Assuranc .1.1(a) Refine TLS/H admin identif detect [select – .1.2(a) Refine trusted .1.3(a) Refine authen P.1(b) Tru Hierar Depend .1.1(b) Refine TLS/H logical points of the [select – P.1.2(b) Ref ommunicat [select – P.1.3(b) Ref hentication ecurity Ass ists the Securi mented by A ce class ement:The TS HTTPS] to pr nistrators that fication of its e tion of modifi tion, choose a IPsec, TLS ement:The TS d path ement:The TS ntication and usted path rchical to: dencies: ement: HTTPS] to pro lly distinct fro and protectio communicat tion, choose a IPsec finement: tion via the tion: the TSF, remote use finement: and all rem surance Re ity Assurance ASE_SPD.1. Table 20-TO FCS_T FCS_S FCS_H SF shall use [ rovide a truste t is logically d end points and ication of the at least one of S/HTTPS SF shall perm SF shall requi d all remote a h (for Non- No oth [FCS_I FCS_T FCS_S FCS_H The TSF ovide a truste om other comm n of the comm ted data. at least one of The TSF trusted pat F, remote users ers The TSF mote user ac equirement Requirement OE Security Assuran 65 TLS_EXT.1 Ex SSH_EXT.1 E HTTPS_EXT.1 selection, cho ed communic distinct from o d protection o communicat f: IPsec, SSH mit remote adm ire the use of t administration -administra er component IPSEC_EXT.1 TLS_EXT.1 Ex SSH_EXT.1 E HTTPS_EXT.1 shall use [sele ed communica munication pa municated data f: IPsec, SSH F shall per th s] F shall requ ctions. ts s for Protectio y Assuranc nce compone xtended: TLS xtended: SSH 1 Extended: H oose at least o ation path bet other commun of the commun ted data. H, TLS, TLS/H ministrators t the trusted pat n actions. ators) ts. 1 Extended: IP xtended: TLS xtended: SSH 1 Extended: H ection, choos ation path betw aths and provi a from disclos H, TLS, TLS/H mit [selecti uire the use on Profile for ce Requirem ents D Copyrig selected, or H selected, or HTTPS selecte one of: IPsec, tween itself an nication paths nicated data fr HTTPS] to initiate com th for initial a Psec selected, selected, or H selected, or HTTPS selecte e at least one ween itself an des assured id sure and dete HTTPS] ion: the TS e of the trus r Hardcopy D ments Date of Issue: 2 ght Canon Inc ed]. , SSH, TLS, nd remote and provides rom disclosur mmunication v administrator , or ed]. of: IPsec, SS nd remote use dentification o ection of mod SF, remote u sted path fo Devices, an 2022/07/27 c. 2021 assured re and via the r SH, TLS, rs that is of its end dification users] to or initial nd related Assuranc ADV: De AGD: Gu ALC: Lif ASE: Sec ATE: Te AVA: Vu 6.4 Se 6.4.1 T This sectio Funct Requir FAU_GEN. FAU_GEN.2 FAU_SAR.1 FAU_SAR.2 FAU_STG.1 FAU_STG.4 FAU_STG_ FCS_CKM. FCS_CKM. ce class evelopment uidance doc fe-cycle sup curity Targ sts ulnerability ecurity func The depen on provides th T tional rement 1 2 1 2 1 4 _EXT.1 1(a) 1(b) cuments port get evaluatio assessmen ctional req dencies of he justificatio able 21- The Dependenc by FPT_STM.1 FAU_GEN.1 FIA_UID.1 FAU_GEN.1 FAU_SAR.1 FAU_GEN.1 FAU_STG.1 FAU_GEN.1 FTP_ITC.1 FCS_COP.1(b FCS_CKM_EX [FCS_COP.1(a or FCS_COP.1 or FCS_COP.1 or FCS_COP.1 or FCS_COP.1 or FCS_COP.1 Assuran ADV_F AGD_O AGD_P ALC_C ALC_C on ASE_C ASE_E ASE_IN ASE_O environ ASE_R ASE_S ASE_T ATE_IN nt AVA_V uirements f security re on for any dep e dependen cies required CC ) XT.4 a), 1(d), 1(e), 1(f), 1(g), 1(h)] 66 nce compone FSP.1 Basic OPE.1 Oper PRE.1 Prepa CMC.1 Labe CMS.1 TOE CCL.1 Confo ECD.1 Exten NT.1 ST int OBJ.1 Secu nment REQ.1 State SPD.1 Secur TSS.1 TOE s ND.1 Indep VAN.1 Vuln rationale equiremen pendencies no cies of sec d Depende b FPT_STM. FAU_GEN FIA_UID.1 FAU_GEN FAU_SAR FAU_GEN FAU_STG FAU_GEN FTP_ITC.1 FCS_COP. FCS_CKM FCS_COP. FCS_COP. FCS_COP. FCS_CKM FCS_RBG_ ents c functional rational use arative proc elling of the CM covera ormance cla nded compo troduction urity objec ed security r rity problem summary sp pendent test nerability su nts ot met urity requir encies satisfie by ST .1 N.1 1 N.1 R.1 N.1 G.1 N.1 1 .1(b) M_EXT.4 .1(a) .1(d) .1(g) M_EXT.4 _EXT.1(networ D Copyrig specificatio er guidance cedures TOE ge aims onents defin ctives for requiremen m definition pecification ting – Confo urvey rements ed Reason d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) rk) N/A (dep satisfied) Date of Issue: 2 ght Canon Inc on nition the oper nts ormance n for not me dependencies pendencies are pendencies are pendencies are pendencies are pendencies are pendencies are pendencies are pendencies are pendencies are 2022/07/27 c. 2021 rational eeting s Funct Requir FCS_CKM_ FCS_CKM.4 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_HTTPS FCS_IPSEC FCS_KYC_ FCS_RBG_E (network) FCS_RBG_E FCS_SMC_ FCS_TLS_E tional rement _EXT.4 4 (a) (b)(update) (b)(tls) (b)(ipsec) (c) (d) (g) S_EXT.1 C_EXT.1 _EXT.1 EXT.1 EXT.1(ssd) _EXT.1 EXT.1 Dependenc by FCS_CKM_EX FCS_RBG_EX [FCS_CKM.1( or FCS_CKM. FCS_CKM.4 [FCS_CKM.1( or FCS_CKM. FCS_CKM.1(b FCS_CKM_EX FCS_CKM.1(a FCS_CKM_EX FCS_CKM.1(a FCS_CKM_EX FCS_CKM.1(a FCS_CKM_EX No dependenci FCS_CKM.1(b FCS_CKM_EX FCS_CKM.1(b FCS_CKM_EX FCS_TLS_EX FIA_PSK_EX FCS_CKM.1(a FCS_COP.1(a) FCS_COP.1(b FCS_COP.1(c) FCS_COP.1(g FCS_RBG_EX [FCS_COP.1(e or FCS_SMC_ or FCS_COP.1 or FCS_KDF_ and/or FCS_CO No dependenci No dependenci FCS_COP.1(c) FCS_CKM.1(a cies required CC XT.4 XT.1 (a) .1(b)] (a) .1(b)] b) XT.4 a) XT.4 a) XT.4 a) XT.4 ies b) XT.4 b) XT.4 XT.1 T.1 a) ) ) ) ) XT.1 e), _EXT.1, 1(f), _EXT.1, OP.1(i)] ies ies ) a) 67 d Depende b FCS_RBG_ FCS_CKM FCS_CKM FCS_CKM FCS_CKM FCS_CKM FCS_CKM FCS_CKM No depend FCS_CKM FCS_CKM FCS_CKM FCS_CKM No depend FCS_CKM FCS_CKM FCS_CKM FCS_CKM FCS_TLS_ FIA_PSK_ FCS_CKM FCS_COP. FCS_COP. FCS_COP. FCS_COP. FCS_RBG_ k) FCS_SMC No depend No depend FCS_COP. FCS_CKM encies satisfie by ST _EXT.1(ssd) M.1(a) M.1(b) M.4 M.1(a) M.1(b) M.1(b) M_EXT.4 dencies M.1(a) M_EXT.4 M.1(a) M_EXT.4 dencies M.1(b) M_EXT.4 M.1(b) M_EXT.4 _EXT.1 _EXT.1 M.1(a) .1(a) .1(b) (ipsec) .1(c) .1(g) _EXT.1(netwo _EXT.1 dencies dencies .1(c) M.1(a) D Copyrig ed Reason d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) FCS_CKM because: Since onl performed embedded generatio the encry unnecess N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) or N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (no d N/A (dep satisfied) N/A (dep Date of Issue: 2 ght Canon Inc n for not me dependencies pendencies are pendencies are pendencies are M.4 are not cla ly the verificati d with the publ d in advance, on and destruct yption key are ary. pendencies are pendencies are dependencies) pendencies are pendencies are pendencies are pendencies are pendencies are dependencies) dependencies) pendencies are pendencies are 2022/07/27 c. 2021 eeting s aimed on is lic key tion of Funct Requir FDP_ACC.1 FDP_ACF.1 FDP_DSK_E FDP_FXS_E FIA_AFL.1 FIA_ATD.1 FIA_PMG_E FIA_PSK_E FIA_UAU.1 FIA_UAU.7 FIA_UID.1 FIA_USB.1 FMT_MOF. FMT_MSA. FMT_MSA. FMT_MTD. FMT_SMF. FMT_SMR. FPT_KYP_E FPT_SKP_E FPT_STM.1 FPT_TST_E FPT_TUD_E tional rement 1 1 EXT.1 EXT.1 EXT.1 EXT.1 1 7 .1 .1 .3 .1 1 1 EXT.1 EXT.1 1 EXT.1 EXT.1 Dependenc by FCS_COP.1(a) FCS_COP.1(b FCS_COP.1(c) FCS_COP.1(g FCS_RBG_EX FDP_ACF.1 FDP_ACC.1 FMT_MSA.3 FCS_COP.1(d No dependenci FIA_UAU.1 No dependenci No dependenci FCS_RBG_EX FIA_UID.1 FIA_UAU.1 No dependenci FIA_ATD.1 FMT_SMR.1 FMT_SMF.1 FDP_ACC.1 FMT_SMR.1 FMT_SMF.1 FMT_MSA.1 FMT_SMR.1 FMT_SMR.1 FMT_SMF.1 No dependenci FIA_UID.1 No dependenci No dependenci No dependenci No dependenci FCS_COP.1(b FCS_COP.1(c) cies required CC ) ) ) ) XT.1 d) ies ies ies XT.1 ies ies ies ies ies ies ) ) 68 d Depende b FCS_COP. FCS_COP. FCS_COP. FCS_COP. FCS_RBG_ k) FDP_ACF. FDP_ACC FMT_MSA FCS_COP. No depend FIA_UAU. No depend No depend No depend FIA_UID.1 FIA_UAU. No depend FIA_ATD. FMT_SMR FMT_SMF FDP_ACC FMT_SMR FMT_SMF FMT_MSA FMT_SMR FMT_SMR FMT_SMF No depend FIA_UID.1 No depend No depend No depend No depend FCS_COP. FCS_COP. encies satisfie by ST .1(a) .1(b)(tls) .1(c) .1(g) _EXT.1(netwo .1 .1 A.3 .1(d) dencies .1 dencies dencies dencies 1 .1 dencies 1 R.1 F.1 .1 R.1 F.1 A.1 R.1 R.1 F.1 dencies 1 dencies dencies dencies dencies .1(b) (update) .1(c) D Copyrig ed Reason d or satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (dep satisfied) N/A (no d N/A (no d FCS_RBG claimed b Not requi selected i N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (dep satisfied) N/A (no d N/A (no d N/A (no d N/A (no d N/A (dep satisfied) Date of Issue: 2 ght Canon Inc n for not me dependencies pendencies are pendencies are pendencies are dependencies) pendencies are dependencies) dependencies) G_EXT.1 is no because: ired because it i in SFR. pendencies are pendencies are dependencies) pendencies are pendencies are pendencies are pendencies are pendencies are dependencies) pendencies are dependencies) dependencies) dependencies) dependencies) pendencies are 2022/07/27 c. 2021 eeting s t is not Funct Requir FTA_SSL.3 FTA_SSL.3 FTP_ITC.1 FTP_TRP.1( FTP_TRP.1( tional rement (LUI) (RUI) (a) (b) Dependenc by No dependenci No dependenci [FCS_IPSEC or FCS_TLS_E or FCS_SSH_E or FCS_HTTP [FCS_IPSEC_ or FCS_TLS_E or FCS_SSH_E or FCS_HTTP [FCS_IPSEC_ or FCS_TLS_E or FCS_SSH_E or FCS_HTTP cies required CC ies ies _EXT.1, EXT.1, EXT.1, PS_EXT.1] _EXT.1, EXT.1, EXT.1, PS_EXT.1] _EXT.1, EXT.1, EXT.1, PS_EXT.1] 69 d Depende b No depend No depend FCS_IPSE FCS_IPSE FCS_TLS_ FCS_HTTP FCS_IPSE encies satisfie by ST dencies dencies C_EXT.1 C_EXT.1 _EXT.1 PS_EXT.1 C_EXT.1 D Copyrig ed Reason d N/A (no d N/A (no d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) Date of Issue: 2 ght Canon Inc n for not me dependencies dependencies) dependencies) pendencies are pendencies are pendencies are 2022/07/27 c. 2021 eeting s 7 TOE 7.1 Us – Sup FIA To identify before the job is inpu performed User authe – For user au authenticat password t remote UI. The TOE m authenticat FIA_USB The TO E pro vide s a lockout fun The lock out func tion can be set only by U. The follow out. – Ac an att – Th co TOE has a inactivity. Op pan Re Op pan Re E Summar ser Authen pported fun A_USB.1, FIA y and authent user operates ut, identificati d. However, su entication sup Internal Au Authenticat uthentication, tion succeeds text area at th . [FIA_UAU maintains use ted, the attrib .1] nction in orde .ADMIN. Th wing condition ccumulate th nd lock out th tempts is reac he lockout tim onfigured lock an automatic l The administ peration nel: mote UI: peration nel: mote UI: ry specific tication Fu nctional req A_AFL.1, FT ticate a legitim s the digital m ion authentica ubmission of pports the foll uthentication tion is based o , the TOE pro s only if the u he time of pas U.7] er names and bute is allocat er to minimiz e operation is ns can be set he number of he account tha ched. The allo me is set to kout time. logout functio trator can set – Settings/R Managem Register/E – Settings/R Authentic – Settings/R Settings > – Settings/R Authentic cation unction quirements: TA_SSL.3(L mate user, the multifunction ation of a use f a fax receivi lowing authen on user inform ompts input o user name and ssword input roles as attrib ted by issuing ze invalid log s as follows for the locko f failed login at failed to lo owable numb 3 or grater o on that autom t the automati Registration > ment > Authen Edit Authenti Registration > cation Manag Registration > > Authenticat Registration > cation/Passwo 70 FIA_UAU. LUI), FTA_S e TOE requir device in an er requested th ing job is perm ntication met mation regist of the user na d password m is displayed a butes for the g an access co gin attempts. [ out function. I attempts from og in and den ber of login at out of 1 - 60 matically logs ic logout time > Device Sett ntication Man ication User > Managemen gement > Device Sett tion/Password > Managemen ord Settings > .1, FIA_UID SL.3(RUI) res identificat operation pa hrough a prin mitted. [FIA_ thods: tered in the de me, password matches the on as "*" in the o user. If the u ontrol token ( [FIA_AFL.1 If the conditio m the operati ny login when ttempts is set 0. The user is out a logged e by setting th tings > Manag nagement > U nt Settings > tings > Manag d Settings > A nt Settings > > Authenticat D Copyrig D.1, FIA_U tion and authe anel or a remo nter driver on _UAU.1, FIA evice. d, and the log ne at the spec operation pan ser's identity (ACT) for eac ] ons are met, t ion panel/rem n the set num t to 3 or less o s not allowed d-in user after he Auto Rese gement Settin Use User Auth User Manage gement Settin Authenticatio Security Sett tion Function Date of Issue: 2 ght Canon Inc UAU.7, FIA entication of ote UI. When a client PC i A_UID.1] gin destination cified destinat nel and "●" is successful ch user.[FIA_ the account is mote UI/print mber of allowa out of 1 - 10. d to log in d r a specified p et Time when ngs > User hentication > ement > ngs > Securit on Function S tings > n Settings> 2022/07/27 c. 2021 A_ATD.1, the user a print is n. User tion. The " in the lly _ATD.1, s locked ter driver, able login during the period of n logging > y ettings> in from the [FTA_SSL The auto mati c logo ut time setti ngs can be set only by U.ADM The follow is logged o – The sess ion setti ngs can be The follow account is – 7.2 Ac The TOE h function, s – – – – – The TOE p assigned to authenticat 7.2.1 P Op pan Re Re e operation pa L.3(RUI)] MIN. The ope wing condition out. At the contr from 10 seco e set only by U wing condition logged out. When the ti operating the ccess Cont has the follow scan function, print functio scanning fu copy functi fax functio function document s performs thes o the user acc ted. Print proce peration nel: mote UI: mote UI: anel or by ses eration is as fo ns can be set rol panel, ses onds to 9 min U.ADMIN. T ns can be set imeout perio e Remote UI trol Functio wing access c , copy functio on: print proc unction: scan on: copy proc on: Fax tran tore and retri se access con cording to the ess control – Settings/R Auto Rese – Settings/R Restrict A – Settings/R Settings > – Settings/R Time – Settings/R ssion settings ollows for the autom ssion timeout nutes can be s The operation for the sessio d set by the . Choose from on control functio on, fax functi cess control f process contr cess control f smission pro ieve function ntrol functions e contents of t l function Registration > et Time Registration > Auto Reset Ti Registration > > Auto Reset Registration > Registration > 71 s when loggin matic logout f t occurs after specified (Init n is as follows on manageme session man m 15 to 150 m ons for jobs a ion, and docu function rol function function ocess control : document st s by identifyi the ACT issu > Device Sett > Device Sett ime > Preferences Time > Preferences > Preferences ng in from the function. If th r a specified tial value: 2 m s ent function. nagement set minutes (Initi and document ument storage l function a tore and retrie ng the user n ued to the use tings > Prefer tings > Prefer s > Timer/Ene s > Timer/Ene s > Network S D Copyrig e remote UI. he conditions period of us minutes). If the conditi tting function al value: 15 m ts in jobs pro e and retrieval nd fax recep eve process c name and iden r who is iden rences > Time rences> Time ergy Settings ergy Settings Settings > Ses Date of Issue: 2 ght Canon Inc [FTA_SSL.3 are met, the ser inactivity ions are met, n has elapsed minutes). ocessed by the l function of ption proces control functi ntifying the ro ntified and er/Energy Se er/Energy Set > Power Sav > Restrict Au ssion Settings 2022/07/27 c. 2021 3(LUI)] account . A value the d without e print the TOE. ss control on ole ttings > ttings > ve uto Reset s – Sup TOE provi jobs is init change the When a pr determines access con [Submit a TOE allow printed and The metho held by the - The us user u user au sent if [View ima TOE allow printed out The metho - If a use display - The pr - The da TOE does output. [View prin TOE allow The metho - Job ow check the job of the maske - If a Job display - U.ADM jobs th pported func ides the follow tialized with t e user name a rint job is exe s the owner o ntrol. a document t w all authentic d to create pr od for inputtin e print functio ser executes p ses the user a uthentication f user authent age or Releas w Job owner ( tput the imag od for viewing er logs in to t yed. rint function c ata held by th not allow U,A nt queue / lo w Job owner o od for viewing wner and U.A the list of job b log only dis print job). Fo ed and cannot b owner logs yed. MIN can log hat are printin ctional requir wing access c the name of th assigned to job cuted, TOE t of a print job v o be printed cated users (J rint job. TOE ng print docu on. printing via a authentication n is successful tication fails. se printed ou (a user whom ges of digital d g image or re the machine a can display im he print functi ADMIN, U.N g] or U.ADMIN g the print qu ADMIN can lo bs that are pr splays the job or jobs owned t be viewed in in to the mac in to the Rem ng/waiting to rements: FD control functi he user that g bs. temporarily sa via the user n , Create prin Job owner, U does not allo uments and cr printer drive n function of l, the print job utput] m user name is documents fo elease printed and selects

, the lis e held data. inted. r Unauthentic nt queue / log. ndicated belo ontrol panel a g to be printe er owns (whe ers, informati ueue / log. ects , use the [Statu r check the jo FDP_ACF.1, rint process. T job when the ut printing im d to the print U.NORMAL ticated users. obs is indicat nt PC. User a river to log in h the user nam e name of the that are tempo dicated below st of data held ated users to . ow. and use the < ed or check th en the name o ion such as jo the list of da us Monitor/Ca ob log. D Copyrig FMT_MSA The user nam e job is gener mmediately. F job, and perf ) to submit a ted below. Th authentication n to the mach me assigned. T print job) to orarily saved. w. d for the logg view image o Status Monit he job log. Ho of the user ma ob names and ata held for th ancel] screen Date of Issue: 2 ght Canon Inc A.3 me assigned to rated. No user Furthermore, forms the foll document to he data for pr n is performed ine when prin The print job view image o . ged in user is or to release p tor/Cancel> s owever, for J atches the use d user names he logged in u to check the 2022/07/27 c. 2021 o print rs can TOE lowing be rinting is d when a nting. If is not or release printed creen to Job owner, er name are user is list of TOE does [Modify st TTOE allo The metho - If a use The im - If a use If you TOE does Modify pri [Delete sto TOE allow The metho - If a Job display docum - You ca print d and pr - U.ADM [Statu TOE does 7.2.2 S – Sup TOE provi jobs is init user can ch Scan job h respectivel [Delayed s When a sc sending it [Preview] not allow U.N tored docum ow Job owner od for modify er logs in to t mage view fun er logs in to t select a job, not allow U,A int job. ored docume w Job owner o od for deleting b owner logs yed. The job ments. an log in to th documents. Jo rint document MIN can log s Monitor/Ca not allow U.N Scan proce pported func ides the follow tialized with t hange the use has a function ly. scan] an job with th until the spec NORMAL or ment, Modify r to modify st ying print doc the machine a nction of the the machine a you can chan ADMIN, U.N ent, Cancel p or U.ADMIN g stored docu in to the mac deletion func he machine an ob owner can ts of all users in to the Rem ancel] screen. NORMAL or ess contro ctional requir wing access c the name of th er name assig n for temporar he Delayed sc cified time. r Unauthentic y print job] tored docume cument and m and selects

, the lis n can be used Print>, the lis onditions (num r Unauthentic ored documen nceling print cesses rint function d cancel print rint jobs they lete the print cated users to DP_ACC.1, F ions for the s generated the an document can jobs, whic executed, the o view print q fy print job. nt job is indic st of data held d to modify (d st of data held mber of copie ated users to nt and cancel job is indicat >, the list of d can be used t jobs from the own and U.A jobs and prin o delete stored FDP_ACF.1, can process. job when the and the scan ch are [Delay machine tem D Copyrig queue / log. cated below. d for the logg delete) indivi d for the logg es, print rang Modify store print job. ted below. data held for to delete all p e Status Mon ADMIN can d nt documents d document a FMT_MSA The user nam e scan job is g n job. yed scan] and mporarily save Date of Issue: 2 ght Canon Inc ged in user is idual pages. ged in user is ge, etc.) ed document the job owne print jobs and nitor screen to delete the pri of all users f and cancel pri A.3 me assigned to generated. Al [Preview], es the job wit 2022/07/27 c. 2021 displayed. displayed. and er is d print o delete nt jobs from the int job. o scan lso, no thout The TOE c immediate [Submit a TOE allow The metho - Place t destina docum connec - Place t press < job is specifi TOE does [View scan TOE allow The metho - Place t destina docum TOE does [View scan TOE allow The metho - Log in Howev status, job is - U.ADM "Statu TOE does [Modify st TOE allow can be transm ely after readi a document f w Job owner, od for submitt the document ation and pre ment is read, a cted to the TO the document bu generated, th fied file serve not allow Un nned image] w Job owner t od for viewing the document ation. Enable ment is scanne not allow U,A n status / log w Job owner, od for viewing n to the operat ver, in the ca , but details s displayed in MIN logs in t us Monitor/Ca not allow Un tored image] w Job owner t mitted after th ing the origin for scanning, U.ADMIN o ting a docum t on the scann ess and image da OE. t on the scann utton. When t he document i r from the LA nauthenticated to view scann g scanned im t on the scann e the button. The ta are stored. ner, log in to the fax transm is read, and im AN connected d users to sub ned image. mage is indicat ner, log in to w> mode in t anned image NORMAL or r U.NORMA / log is indica d check the jo RMAL, a job l estination of a ry. UI, and the j d users to vie red image. 74 ts are preview scan job with n job] AL to submit a ning and creat the operation destination c After that, it the operation mission docum mage data is s d to the TOE bmit a docum ted below. the operation the is displayed r Unauthentic AL to view sc ated below. ob status and list containin another user's job status and ew scan status wed and confi the preview a document f ting scan job n panel, select can be a file s t is transmitte n panel, select ment is previ stored. After . ment for scann n panel, select > settings and on the touch ated users to an status / log d job history b ng another use s job are not d d job history c s / log. D Copyrig irmed withou setting is inp for scanning a is indicated b t , sele ously set to b that, it is tran ning and creat t , select n job is gener server from th ct the recipie be backed up, nsmitted to th te scan job. Send>, select ART> button. y. d image. the "Status M e displayed in so, only log i ed by "Send" 2022/07/27 c. 2021 g an job. t the rated, the he LAN ent and , a scan he t the The Monitor". n the job in user's " on the The metho - Place t destina docum touch TOE does [Modify sc TOE allow The metho - Select TOE does [Delete s TOE allow The metho - Place t and pre the sen - Place t destina the sen docume - Place t destina job stat d job. the originals o ation. Then en d document d ent and the se the originals o ation. Then en tus on the to delete t ents, the scan can only dele MIN can log to delete send not allow U.N Copy proce pported func ides the follow ying stored im t on the scann e the . The destin NORMAL or , Cancel scan or U.ADMIN g stored imag on the scanne >. Press mode in t can be delete NORMAL or N to modify sc is indicated b played by log nation can be r Unauthentic n job] N to delete sto ge or cancelin er, log in to th ncel> on the s er, log in to th eview> mode the touch pan er, log in to th elayed Send> r> screen afte ument and sen nd scan job s when the nam mote UI, selec and send job r Unauthentic ol function rements: FD control functi 75 ated below. the operation the ed or moved w r Unauthentic can job. below. gging in to the changed by d cated users to ored image or ng scan job is he machine, s scanning scre he machine, s e in mode in settings and while the sca ated users to e machine and displaying and press < fter the origin select and p als are scanne n the machine ckup destinati r matches the send jobs fro o delete stored FDP_ACF.1, opy process. T D Copyrig t . n job. job. elow. and Send>, s the scanned s and Send], an . S nals are scann and Send>, a press , select ART> button. is displayed o ed image. Status Monito elect the dest send image an nd select the top the send j ned to delete t and select the RT>. Display end job and pr k up sent fax ed. However, of the send job us Monitor/Ca ancel scan job A.3 me assigned to 2022/07/27 c. 2021 t the The on the or> tination, nd delete job with the send the send ress x a job b. ancel] b. o copy jobs is init can change [Submit a TOE allow The metho - Place t and pre TOE does [View scan TOE allow The metho - Place t from not allow Un nned image w Job owner t od for viewing the originals o Options>. Th RT> button an not allow U,A py output. opy status / lo w Job owner o od for view co an check the j ng . Pre the name of th me assigned t for copying, C U.ADMIN o ting a docum on the scanne > button. A co nauthenticated or Release p to view scann g scanned im on the scanne he image can nd selecting < ADMIN, U.N og] or U.ADMIN opy status / lo job status and onitor> > . H atus and job lo ncel] > [Copy r Unauthentic red image. mage is indica er, log in to th T> and specify 76 generated the job] AL to submit a ng or creating he machine, a eated and the bmit a docum output] release printe ing printed co he machine, p by selecting age> from a job that ha Edit & Adjust ated users to . displayed by job owners, o screen display o view copy s press a scanned job D Copyrig e copy job is for copying or indicated bel Copy>. Specif e scanned. ing or create ut. indicated be >, and select < s been scanne t>. view scanned logging in to only their ow yed by loggin status / log. >, and select < b to delete th Date of Issue: 2 ght Canon Inc generated. N r create copy low. fy the require copy job. elow. ng elease e and splayed Remote UI Blocks> TOE does [Modify c TOE does Therefore, copy jobs. [Delete s TOE allow The metho - Place t owners image d - Place t origina screen - U.ADN screen TOE does 7.2.4 F – Sup TOE provi assigned to is generate Fax send jo respectivel [Delayed s When a fax sending it [Preview] TOE can b after readin [Submit a TOE allow not allow U,A opy job] not have a fu TOE does no tored image, w Job owner o od for deleting the originals o s can press on th on the scanne d and copyin copy job and in to the Rem py jobs and de NORMAL or mission pro ctional requir wing access c b is initialized user can chan ction for temp ith the Delaye cified time. d after the job al when the f o send as a f U.ADMIN o NORMAL or modifying copy owner, U.AD y job] N to delete sto ge and cancel er, log in to th he original sc er, log in to th ng is executed d delete the sc mote UI and se elete scanned r Unauthentic ocess cont rements: FD control functi d with the nam ge the user na porarily savin ed scan mode b contents are fax send job w fax, Create fa r U.NORMA 77 r Unauthentic y jobs. DMIN, U.NOR ored image an ling copy job he machine, s anning screen he machine, s d. Cancel a co canned image elect and can d image data. cated users to rol DP_ACC.1, F ions for the fa me of the use ame assigned ng fax send jo e is executed, e previewed a with the previ ax send job] AL to submit a ated users to RMAL, or Un nd cancel copy is indicated b select n to cancel th select opy job that is e data. ncel jobs from o delete stored FDP_ACF.1, fax tarnsmissi er that genera d to the fax se obs, which are , TOE tempor and confirmed iew setting is a document to D Copyrig modify store nauthenticate y job. below. >, and press < he copy job an >, and press < s executing o m the [Status M d image and c FMT_MSA ion process. T ated the job w end document e [Delayed sc rarily saves th d without tran inputted. o send as a fa Date of Issue: 2 ght Canon Inc ed image. ed users to mo . Jo nd delete the . T on the Status M Monitor/Canc cancel copy j A.3 The user nam when the fax s t and the fax can] and [Prev he job withou nsmitting imm ax, create fax 2022/07/27 c. 2021 odify ob scanned The Monitor cel] ob. me send job send job. view], ut mediately send job. The metho indicated b - Place t press < After th TOE does [View scan TOE allow The metho - Place t Enable scanned However, cannot pre TOE does [View fax TOE allow The metho - Log in Howev status, b job is d - U.ADM "Status TOE does [Modify st TOE allow The metho - Place t Enable scanned display od for submitt below. the document but hat, it is faxed not allow Un nned image] w Job owner t od for viewing the document the mode in th nned image i a received fa send image. ADMIN, U.N log] U.ADMIN o gfax job queu tion panel and e of U.NORM uch as the des he job history to the remote ncel". nauthenticated ] to modify sto ying fax send t on the scann w> mode in th can be deleted ment for submi ner, log in to end job is gen PSTN conne d users to sub ned image. mage is indicat ner, log in to he is displayed o ax document i NORMAL or r U.NORMA ue / log is ind d check the jo MAL, a job li stination of an y. UI, and the j d users to vie red fax send image is indi ner, log in to he d or moved w 78 itting a docum the operation nerated, the d ected to the T bmit a docum ted below. the operation > settings and on the touch p in the Memor r Unauthentic AL to view fax dicated below ob status and ist containing nother user's j job status and ew fax job qu image. icated below. the operation > settings and while the scan ment to send n panel, select ocument is re OE. ment to send a n panel, select d press , sele ead, and imag as a fax, creat t , sele RT> button. . from the , sele RT> button. s displayed on Date of Issue: 2 ght Canon Inc ating fax send ct the destina ge data are sto te fax send job ct the destina The documen ax/I-Fax Inbo d image. the "Status M displayed in o, only log in ed by "Send" ct the destina The documen n the touch pa 2022/07/27 c. 2021 d job is ation and ored. b. ation. nt is ox>, you Monitor". the job n user's " on the ation. nt is anel However, cannot mo TOE does [Modify fa TOE allow The metho - Select TOE does [Delete s TOE allow The metho - Place t . Press sc the stored ima of the user ma MIN can log to delete stor not allow U.N Fax recept pported func ides the follow d by the system ere received f nting a receive he received jo a received fa ax send image ADMIN, U.N or U.ADMIN ying fax send he screen disp s>. The destin NORMAL or , Cancel fax or U.ADMIN g stored imag on the scanne Cancel> on th on the scanne w> mode in < the touch pan on the scanne d Send> mod creen after the age and fax s atches the use in to the Rem red image and NORMAL or ion proces ctional requir wing access c m, users are n faxes are save ed fax job, th ob. User nam ax document i e. NORMAL or N to modify fa job is indicat played by log nation can be r Unauthentic send job] N to delete sto ge or cancelin er, log in to th he scanning s er, log in to th Options> and nel display af er, log in to th de in

elete the store istration] generating a nt> or e store job e> on the ], and ns> and press < job stat docume matche TOE does 7.3 PS – Sup The TSF p SuperG3 p network. [F The TOE f The follow sending or performed attempts to prevent un This functi 7.4 SS – Sup All access Thus, all d built-in SS [FDP_DSK The SSD e the first tim user to set When data the SSD en SSD, all re including u 7.4.1 E – Sup To ensure the TOE p [FCS_CO – – . Di tus of a status ent and send j es the user nam not allow U.N STN Fax-Ne pported func prohibits com protocol and t FDP_FXS_E fax I/F is used wing measure r receiving a j d with the opp o communica nauthorized tr ion is always SD Encrypt pported func to the TOE e data including SD are encryp K_EXT.1.1] encryption fun me, and since anything for a including us ncryption chi eading is perf user data and Encryption pported func the confident erforms the f OP.1(d)] To encrypt To decrypt isplay the sen s confirmation job. Howeve me of the sen NORMAL an etwork Sep ctional requir mmunication v the G3 protoc EXT.1] d only for sen s are taken ag job using a fa posite side, an ate with proto ransmission a enabled and tion Functi ctional requir embedded SS g user data an pted, and the e nction is auto e there is no in the SSD enc ser data and T ip before writ formed throug d TSF data sto n/Decryptio ctional requir tiality of user following enc data written t data read from nd job status o n screen. Sele r, a job owne nd job. nd Unauthent paration Fu rements:FDP via the fax I/F col. Thus, the nding and rec gainst unauth ax I/F, first, n nd if the nego ocols other tha and reception. there is no in on rements:FDP SD is via an S nd TSF data in encrypted dat omatically en nterface to co ryption funct TSF data is w ting to the TO gh the SSD e ored in a TOE on Function rements:FCS r data and TS cryption opera to a TOE bui m a TOE bui 84 on the s b and press < elete a scan jo to cancel stor T.1 ransmission a ntrolled so as , not for other bs and comm f the SuperG3 t successful, t G3 protocol a ontrol the ope T.1 on chip moun between the c in the TOE b an SSD is con eration, there OE. [FDP_DS TOE built-in SD. Also, wh ip. To secure D by an encry d in the TOE b rypt all data s D Copyrig screen. To dis Cancel> to d ob when the n rage / retrieva and reception not to be abl r purposes. munications u 3 protocol and the line is dis and the G3 pr eration. nted on the TO ontroller boa built-in SSD. nnected to the is no need fo SK_EXT.1.2 SSD, encryp hen reading fr confidentiali yption/decryp built-in SSD stored in the T Date of Issue: 2 ght Canon Inc splay a transm elete the send name of the u al job. n of user data le to intrude i sing fax I/Fs. d the G3 prot connected. In rotocol are blo OE controller rd and the TO e TOE and sta or U.ADMIN 2] ption is perfor rom the TOE ity of all data ption function from all inter TOE built-in 2022/07/27 c. 2021 mission d user using the nto the . When ocol is n this way, ocked to r board. OE arted for or the rmed via built-in a n. rfaces, SSD. The encryp – – – 7.4.2 C – Sup FCS FPT The CSP ( CSP identi crypto key key se Next, the l [How to G The TOE g specificatio first conne encryption The encryp entropy ge noise sourc Nonce has DRBG are encryption The TOE i at the first with intern [FCS_SM After that, When the p based on th [How to M ption algorith AES as spe XTS as spe Cryptograph Cryptograp pported func S_CKM_EX T_KYP_EXT Critical Secu ification D ographic A eed Th D A life cycle (Ho Generate Cryp generates a ke ons when an ection (That is n chip and the ption chip gen eneration func ce. Entropy I s a minimum e initialized. T n chip as a key inputs a key s time, and com nal states V an MC_EXT.1, F TOE encryp power is turn he key seed a Manage Crypt hm and key u cified in ISO cified in IEE hic key size: 2 phic key m ctional requir XT.4, FCS_R T.1, FPT_SK urity Paramete escription key for encry he internal sta RBG and the ES encryptio ow to generate ptographic Ke ey seed to be administrator s, at the time e TOE contro nerates Entro ction using a nput, generat entropy of 16 Then, the DR y seed as a so seed (DRBG mputes 2 ciph nd C as subm FCS_COP.1(c ts all data sto ned on next tim and stores it in tographic Key sed for encry O/IEC 18033-3 E 1619 256 bits anagemen rements:FCS RBG_EXT.1( KP_EXT.1 er) handled b yption ate V and C o e seed value u on key genera e, manage, an eys] used in the S r instructs the of TOE prod ller. opy Input (64 random num ted by the ent 60 bits. By in RBG internal s ource of the e internal state her keys of 2 masks at the se c), FCS_CK ored in the TO me, the encry n the RAM. ys] 85 yption operati 3 nt function S_CKM.1(b) (ssd), FCS_K by the SSD en of the used for ation. nd destroy) o SSD encryptio e destruction/ duction) or at 0 bits) and N mber generator tropy generat nputting these states V and C encryption ke e V, C) to the 56 bits by pe econd and thi M.1(b)] OE built-in SS yption chip au on are as foll ), FCS_CKM KYC_EXT.1, ncryption func Storage RAM in the encryption chip FLASH memory in the encryption chip f the encrypti on function b /regeneration the time of T Nonce (256 bit r using a ring tor, has a min e values into D C are stored i y. [FCS_RB DRBG, disca rforming sub ird random nu SD. utomatically r D Copyrig lows. M.4, FCS_CK , FCS_SMC_ ction is expla State plaintext plaintext ion key is des based on the f n of the key se TOE disposal ts) input to th g oscillator as nimum entrop DRBG, intern in the FLASH G_EXT.1(ss ards the rand bmask couplin umber genera reconstructs t Date of Issue: 2 ght Canon Inc KM.1(c), _EXT.1, ained. Method o destructio Lost due t TOE pow Overwrite with fixed (0xFF) scribed. following eed at the tim between the he DRBG usin one hardwar py of 400 bits nal states V a H memory in sd)] dom number g ng using SHA ation. the encryptio 2022/07/27 c. 2021 of on to wer loss e once d value me of the ng an re-based , and and C of the generated A -256 on key Entropy ge which are (internal pr cipher key The TOE s encryption memory. Since the e chip is not plaintext, F There is no encryption chip outsid [FPT_SKP [How to D The encryp unnecessar [FCS_CK The key se changed, s panel. Des [FCS_CK 7.5 LA 7.5.1 I – Sup FTP To ensure file server/ in RFC 43 – – In order to the TOE w encrypts/d FCS_IPSE – – In order to PC to the T when an ad the protect function de eneration fun submasks. Si rocessing by y is maintaine stores the key n chip. The en encryption ch t a Field-Repl Field-Replace o TOE interfa n chip. Since t de the encryp P_EXT.1] Destroy the Cr ption key exi ry when the p KM_EXT.4/F eed becomes u such as when stroy the key KM_EXT.4/F AN Data Pro IPSec Encr pported func P_TRP.1(b), the confident /audit log serv 01 as follows Encrypting Decryption o ensure the c when a genera decrypts all IP EC_EXT.1.1 Encrypting Decryption o ensure the c TOE, the TOE dministrator p tion of the rem escribed in 7. ctions are use ince a cipher Hash DRBG d at each stag y seed from w ncryption key hip is mounted laceable Nonv eable Nonvol ace to read th there is no in tion chip, the ryptographic sts only on th power is turne FCS_CKM.4] unnecessary the TOE is d seed by overw FCS_CKM.4] otection Fu ription Fun ctional requir , FCS_IPSEC tiality and int ver/time serv s. [FTP_ITC operation for operation for onfidentiality al user perform P packets usin 1] operation for operation for onfidentiality E encrypts an performs pag mote UI oper .5.3may be u ed to supply s key of 256 b G based on SP ge of the key which the enc y is stored onl d on the TOE volatile Stora latile Storage he key seed fr nterface for re e key seed and Key] he RAM in th ed off, it is lo ] when the adm discarded. The writing it onc ] unction nction rements:FCS C_EXT.1, FI tegrity of use ver, the TOE e C.1, FCS_IPS r IP packets s r IP packets r y and integrity ms printing u ng IPSec spec r IP packets s r IP packets r y and integrity nd decrypts a ge operation o ration, not onl sed. [FTP_T 86 sufficient ent it length is co P 800 -90 A) t chain. [FCS_ ryption key o ly on the RAM E controller b age Device, a e Device. [FP rom FLASH m eading the enc d the encrypt he encryption ost when the p ministrator de e key seed is ce with a fixe S_COP.1(a), IA_PSK_EX r data and TS encrypts and SEC_EXT.1. sent to the LA received from y of user data using the prin cified in RFC sent to the LA received from y of user data ll IP packets of the remote ly the IPSec e TRP.1(a), FC tropy to the D onstituted by to this subma _KYC_EXT originates in c M in the encr oard and the a portion of th PT_KYP_EX memory in th cryption key tion key are p chip. Since t power is turn etermines that destroyed by d value (0xFF , FCS_COP. XT.1, FCS_C SF data transm decrypts all I 1] AN m the LAN a and TSF dat nter driver fro C 4301 as follo AN m the LAN a and TSF dat using IPSec s UI using a w encryption fu S_IPSEC_E D Copyrig DRBG interna performing s ask, the streng T.1] clear text in F ryption chip a FLASH mem he key chain i XT.1] he encryption from the RAM protected from the encryption ed off. t the encrypti y an instructio F). 1(c), FTP_IT OP.1(g) mitted betwee IP packets us ta transmitted m the client P ows. [FTP_T ta sent and re specified in R web browser f unction but al EXT.1.1] Date of Issue: 2 ght Canon Inc al states V and submask com gth (256 bits) FLASH memo and not in the mory in the en is not stored i chip out of th M in the encr m exposure. n key become ion key needs on from the o TC.1, FTP_T en the TOE a sing IPSec as d from the cli PC, the TOE TRP.1(b), eceived from RFC 4301 as from the clien lso the TLS e 2022/07/27 c. 2021 d C mbination ) of the ory in the e FLASH ncryption in a he ryption es s to be operation TRP.1(a), and the defined ient PC to the client follows nt PC. For ncryption – – The follow in RFC 43 Cr AE AE – Th Ke St by IPSec conn IPSec conn SPD defin communic When send priority. If When IKE priority ord performed conditions If the comm matching o [FCS_IPS The specif – – – – – The SA lif 8 hours for Encrypting Decryption wing cryptogr 03. [FCS_CO ryptographic ES-CBC+HM ES-GCM he Secure H eyed-Hash M tandard speci y HMAC is 1 nection mode nection settin es the peer co cation with th ding and rece f IKE is not es E is establishe der is confirm d by IPSec set of all SPDs a munication c of the commu SEC_EXT.1.3 fications of th IKEv1 IKE numbers, an IKEv1 payl Payload cip AES-GCM- IKEv1 Phas The suppor U.ADMIN establishme fetime of IKE r Phase 2 SA operation for operation for raphic algorith OP.1(a), FCS c algorithm MAC Hash Algorith Message Auth fied in FIPS 60 bits. [FCS e supports tran ngs define mu ondition (IP a e peer (IKE a eiving IP pack stablished, th ed, the commu med to be mat tting of the fir are discarded annot be perf unication part 3] he correspond Ev1 as defined nd RFC4868 load cipher: A phers fo IPS -128/AES-GC se 1 Key Exc rted DH grou sets which o ent during com Ev1 can be lim s. [FCS_IPS r IP packets s r IP packets r hms and keys S_COP.1(c)] Crypto 128 bit 128 bit hm (SHA) u hentication C PUB 180-3. S_COP.1(g)] nsport mode ultiple, priorit address, port and IPSec set kets, it attemp he packet is dr unication par tched while m rst matched r d. formed by the tner condition ding protocols d in RFCs 24 for hash func AES-CBC-12 Sec ESP: A CM-256 spec change Uses M ups are Grou one to use. I mmunication mited by spec EC_EXT.1.8 87 sent to the LA received from s are used to ] ographic key , 256 bit , 256 bit sed by the a Code specifie The message only. [FCS_I tized rules as number) to w ttings), and w pts to negotia ropped. rtner conditio maintaining th rule. IP packe e first matchi n with the low s in IPSec are 407, 2408, 24 ctions 28/AES-CBC AES-CBC-128 cified in RFC Main Mode O up 14 (2048 t is then det n. cifying a time 8] AN m the LAN implement th y sizes Lis FIP NI FIP FIP NI above HMAC ed in FIPS P e digest lengt IPSEC_EXT the Security which the rule whether the ru ate IKE from on of the rule he established ets that do not ing rule, the p wer priority ru e as follows. 409, and 4109 -256 as speci 8/AES-CBC- C 4106 Only (No Agg bit), ECDH ermined by p e of no more t D Copyrig he IPSec proto st of Standar PS PUB 197( ST SP 800-3 PS PUB198-1 PS PUB 197( ST SP800-38 C is SHA-1 PUB 198-1 th is 160 bits T.1.2] Policy Datab e applies, the ule itself is en valid rules ac valid from th d IKE, and co t meet the com packet is disc ule is not con [FCS_IPSEC 9, RFC4304 f ified in RFC3 256 specifie gressive Mod 256 bit, and performing k than 24 hours Date of Issue: 2 ght Canon Inc ocol ESP as s rds (AES) 8A(CBC) 1(HMAC) (AES) 8D(GCM) . SHA-1 sat and the Sec s. The key len base (SPD). method of nabled or disa ccording to th he top of the S ommunicatio mmunication arded and the nfirmed. C_EXT.1.4-7 for extended 3602 ed in RFC 3 de) d ECDH 384 key exchange s for Phase 1 2022/07/27 c. 2021 specified tisfies the cure Hash ngth used abled. he SPD SPD n is n partner e 7,9] sequence 3602 and 4 bit, and e and key SAs and All IKE pr preshared k IPSec pres The numbe combinatio "&", "*", " Only text-b used for th IKE phase The setting the rem ote UI by U.A DM IN. 7.5.2 I – Sup FCS The CSP h CSP identi presha MFP k IKE c key DH ke ECDH IPSec crypto IPSec authen DRBG state The life cy Op pan Re rotocols perfo key.[FCS_IP shared keys c er of characte on of upperca "(", ")" ). [FIA based preshar he conditionin e 1.[FIA_PSK gs of the IPse IPSec Cryp pported fun S_CKM.4, F handled by th ification ared key key pair cryptographic ey pair H key pair c ographic key c ntication key G internal ycle of the CS peration nel: mote UI: orm peer auth PSEC_EXT.1 an be configu ers of the pres ase or lowerc A_PSK_EXT red keys are u ng, one of SH K_EXT.1.3] ec encryption ptographic nctional req FPT_SKP_EX e IPSec crypt Descriptio Shared ke key authen Key pair o authentica method (R c Cryptogra used with Public/pri during DH Encryptio used with Key for au IPSec ESP DRBG int random nu SP is describe – Settings/R Settings > – Settings/R – Settings/R hentication us 1.10] ured per SPD shared key ca ase letters, nu T.1.2] used, subject HA-1, SHA-25 function are key manag quirements: XT.1 tographic key on ey used for pr ntication in IK of TOE used ation by digita RSA, ECDSA aphic key for IKEv1 vate key gene H/ECDH key n key for cry IPSec ESP uthentication P ternal state fo umbers ed below. Registration > > IPSec Settin Registration > Registration > 88 sing either the D rule. [FIA_P an be set from umbers, or sp to SHA-1, S 56, and SHA set from the gement Fu FCS_CKM. y managemen re-shared KEv1 for al signature A) in IKEv1 encryption erated exchange yptographic used with or generating > Device Sett ngs > Preferences > Preferences e RSA algorit PSK_EXT.1. m 22 to 24. A pecial charact HA-256, and A-384 is select management nction 1(a), FCS_ nt function is Storage SSD SSD RAM RAM RAM RAM RAM tings > Prefer s > Network S s > Network S D Copyrig thm, the ECD .1] vailable char ters ( "!" , "@ d SHA-384. A ted and used t function from _CKM.1(b), described be State encripted encripted plain text plain text plain text plain text plain text rences > Netw Settings > IPS Settings > IPS Date of Issue: 2 ght Canon Inc DSA algorithm racters can be @", "#", "$", " As the hash al by the negoti m operation p FCS_CKM elow. Method o destructi None None Lost due t TOE pow Lost due t TOE pow Lost due t TOE pow Lost due t TOE pow Lost due t TOE pow work > TCP/I Sec Settings Sec Policy Li 2022/07/27 c. 2021 m, or a e any %", "^", lgorithm iation of panel or M_EXT.4, of on to wer loss to wer loss to wer loss to wer loss to wer loss IP ist [How to G The TOE g specificatio CSP id MFP ke IKE cry key DH key ECDH IPSec c key IPSec a key The presha from the o panel and The IPSec the MFP k operation p The TOE g random nu AES-CBC generation [Encryptio CSP presh MFP IKE c IPSec IPSec DH k DRBG The pre-sh key pair, a operation p [How to de Generate Cryp generates enc ons:. dentification ey pair yptographic y pair key pair cryptographic authentication ared key is se peration pane "●" in the re authenticatio key pair, U.AD panel or the r generates 128 umber genera C or AES-GCM n function wh on key manag identificatio hared key key pair cryptographic c cryptograph c authenticati key pair / G internal sta hared key, MF and ECDH ke panel or the r estroy the enc ptographic Ke cryption keys Cryptogr Key Esta RSA(204 ECDSA(P AES-CBC DH(Grou ECDH(P c AES-CBC AES_GC n HMAC et (registered/ el or the remo emote UI. [FP on/DH/ECDH DMIN can be remote UI. [F 8 bit or 256 b tion function M encryption en negotiatin gement metho n c key / hic key / on key / ate FP key pair, I ey pair are not remote UI. [F cryption key] eys] for use with raphic Algori ablishment Al 48 bits) P-256, P-384 C up14) -256, P-384) C CM /changed/dele ote UI. The p PT_SKP_EX H key pair is g e generated u FCS_CKM.1 it AES-CBC n when negoti n key with a k ng IPSec com od] Managem It is encryp TOE built Store in R IKE encryptio t read or brow FPT_SKP_EX ] 89 the IPSec en ithm/ lgorithm 4) eted) by U.AD re-shared key XT.1] generated by using the man (a)] encryption k iating IPSec c key length of mmunications ment method pted by the S t-in SSD. RAM in plain on key, IPSec wsed by using XT.1] ncryption featu List of St NIST SP rsakpg1- FIPS PU NIST SP FIPS PU NIST SP NIST SP Approve NIST SP FIPS PU NIST SP FIPS PU NIST SP FIPS PU DMIN using y text area is negotiation d nagement func keys as IKE en communicatio 128 or 256 b as an IPSec e SSD encryptio text. c encryption k g the manage D Copyrig ure based on tandards P800-56B Rev -basic UB 186-4 P800-56A Rev UB 197(AES) P800-38A(CB P800-56A Rev ed Safe-Prime P800-56A Rev UB 197(AES) P800-38A(CB UB 197(AES) P800-38D(GC UB 198-1 the managem displayed as during IPSec ction of the T ncryption key ons. The TOE bits using the encryption ke on function an key, IPSec au ement functio Date of Issue: 2 ght Canon Inc the following v1:6.3.1.1 v3: 5.6.1.2.2 BC) v3: 5.6.1.1 e Groups v3: 5.7.1.2 BC) CM) ment function "*" in the op communicati TOE from the ys using the 7 E generates an 7.5.5 random ey. [FCS_CK nd stored in t uthentication on of the TOE 2022/07/27 c. 2021 g of TOE eration ion. For e 7.5.5 n m number KM.1(b)] the key, DH E from the The pre-sh necessary t The IKE e internal sta is lost whe 7.5.3 T – Sup FTP The TOE i TSF data t Perpose Managem UI using TSF negot from a We authenticat (RFC 2818 However, protection. The encryp algorithm cr AE AE TLS suppo – TLS suppo FCS_TLS – – – – – – – hared key and to destroy it. ncryption key ate becomes u en the TOE is TLS Encrip pported fu P_TRP.1(a), is encrypted/d to be transmit ment with the a Web Brow tiates TLS com eb browser on tion using the 8 compliant). IPSec encryp . [FTP_TRP ption algorith conforms to F ryptographic ES-CBC ES-GCM orts the follow TLS 1.2 (RF orts the follow S_EXT.1] TLS_RSA_ TLS_RSA_ TLS_ECDH TLS_ECDH TLS_ECDH TLS_ECDH TLS_ECDH d MFP key pa y/IPSec encry unnecessary w s powered dow ption Funct unctional FCS_TLS_E decrypted by tted/received e Remote wser mmunication n the client PC e TLS protoc [FCS_HTT ption is alway .1(a)] hm and key u FIPS PUB 19 algorithm wing protocol FC 5246) wing ciphersu _WITH_AES _WITH_AES HE_RSA_WI HE_RSA_WI HE_RSA_WI HE_RSA_WI HE_ECDSA_ air are encryp yption key/IP when the TOE wn. [FCS_CK tion requiremen EXT.1, FCS_ TLS in order when U.ADM User U.ADMIN n between the C to a Web p ol, establishe PS_EXT.1] ys used for rem sed for encry 97. [FCS_CO cryptog 128 bit 128 bit ls. [FCS_TL uites. [FCS_C _128_CBC_S _256_CBC_S ITH_AES_12 ITH_AES_25 ITH_AES_12 ITH_AES_25 _WITH_AES 90 pted and store PSec authentic E is powered KM_EXT.4/ nts:FCS_CO _HTTPS_EX r to ensure th MIN uses the e TOE and the age of the TO es a session us mote UI oper yption operati OP.1(a)] graphic key s , 256 bit , 256 bit LS_EXT.1] COP.1(a), FC SHA SHA 28_CBC_SHA 56_CBC_SHA 28_GCM_SH 56_GCM_SH S_128_GCM_ ed in the TOE cation key/DH d down after t /FCS_CKM. P.1(a), FC XT.1 he confidentia e TOE for the Pr TL e client PC w OE by U.ADM sing TLS, and rations, and T on are as foll sizes list NI NI CS_COP.1(c A A HA256 HA384 _SHA256 D Copyrig E built-in SSD H key pair/E the IPSec com .4] CS_COP.1(c ality and integ e following pu rotocol LS/HTTPS when a connec MIN, perform d starts HTTP TLS encryptio lows. The AE t of standards ST SP800-38 ST SP800-38 c), FCS_COP Date of Issue: 2 ght Canon Inc D. Therefore, CDH key pai mmunication c), FCS_C grity of user d urposes. ction request ms server PS communic on is not requ ES encryption s 8A 8D P.1(g), 2022/07/27 c. 2021 it is not ir/DRBG ends, and COP.1(g), data and is made cation uired for n – The setting the rem ote UI by U.A DM IN. 7.5.4 T – Sup FCS The CSP h CSP identi MFP k ECDH TLS p secret TLS s DRBG state The life cy [How to G The TOE g specificatio CSP ident MFP Op pan Re TLS_ECDH gs of the TLS TLS Crypto pported fu S_CKM_EX handled by th ification key pair H key pair premaster t session key G internal ycle of the CS Generate Cryp generates enc ons:. tification key pair peration nel: mote UI: HE_ECDSA_ S encryption f ographic ke unctional XT.4, FPT_SK e TLS crypto Descripti Key pair o authentica signature ECDSA). Public/pri ECDH Pre-maste communic Cryptogra communic DRBG in random nu SP is describe ptographic Ke cryption keys Cryptogr Key Esta RSA(204 ECDSA(P – Settings/R Settings > – Settings/R _WITH_AES function are s ey manage requiremen KP_EXT.1 ographic key m ion of the TOE u ation with dig method (RSA ivate key gen er secret used cation aphic key for cation Encryp ternal state fo umbers ed below. eys] for use with raphic Algori ablishment Al 48 bits) P-256, P-384 Registration > > TLS Setting Registration > 91 S_256_GCM_ set from the m ement Func nts:FCS_CK management used for gital A or nerated during d for TLS ption or generating the TLS encr ithm/ lgorithm 4) > Device Sett gs > Preferences _SHA384 management f ction KM.1(a), F function is d Storage SSD g RAM RAM RAM RAM ryption featur Lis NIS r FIP tings > Prefer s > Network S D Copyrig function from FCS_CKM.1 described belo State encripted plain text plain text plain text plain text re based on th st of Standard ST SP800-56 rsakpg1-basic PS PUB 186-4 rences > Netw Settings > TL Date of Issue: 2 ght Canon Inc m operation p 1(b), FCS_ ow. Method destruct d None t Lost due TOE pow loss t Lost due TOE pow loss t Lost due TOE pow loss t Lost due TOE pow loss he following ds 6B Rev1:6.3.1 c 4 work > TCP/I LS Settings 2022/07/27 c. 2021 anel or _CKM.4, of tion e to wer e to wer e to wer e to wer 1.1 IP ECDH TLS s For the MF operation p The TOE g Function a [How to m CSP iden MFP key TLS sess secret /E internal s Even if the to read or b the TOE b [How to de The MFP k destroy it. The TLS s the TOE is 7.5.5 D – Sup The TOE p generated b encryption H key pair session key FP key pair, U panel or the r generates a T at the start of manage encryp ntification y pair sion key/TLS CDH key pai state e TOE manag browse the T uilt-in SSD. estroy the enc key pair is en session key/T s powered do DRBG Fun pported func performs rand by the random n function. DRBG CTR_D ECDH(P AES-CBC AES-GCM U.ADMIN ca remote UI. [F TLS session k TLS commun ption keys] premaster ir/DRBG gement functi TLS session ke [FPT_SKP_E cryption key] ncrypted and TLS pre-maste wn and is los ction ctional requir dom number m number ge G algolithm DRBG(AES) -256, P-384) C(128 bits, 2 M(128 bits, 2 an be generat FCS_CKM.1 ey/TLS pre-m nication.[FC Cryptograp Key Establi Encrypt by built-in S Store in plai ion is used fro ey/TLS pre-m EXT.1] ] stored on the er secret/ECD st when the T rements:FCS generation ba neration func ) 92 56 bits) 256 bits) ed using the m (a)] master secret/ S_CKM.1(a) phic Algorithm ishment Algo SSD encrypti SSD in text in RA om the opera master secret/ TOE embed DH key pair/D TOE is powere S_RBG_EXT ased on the fo ction are used List NIST NIS NIS FIP NIS FIP NIS management /ECDH key p ), FCS_CKM m/ rithm ion function a M. ation panel or /ECDH key p ded SSD. Th DRBG interna ed down. [FC T.1(network ollowing spec d by the IPSec of Standards T SP800-90A D Copyrig ST SP800-56 ST SP800-56 PS PUB 197(A ST SP800-38 PS PUB 197(A ST SP800-38 function of t pair using the M.1(b)] and store on T the remote U pair or the MF herefore, it is n al state is no CS_CKM_EX k), FCS_COP cifications. T c encryption s A Date of Issue: 2 ght Canon Inc 6A Rev3: 5.6. 6A Rev3: 5.7. AES) 8A(CBC) AES) 8D(GCM) the TOE from 7.5.5 DRBG TOE UI, there is no FP key pair st not necessary longer neede XT.4/FCS_C P.1(c) The random nu function and 2022/07/27 c. 2021 1.2.2 1.2 m the G o function tored in y to ed when CKM.4] umbers the TLS TOE perfo NIST SP 8 As a noise E3930) is u string is ex When the T is input to output from more than When the T of 384 bits CTR_DRB 7.6 Sig 7.6.1 T – Sup When a TL PUB 186-4 – – SHA-256, Here are th – – – 7.6.2 I – Sup In the auth by the follo – – A hash val [FCS_CO Here are th – – orms random 800-90A. [FC source, a har used as a noi xtracted from TOE is starte the Linux PR m a hardware 0.5 bits per b TOE is reque s is collected BG to generat gnature Ve TLS Signat pported func LS session is 4. [FCS_COP RSA Digita Elliptic Cur SHA-384, SH he possible si RSA2048:S ECDSA-25 ECDSA-38 IPSec Sign pported func hentication us owing algorit RSA Digita Elliptic Cur lue calculated OP.1(c)] he possible si RSA2048:S ECDSA-25 number gene CS_RBG_EX rdware rando se source by m the hardware ed, the RDSE RNG, which i e random num bit, and Linux ested to gener from the Linu te a random n erification a ture Gener ctional requir established, a P.1(b)(tls)] al Signature A rve Digital Si HA-512 are u ignature algor SHA-256, RS 6:SHA-256 4:SHA-384 nature Verif ctional requir sing the certif thm based on al Signature A rve Digital Si d by SHA-256 ignature algor SHA-256, RS 6:SHA-256 eration by inp XT.1.1(netwo om number ge 1 hardware b e random num ED instructio is the entropy mber generato x PRNG cont rate a random ux PRNG, wh number of 25 and Genera ration Func rements:FCS a signature is Algorithm (rD ignature Algo used for signa rithms and ha SA2048:SHA fication/Ge rements:FCS ficate in IKEv n FIPS PUB 1 Algorithm (rD ignature Algo 6 or SHA-38 rithms and ha SA2048:SHA 93 putting an ent ork)] enerator built base. When th mber generato on is executed y source. It is or, which is a tains entropy m number, an hich is an ent 6 bits. [FCS_ ation Func ction S_COP.1(b)( s generated us DSA) with ke orithm (ECDS ature generati ash combinat -384, RSA20 eneration F S_COP.1(b)( v1 of IPSec, s 186-4. [FCS_ DSA) with ke orithm (ECDS 4 is used for ash combinat -384 tropy sequenc t in the proces he RDSEED i or. d 128 times, a known from noise source of at least 20 entropy sequ tropy source, _RBG_EXT. ction (tls) , FCS_C sing the follo y sizes of 204 SA) with key ion. [FCS_C ions. 048:SHA-512 Function (ipsec), FCS_ signature veri _COP.1(b)(ip y sizes (modu SA) with key signature ver ions. D Copyrig ce to CTR_DR ssor of TOE ( instruction is and the acqui [Rambus 20 e, contains a m 048 bits. uence having and input as .1.2(network COP.1(c) wing algorith 48 bits y lengths of 25 OP.1(c)] 2 _COP.1(c) ification/gene psec)] ulus) of 2048 y sizes of 256 rification/gen Date of Issue: 2 ght Canon Inc RBG accordi (Intel Atom p executed, a 3 ired 4096 bit 12] that a bit minimum entr a minimum e a seed value k)] hm based on F 56 and 384 b eration is perf 8 bits bits or 384 b neration. 2022/07/27 c. 2021 ing to processor 32 bit bit bit string string ropy of entropy into FIPS its formed bits – 7.7 Se – Sup The TOE p If an error stops starti Firmwar – 7.8 Au – Sup FAU The TOE g The items – the followi – – – ECDSA-38 elf-Testing pported func performs the is detected in ing the TOE. re Integrity C The firmwa FIPS PUB the signatur itself. [FCS udit Log Fu pported fun U_SAR.2, FA generates an a in the audit l Date and tim the event ing items are job complet Unsuccessf Failure to e Auditable ev Start-up of Shutdown Job compl 4:SHA-384 Function ctional requir following sel n the followin Check are is previou 186-4, and th re using a pu S_COP.1(b)(u unction nctional req AU_STG.1, F audit log whe og are as foll me of the eve also added fo tion: Type of ful User authe stablish sessi vent f the audit fun of the audit f letion rements:FPT lf-tests at star ng self-test, th usly signed u he integrity is ublic key held update), FC quirements:F FAU_STG.4 en the follow lows. [FAU_G ent, subject id for the follow f job entication/ ide ion: Reason f nctions functions 94 T_TST_EXT rt-up. [FPT_T he TOE displ using RSA ( s verified by d in advance S_COP.1(c)] FAU_GEN.1, 4, FAU_STG ing events oc GEN.2] dentity, type o ing events. entification: t for failure Details and TOE power (Main Unit TOE power (Main Unit End of Print End of Scan End of Copy End of the f End of the f End of the d *All of the a FDP_ ACC. T.1, FCS_CO TST_EXT.1] lays an error c (key length 2 comparing a with a hash v ] , FAU_GEN G_EXT.1, FM ccur. [FAU_G of event, and the user name Interfaces ON Power Switch OFF Power Switch t Job n Job y Job fax transmissi fax reception j document stor above are inte .1/FDP_ACF D Copyrig OP.1(b)(upda ] code on the o 2048 bits) an hash value o value calcula N.2, FPT_S MT_MTD.1 GEN.1] the outcome e of the authe h, Operation h, Operation ion job job re and retriev erfaces relate F.1 Date of Issue: 2 ght Canon Inc ate), FCS_CO operation pan nd SHA-256 obtained by d ated from the STM.1, FAU (success or f entication atte Panel, Remo Panel, Remo ve Job ed to 2022/07/27 c. 2021 OP.1(c) nel and based on decrypting firmware U_SAR.1, failure) of empt ote UI) ote UI) The date a informatio accurate da office envi by encrypt the time se pan el or the rem ote UI. [FP T_S TM .1] The TOE p Only U.AD man age men t func tion. The audit l exported a is sent to th log is auto exported a encrypted/ Op pan Re Re Unsuccess authentica Use of Dev functions Use of Use functions Modificati Users that Changes to Failure to and time infor on of the TOE ate and time f ironment, and tion/decryptio erver for the t provides the f DMIN can se log is exporte at the specifie he audit log s matically del at the next spe /decrypted by peration nel: mote UI: mote UI: sful User ation/ identific vice managem er manageme ion to the gro are part of a o the time establish sess rmation recor E is set manua from a time s d communica on using IPSe time managem following fun et the setting o ed to the audi d time, but w server regardl leted. If transm ecified time. A y the IPSec en – Settings/R Date/Tim – Settings/R Settings > – Settings/R – Settings/R – Settings/R Export/Cl cation ment ent oup of role sion rded in the au ally by using server and syn ation between ec by the LAN ment of the T nctions for ex of the audit lo it log server a when the audit less of the sp mission fails All communi ncryption fun Registration > me Settings Registration > > SNTP Settin Registration > Registration > Registration > lear Audit Lo 95 Attempting Attempting Authenticati Interface Us Interface Us Interface usa registration/ Interface usa settings IPSec sessio communicat Failure to es communicat udit log is pro the following nchronizing t n the TOE and N data protec TOE can be se xporting audit og exporting as a csv file u t log reaches ecified time. , retry is perf ication betwe nction. [FAU_ > Device Sett > Device Sett ngs > Preferences > Preferences > Managemen og > Settings to log in from to log in from ion attempts sage Related sage Related age related to /modification age related to on establishm tion stablish TLS tion ovided by the g managemen the time. The d the time ser ction function et only by the t logs to the a function from using the SMB 95% of the s If the transm formed multip een the TOE a _STG_EXT. tings > Prefer tings > Prefer s > Timer/Ene s > Network S nt Settings > for Auto Exp D Copyrig m the operatio m the remote from the prin to FMT_SMF to FMT_SMF o role n/deletion o the ability to ment failure fo session for ne TOE. The da nt function or time server i rver is perform n. In addition, e U.ADMIN f audit log serv m the remote B protocol. Th torage capaci mission succee ple times. If i and the audit 1] rences > Time rences > Netw ergy Settings Settings > SN Device Mana port Audit Lo Date of Issue: 2 ght Canon Inc on panel UI nter driver F.1 F.1 o manage dat or network etwork ate and time r by acquiring is built in the med for all IP , the setting f from the oper er. UI through th he audit log i ity (40,000 it eds, the expor t still fails, it log server is er/Energy Se work > TCP/I > Date/Time NTP Settings agement > ogs 2022/07/27 c. 2021 te/time g an user's P packets for using ration he is tems), it rted audit is ttings > IP e Settings TOE provi The admin rem ote UI. This feat ure is only The intern encryption cannot be m Up to 40,0 oldest stor 7.9 Tr – Sup [Checking The TSF s U.ADMIN foll owi ng oper atio ns. [FP T_TUD_E [Ability to The TSF s manually u rem ote UI. [FP T_ TUD_EXT [Verify Fir The TSF s mechanism based on F remote UI the update Re Op pan Re Re ides the follow nistrator can v y available to al audit log d n function. Th manually del 000 audit logs ed audit log i usted Upd pported func the Firmwar hall provide U N can check th EXT.1.1] o Initiate Upd hall provide U update the fir T.1.2] rmware Upda hall provide a m (Signature V FIPS PUB 186 displays an e started. [FPT mote UI: peration nel: mote UI: mote UI: wing as an in view the audi U.ADMIN. [ data is stored his TOE has n leted because s are maintain is deleted and ate Functio ctional requir re Version] U.ADMIN th he current ver ates] U.ADMIN th rmware by sp ates] a means to ve Verification b 6-4 and SHA error message T_TUD_EXT – Settings/R Export/Cl – Counter/D Configura – Status Mo – Settings/R Software nternal audit l t log by expo [FAU_SAR.1 in the TOE b no function or the automati ned. When th d a new audit on rements:FPT he ability to q rsion of the fi he ability to in ecifying the f erify firmwar by RSA Digi A-256) prior to e and the upd T.1.3, FCS_C Registration > lear Audit Lo Device Inform ation onitor/Cancel Registration > > Manual Up 96 log storage fu orting it as a C 1][FAU_SAR built-in SSD, r interface to ic export featu e maximum n log is saved. T_TUD_EXT query the curr firmware from nitiate update firmware to b re/software up tal Signature o installing th date aborts. Th COP.1(b)(up > Managemen og > Export A mation Key > l > Device In > Managemen pdate unction. CSV file from R.2] [FMT_M and the confi modify the c ure is enabled number of au [FAU_STG T.1, FCS_CO rent version o m the Remote es to TOE firm be updated by pdates to the Algorithm (r hose updates. he firmware r pdate), FCS_ nt Settings > Audit Logs > Device Info. formation nt Settings > D Copyrig m the followin MTD.1] identiality is p contents of th d. [FAU_STG udit logs to rec G.4] OP.1(b)(upd of the TOE fir e UI and the o mware/softw y the followin TOE using a rDSA) with k If firmware v remains in th _COP.1(c)] Device Mana ./Other > Che License/Othe Date of Issue: 2 ght Canon Inc ng operations protected by he audit log. A G.1] cord is reache ate), FCS_C rmware/softw operation pan are. U.ADMI ng operations a digital signa key sizes of 2 validation fai e state it was agement > eck Device er > Register/ 2022/07/27 c. 2021 s in the the SSD Audit logs ed, the COP.1(c) ware. nel by the IN can in the ature 048 bits ils, the in before /Update 7.10 Ma 7.10.1 U – Sup FM The TOE l following FM T_S MF. 1] The TOE l can be perf orm ed fro m the rem ote UI or the oper [User Passw User pass "%" , "^" , "]", "_", "` [FIA_PMG [Roles] Op pan Re Op pan Re anagement User Mana pported fu MT_SMR.1, limits operati operations ca limits operati ration panel. Data User passw word] swords can co "&" , "*" , " ", "{", "|", "} G_EXT.1] peration nel: mote UI: peration nel: mote UI: t Function agement Fu unctional r FMT_SMF ions on the fo an be perform ions on the fo [FMT_MTD word ontain upperc (" , ")" , "(spa ", "~"). The m – The user n – Settings/R Managem (U.ADMI – Settings/R Authentic – Settings/R Managem (the ownin – Settings/R Managem User(U.A – Settings/R Authentic unction requirements F.1 ollowing secu med from the r ollowing data D.1, FMT_SM Ope mod creat case, lowerca ace)" , """ , "' minimum num name is displ Registration > ment > Authen IN Only) Registration > cation Manag Registration > ment > Authen ng U.NORMA Registration > ment > Authen ADMIN Only) Registration > cation Manag 97 s:FIA_PMG_ urity attributes remote UI or to the respec MF.1] ration dify te,modify,dele ase, numeric, '" , "+" , "," , mber of chara layed in the u > Device Sett ntication Man > Managemen gement (U.AD > Device Sett ntication Man AL) > Device Sett ntication Man ) > Managemen gement (U.AD _EXT.1 , s to the respe the operation ctive authoriz ete and special c "-" , "/" , ":" acters can be upper right of tings > Manag nagement > R nt Settings > DMIN Only) tings > Manag nagement > C tings > Manag nagement > R nt Settings > DMIN Only) D Copyrig FMT_MT ective authoriz n panel. [FM zed roles. The Author the own U.ADM characters ("!" , ";" , "<" , "= set to 15 or m f the operation gement Settin Register/Edit User Manage gement Settin Change Passw gement Settin Register/Edit User Manage Date of Issue: 2 ght Canon Inc TD.1, FMT zed roles. Th MT_MSA.1, e following op rised role(s) ning U.NOR MIN " , "@" , "#" =" , ">" , "?", more by U.AD n panel after ngs > User Authenticatio ement > ngs > User word ngs > User Authenticatio ement > 2022/07/27 c. 2021 T_MSA.1, he perations RMAL , "$" , , "[", "¥", DMIN. login. on User on There are f User", and roles. If you wan "Guest Use "NetworkA because th In this con associates [FMT_SM – – 7.10.2 D – Sup FIA The TOE c effectively Settings. [F Also, the a [FMT_MO Managem Function Date/Tim Manegem Function IPSec sett Manegem Function five types of d "Guest User nt to create a n er". However Admin" roles hey allow som nfiguration, th these roles w MR.1] U.ADMIN Role with a U.NORMA A role for base role "G Device Man pported A_PMG_EXT can perform t y. You can do FMT_SMF.1 ability to enab OF.1] ment n me setting ment tings ment roles called b r". "Administ new Custom r, custom role that have be me administra he following t with legitimate administrative AL which you d General User" nagement functional T.1 the following o this from the 1] ble or desable Item Overview Procedures Overview base roles: "A trator" is an a Role , you ca es based on th en registered ative privilege two types of r e users and m e privileges. U do not have a ". Function requirem g managemen e Remote UI e the security Descriptio Date and t You can a Operation Preference Operation Preference Remote U Settings > Remote U Settings > Manage th connection which the methods, a The IKE c enrollmen the authen (SHA 256 AES-CBC can be sele 98 Administrator dministrator an duplicate a he "Administ as custom ro es. roles (U. AD maintains them Use the "Adm administrative ments:FMT_M nt functions to or from the o y function [TL on time informat also set it to sy panel: Settin es > Timer/En panel: Settin es > Network UI: Settings/R > Date/Time S UI: Settings/R > SNTP Settin he Security Po ns. The SPD conditions ar and whether t configuration nt and certific ntication/encr 6, SHA 384) c C can be set a ected. You ca r", "Power Us base role, and and edit from trator" role an oles (administ MIN, U. NO m during rem ministrator" ro e privileges. MTD.1, o enable the s operation pan LS encryption tion can be se ync with the t ngs/Registrati nergy Setting ngs/Registrati k > TCP/IP Se egistration > Settings egistration > ngs olicy Databas defines the o re applied, th the settings a in the SPD a ate selection ryption algori can be selecte s the encrypti an also config D Copyrig ser", "Genera d other base r m four types o nd the "Devic trators) befor RMAL) are u mote UI and op ole. Use a custom FMT_SMF. ecurity funct nel Settings/R n function] is et. time server. ion > Device gs > Date/Tim ion > Device ettings > SNT Preferences > Preferences > se (SPD) that ther party's c he negotiation are enabled or allows pre-sha as authentica thm setting, S ed as the auth ion method, a gure the lifeti Date of Issue: 2 ght Canon Inc l User", "Lim roles are cons f Base Roles ceAdmin" and rehandare not used. The TO perations pan m role create .1, FMT ions to functi Registration > limited to U. Settings > me Settings Settings > TP Settings > Timer/Ener > Network t defines IPSe onditions to n and encrypti r disabled. ared key ation methods SHA1 and SH hentication ha and the DH g ime of IKE S 2022/07/27 c. 2021 mited sumer except d t used OE nel logins. ed from a _MOF.1, ion > Device .ADMIN. rgy ec ion s. In HA2 ash, group As. TLS settin Manegem Function Auto Res setting Manegem Function Lockout p settings Manegem Function ngs ment et Time ment policy ment Procedures Overview Procedures Overview Procedures Overview Procedures In the IPS (SHA1, A specificati specificati Operation Preference Remote U Settings > Remote U Settings > The TLS c It is also p be used fo determine when estab Operation Managem Operation Preference Remote U License/O Remote U Settings > The admin according operation remote UI - Auto R - Session Operation Preference Operation Preference Remote U Settings > Remote U Settings > Remote U Settings > The locko - Lockout less.) - Lockout or more.) Operation Managem Authentica Settings Remote U Security S 99 ec communic AES-CBC) can ion and the au ion. panel: Settin es > Network UI: Settings/R > IPSec Settin UI: Settings/R > IPSec Policy cipher feature possible to sel or TLS encryp s the digital s blishing a TL panel: Settin ent Settings > panel: Settin es > Network UI: Settings/R Other > Remot UI: Settings/R > TLS Setting nistrator can s to the Auto R panel and the I. Reset Time: 10 n settings: 15 panel: Settin es > Timer/En panel: Settin es > Timer/En UI: Settings/R > Power Save UI: Settings/R > Power Save UI: Settings/R > Network Set ut tolerance a tolerance: 1 t time: 1 to 60 panel: Settin ent Settings > ation/Passwo UI: Settings/R Settings > Aut cation configu n be specified uthentication/ ngs/Registrati k > TCP/IP Se egistration > ngs egistration > y List e is defined to lect an encryp ption commun signature algo LS session. ngs/Registrati > License/Oth ngs/Registrati k > TCP/IP Se egistration > te UI egistration > s set the respec Reset time wh e session setti 0 seconds to 9 to 150 minut ngs/Registrati nergy Setting ngs/Registrati nergy Setting egistration > Settings > A egistration > Settings > R egistration > ttings and lockout ti to 10 (The de 0 minutes (Th ngs/Registrati > Security Se ord Settings > egistration > thentication/P D Copyrig uration in the d as the IPSec /encryption a ion > Device ettings > IPSe Preferences > Preferences > o start or stop ption key and nication. Thi orithm and ke ion > Device her > Remote ion > Device ettings > TLS Management Preferences > ctive automat hen logging i ing when log 9 minutes (de tes (default 15 ion > Device gs > Auto Res ion > Device gs > Restrict A Preferences > Auto Reset Tim Preferences > estrict Auto R Preferences > ime can be se efault setting he default sett ion > Device ettings > > Authenticati Management Password Set Date of Issue: 2 ght Canon Inc e SPD, ESP c SA lifetime algorithm Settings > ec Settings > Network > Network p working. d a certificate s selection ey length to u Settings > e UI Settings > S Settings t Settings > > Network tic logout tim in from the ging in from efault 2 minut 5 minutes) Settings > set Time Settings > Auto Reset T > Timer/Ener me > Timer/Ener Reset Time > Timer/Ener et. is 3 times or ting is 3 minu Settings > ion Function t Settings > ttings > 2022/07/27 c. 2021 e to use es the tes) Time rgy rgy rgy utes Password settings Manegem Function Audit log Manegem Function Trusted U Manegem Function d policy ment g ment Update ment Overview Procedures Overview Procedures Overview Procedures Authentica To require functions - Ability to - Availabl uppercase "#" , "$" , "+" , "," , "`", "{", "| Operation Managem Authentica Remote U Security S Settings Can retriev You can c to the audi Remote U Device M Specify th Remote U License/O 100 ation Functio e the user to s are provided o set a minim le Characters , lowercase, n "%" , "^" , "& "-" , "/" , ":" , ", "}", "~"). panel: Settin ent Settings > ation/Passwo UI: Settings/R Settings > Aut ve internally configure the it log server. UI: Settings/R anagement > he firmware to UI: Settings/R Other > Regist on Settings set a robust pa to ensure the mum password numeric, and &" , "*" , "(" , ";" , "<" , "= ngs/Registrati > Security Se ord Settings > egistration > thentication/P stored audit l destination se egistration > Export/Clear o update egistration > ter/Update So D Copyrig assword, the e quality of th d length of 15 special chara , ")" , "(space =" , ">" , "?", ion > Device ettings > > Password Se Management Password Set logs ettings for sen Management r Audit Log Management oftware > Ma Date of Issue: 2 ght Canon Inc following he password. 5 to 32 charac acters ("!" , "@ e)" , """ , "'" "[", "¥", "]", Settings > ettings t Settings > ttings > Passw nding audit lo t Settings > t Settings > anual Update 2022/07/27 c. 2021 cters @" , , "_", word ogs 8 Refe [Rambus 2 Analysis of 2012. https://www erences 012] f Intel's Ivy B w.rambus.com ridge Digital R m/intel-ivy-bri Random Num idge-random-n 101 mber Generato number-gener r, Cryptograp rator/ D Copyrig hy Research a Date of Issue: 2 ght Canon Inc a division of R 2022/07/27 c. 2021 Rambus, Fin