Canon 4 This docu written in n imag 8945K 4 4 4 ument is a tr n Japanese. geRUN KG/48 4845F/ 4835F/ 4825F with F Secur Ver 20 Ca ranslation o 1 NNER 935KG /4845i /4835i F/4825i Fax & rity Ta rsion 1. 22/07/2 non In of the evalua R ADV G/4892 i/4845/ i/4835/ i/4825 PDL arget .02 27 nc. ated and cer D Copyrig VANCE 25KG / / rtified secur Date of Issue: 2 ght Canon Inc E DX G/ rity target 2022/07/27 c. 2021 1 ST 1.1 S 1.2 T 1.3 T 1.3.1 1.3.2 1.3.3 1.4 T 1.4.1 1.4.2 1.5 T 2 Co 2.1 C 2.2 P 2.3 S 2.4 C 3 Sec 3.1 T 3.2 A 3.2.1 3.2.2 3.3 T 3.4 O 3.5 A 4 Sec 4.1 S 5 Ext 5.1 F 5.2 F 5.3 F 5.4 F 5.5 F 5.6 F 5.7 F 5.8 F 5.9 F 5.10 F 5.11 F 5.12 F introduction ST reference TOE referen TOE overvie TOE Ty Usage a Require TOE descrip Physica Logical Terms and A nformance cl CC Conform PP claim, Pa SFR Package Conformance curity Proble TOE Users. Assets ....... User Da TSF Da Threats...... Organization Assumptions curity Object Security Obj tended comp FAU_STG_EX FCS_CKM_E FCS_HTTPS FCS_IPSEC_ FCS_KYC_EX FCS_RBG_EX FCS_SMC_E FCS_TLS_EX FDP_DSK_EX FDP_FXS_EX FIA_PMG_EX FIA_PSK_EX n ................ e............... nce............ ew............. ype ........... and Major Se d Non-TOE ption.......... l scope of th scope of the Abbreviation laims .......... mance claims ackage claim es ............. e rationale.. m Definition ................ ................ ata ............ ata............. ................ nal Security s............... tives........... jectives for t ponents defini XT Extende EXT Extende S_EXT Exten _EXT Extend XT Extende XT Extende XT Extende XT Extended XT Extended XT Extended XT Extended XT Extended Tabl .................. ................ ................ ................ ................ ecurity Featu E Hardware a ................ he TOE...... e TOE ....... s .............. .................. ............... ................ ................ ................ ................. ................ ................ ................ ................ ................ Policies ..... ................ .................. the Operatio ition ........... d: External ed: Cryptogr nded: HTTPS ded: IPsec se d: Cryptogr d: Cryptogra d: Submask d: TLS selec d: Protectio d: Fax Separ d: Password : Pre-Shared 2 e of Cont .................. ................ ................ ................ ................ ures of the T and Software ................ ................ ................ ................ .................. ................ ................ ................ ................ .................. ................ ................ ................ ................ ................ ................ ................ .................. onal environm .................. Audit Trail S raphic Key M S selected .. elected ...... aphic Opera aphic Opera Combining. cted ........... n of Data on ration ........ Managemen d Key Comp tents .................. ................ ................ ................ ................ TOE.......... e ............... ................ ................ ................ ................ .................. ................ ................ ................ ................ .................. ................ ................ ................ ................ ................ ................ ................ .................. ment ......... .................. Storage...... Management ................ ................ ation (Key C ation (Random ................ ................ n Disk........ ................ nt.............. position...... D Copyrig ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................. ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................. ................ ................. ................ ................ ................ ................ haining)..... m Bit Gener ................ ................ ................ ................ ................ ................ Date of Issue: 2 ght Canon Inc ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................. ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................. ................ ................. ................ ................ ................ ................ ................ ration)........ ................ ................ ................ ................ ................ ................ 2022/07/27 c. 2021 .........5 ........ 5 ........ 5 ........ 5 ........ 5 ........ 6 ........ 6 ........ 7 ........ 7 ........ 9 ...... 11 ....... 14 ...... 14 ...... 14 ...... 14 ...... 14 ....... 15 ...... 15 ...... 15 ...... 15 ...... 15 ...... 17 ...... 17 ...... 17 ....... 19 ...... 19 ....... 20 ...... 20 ...... 20 ...... 21 ...... 22 ...... 24 ...... 24 ...... 25 ...... 26 ...... 28 ...... 28 ...... 29 ...... 30 5.13 F 5.14 F 5.15 F 5.16 F 6 SE 6.1 N 6.2 S 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.2.6 6.2.7 6.2.8 6.2.9 6.2.1 6.2.1 6.3 S 6.4 S 6.4.1 7 TO 7.1 U 7.2 A 7.2.1 7.2.2 7.2.3 7.2.4 7.2.5 7.2.6 7.3 P 7.4 S 7.4.1 7.4.2 7.5 L 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.6 S FPT_KYP_EX FPT_SKP_EX FPT_TST_EX FPT_TUD_EX CURITY REQ Notation .... Security func Class FA Class F Class F 4 Class F Class F 6 Class F Class F Class F Class F 0 Class F 1 Class F Security Ass Security func The dep OE Summary User Authen Access Cont Print pr Scan pr Copy pr 4 Fax tran Fax rec 6 Docume PSTN Fax-N SSD Encrypt Encrypt Cryptog LAN Data P IPSec E IPSec C TLS En 4 TLS Cry DRBG F Signature Ve XT Extended XT Extended XT Extended XT Extende QUIREMENT ................ ctional requi AU: Security CO: Commu CS: Cryptog DP: User Da IA: Identific MT: Securit PR: Privacy PT: Protecti RU: Resourc TA: TOE A TP: Trusted surance Requ ctional requi pendencies o specification ntication Fun trol Function rocess contro ocess contro rocess contr nsmission pr eption proce ent store and Network Sep tion Functio tion/Decrypt graphic key m rotection Fu Encription Fu Cryptographi cription Fun yptographic Function .... erification an d: Protection d: Protection d: TSF testin d: Trusted U TS .............. ................ irements .... y Audit...... unication.... graphic Supp ata Protectio ation and Au y Manageme ................ ion of the TS ce Utilizatio ccess ........ d Paths/Cha uirements... irements rat of security re ................. nction........ n .............. ol function . ol function.. rol function . rocess contro ess control . d retrieve pr aration Func n.............. tion Functio management unction ...... unction ...... c key manag nction ........ key manage ................ nd Generatio 3 n of Key and n of TSF Dat ng............. Update....... .................. ................ ................ ................ ................ port........... on............. uthentication ent............ ................ SF ............ n.............. ................ nnels......... ................ ionale........ equirements .................. ................ ................ ................ ................ ................ ol ............. ................ rocess contr ction ......... ................ on ............. t function ... ................ ................ gement Func ................ ement Funct ................ on Function d Key Mater ta ............. ................ ................ .................. ................ ................ ................ ................ ................ ................ n .............. ................ ................ ................ ................ ................ ................ ................ ................ ................ .................. ................ ................ ................ ................ ................ ................ ................ ol function . ................ ................ ................ ................ ................ ................ ction.......... ................ ion............ ................ ................ D Copyrig rial ............ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ Date of Issue: 2 ght Canon Inc ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................. ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ ................ 2022/07/27 c. 2021 ...... 31 ...... 32 ...... 32 ...... 33 ....... 35 ...... 35 ...... 35 ...... 35 ...... 37 ...... 37 ...... 52 ...... 56 ...... 59 ...... 62 ...... 62 ...... 63 ...... 63 ...... 64 ...... 65 ...... 66 ...... 66 ....... 70 ...... 70 ...... 71 ...... 71 ...... 73 ...... 75 ...... 77 ...... 79 ...... 81 ...... 84 ...... 84 ...... 84 ...... 85 ...... 86 ...... 86 ...... 88 ...... 90 ...... 91 ...... 92 ...... 93 7.6.1 7.6.2 7.7 S 7.8 A 7.9 T 7.10 M 7.10. 7.10. 8 Ref Trademark - Canon DX, im - Micro tradem - All na respec TLS Sig IPSec Si Self-Testing Audit Log F Trusted Upd Management 1 User Ma 2 Device ferences...... k Notice n, the Canon magePRESS, soft, Window marks of Micr ames of comp ctive compani gnature Gene ignature Ver Function... unction...... date Functio t Function .. anagement F Management ................. logo, image imagePRESS ws, Windows rosoft Corpor panies and p ies. eration Func rification/Ge ................ ................ n.............. ................ Function .... t Function.. .................. eRUNNER, i SLite are trad Server 2012 ration in the U roducts conta 4 ction.......... eneration Fu ................ ................ ................ ................ ................ ................ .................. imageRUNN demarks or reg 2, Windows 1 U.S. and othe ained herein ................ unction ...... ................ ................ ................ ................ ................ ................ .................. NER ADVAN gistered trade 10, Microsoft er countries. are trademar D Copyrig ................ ................ ................ ................ ................ ................ ................ ................ ................. NCE, imageR emarks of Can t Edge are tra rks or registe Date of Issue: 2 ght Canon Inc ................ ................ ................ ................ ................ ................ ................ ................ ................. RUNNER AD non Inc. ademarks or r ered trademar 2022/07/27 c. 2021 ...... 93 ...... 93 ...... 94 ...... 94 ...... 96 ...... 97 ...... 97 ...... 98 ......101 DVANCE registered rks of the 1 ST i 1.1 ST This sectio ST nam Version Issued b Date of 1.2 TO This sectio TOE nam Version This TOE The TOE c informatio of the fax, below. Type inform manuf MFP b firmwa fax page langua 1.3 TO 1.3.1 T The TOE i and retriev ntroductio T reference on provides th e: Can 489 wit n: 1.02 by: Can Issue: 202 OE referenc on provides th me: Can 489 wit n: 202 consists of th can be confirm on of the MFP and the ident of identifica mation facturer name body are description age processin OE overview TOE Type is an MFP ha val function. on e he Security T non imageRU 945KG/48935 th Fax & PDL 2 non Inc. 22/07/27 ce he TOE ident non imageRU 945KG/48935 th Fax & PDL 2 he MFP body med by the id P body, the id tification info Table 1 - Th ation Ident e [Cano One o [202] [Super ng [PCL] w aving a print f Target (ST) id UNNER ADV 5KG/48925K L Security Ta tification info UNNER ADV 5KG/48925K L y, firmware, fa dentification dentification i ormation of th he identifica ification info on] of [iR-ADV 4 r G3 FAX Bo ] and [PS] function, a sc 5 dentification i VANCE DX KG/4845F/484 arget ormation. VANCE DX KG/4845F/484 fax, and page information o information o he page descr ation inform ormation 4845], [iR-AD oard-BH] an function, a nformation. 45i/4845/483 45i/4845/483 description la of the manufa of the firmwar ription langua mation of th DV 4835], [iR a copy functi D Copyrig 35F/4835i/483 35F/4835i/483 anguage proc acturer name, re, the identif age processin he TOE R-ADV 4825] on, a fax func Date of Issue: 2 ght Canon Inc 35/4825F/482 35/4825F/482 cessing (see T , the identific fication infor ng shown in T ] ction, and a S 2022/07/27 c. 2021 25i/4825 25i/4825 Table 3). cation rmation Table 1 Storage 1.3.2 U The TOE i and retriev TOE has a for docum encryption verification integrity o function an the TOE, upugrade e Figure 1 sh 1.3.3 R The non-T 1) Time S The TOE c Standard E 2) Audit An externa Edition) fo 3) Client Generic PC and setting Usage and is an MFP ha val function. a user authen ment data and n function o n/generation of TSF execut nd sends the m a reliable up execution cod hows the assu Required N TOE hardware Server communicate Edition.) to ob Log Server al audit log se or storing TO t PC C running Wi g a printer dri Major Sec aving a print In order to p ntication func d functions b of the TOE function tha tion codes at monitoring re pdate functio de, and a man umed operatio Figure Non-TOE H e and softwar es with SNTP btain accurate erver (This op E-generated indows 10. A iver (In this o curity Featu function, a s protect these tion that iden based on aut embedded at protect net t startup, an a esults (audit l on that updat nagement fun onal environm 1 Operatio ardware an re configurati P-enabled serv e time. peration assu audit logs. Th A user having operation, the 6 ures of the scan function documents fr ntifies and au thority, a PS SSD, a LA twork commu audit log func logs) to an au te execution nction that lim ment when us onal environ nd Softwar ions in Figure vers (This op umes SMB ser he audit log s an account in printer drive TOE n, a copy func from unautho uthenticates th STN fax-netw AN data prot unications, a ction that mo udit log server code while mits security s sing the funct nment of the re e 1 are shown eration assum rvers using W server obtains n TOE can se er described in D Copyrig ction, a fax fu rized alterati he user, an a work separati tection funct a self-test fun onitors the us r, and stores a confirming settings to adm tions of the T e TOE n below. mes Windows Windows Serv s the audit log end a print job n Table 2 is a Date of Issue: 2 ght Canon Inc unction, and on and disclo access control ion function, tion and a nction that ch se of the TOE audit logs int authenticity ministrators. TOE. s Server 2012 ver 2012 R2 S g in SMB. b to TOE by assumed.) 2022/07/27 c. 2021 a Storage osure, the l function , an SSD signature hecks the E security ternally in of TOE's 2 R2 Standard installing correspond (Microsoft Print Gener (Jap Gener Gener 4) File Se Storage sp Windows S 5) Firewa A device th Internet en this TOE a 6) Fax To transmi expected. 1.4 TO 1.4.1 P TOE is a d The digital designated installed) a PCL/PS fe appropriate MFP Bod (Controll imageRUN imageRUN imageRUN imageRUN imageRUN imageRUN 1 The purc firmware e ding to this T t Edge is assu er Driver ric Plus UFRI panese name: ric Plus PS3 P ric Plus PCL6 erver pace when sen Server 2012 R all hat protects t nvironment. T and does not a it and receive OE descript Physical sc digital multifu l multifunctio d Controller V and page desc eature). As Ta e options to m y er Version 2 NNER ADVA NNER ADVA NNER ADVA NNER ADVA NNER ADVA NNER ADVA chase of the P enabled. Ther TOE. In additi umed in this c II Printer Driv Generic Plus Printer Driver 6 Printer Drive nding scanned R2 Standard he internal ne This indicates assume any s e a fax image tion cope of the unction devic on peripheral Version opera cription langu able 3- Produ match the sell 02) ANCE DX 48 ANCE DX 48 ANCE DX 48 ANCE DX 48 ANCE DX 48 ANCE DX 48 PCL option/P re are no ship ion to printing case) to use m Table 2 - ver V2.50 LIPSLX Prin V2.50 er V2.50 d documents Edition. etwork to wh s that the envi specific produ via TOE and e TOE ce and guidan constituting ates, and has a uage processi uct Line-up , f ling name in Table 3 - P Sa 945KG 935KG 925KG K 45F 35F 25F Ja PS option prov pments for thi 7 g, administra management c - Printer Dri nter Driver V2 with TOE. T hich a TOE co ironment sati uct. d PSTN. Faxe nce. the TOE is an a fax function ing (If option fax board, PC the selling ar Product Lin ales area Korea apan vides an MFP is option. ators can acce capabilities o iver 2.50) This operation onnects from sfies the Usa es compatible n MFP body n (in the case nal, purchase P CL option, and rea. ne-up fax board Super G3 FAX Board-BH1 Not required (standard P with the PC D Copyrig ess TOE throu f the TOE. n assumes an unauthorized ge Assumptio e with the G3 in which the of an option PCL option, P d PS option n PCL option PCL Printer Kit-CC1 PCLエミュレ ーション拡張 キット・AS1 CL/PS process Date of Issue: 2 ght Canon Inc ugh a web bro SMB server u d access from ons A. NETW standard are firmware of , a fax board PS option to need to procu n1 PS option r PS Printe Kit-BG1 レ 張 PS拡張キ ット・BF1 sing function 2022/07/27 c. 2021 owser using m the WORK of e the is enable ure the n1 r キ n of the imageRU imageRU imageRU imageRU imageRU imageRU *The Korea from simila number. *F: FAX (w *i: PDL (op A service e (not direct page descr (not direct Therefore, identificati and page d The follow guidance w When acce product to (Japan - im セ - im [U - im ス (Engli - im S - im [U - im G - im c - im UNNER ADV UNNER ADV UNNER ADV UNNER ADV UNNER ADV UNNER ADV an governmen ar model name with fax board ptional PDL e engineer disp ly distributed ription langua ly distributed the delivere ion informati description lan wing guidance will be distrib essing the we obtain the gu nese name) mageRUNNE セキュリティー mageRUNNE USRMA-763 mageRUNNE ストレーターガ ish name) mageRUNNE Security Settin mageRUNNE USRMA-764 mageRUNNE Guide (for CC mageRUNNE ertification re mageRUNNE VANCE DX VANCE DX VANCE DX VANCE DX VANCE DX VANCE DX nt model diffe es is that there d/F model), O enabled/i mod patched from d to consumer age processin d to consumer d item is an ion (MFP fron nguage proce e contained in buted to TOE ebsite, select y uidance below ER ADVANC ー設定 アドミニ ER ADVANC 38-00] ER ADVANC ガイド(CC 認証 ER ADVANC ngs Administ ER ADVANC 41-00] *USE ER ADVANC C certification ER ADVANC eference) [US ER ADVANC X 4845i X 4835i X 4825i A A (e 48 X 4845 X 4835 X 4825 A or ers from other e is a "9" in th nly Model F i del). The effec a sales comp rs) of a design ng (PCL, PS) rs), and provi MFP body d nt panel MFP essing) descri n the TOE is consumers in your region o w. CE DX 4800 ニストレーター CE DX 4845F CE DX 4800 証参照用) [ CE DX 4800 trator Guide [ CE DX 4845i Version CE DX 4800 n reference) [U CE DX 4845i SRMA-7643- CE DX 4800 8 Americas Asia/Taiwan except 825i) Asia/India/K rea models in term he middle of th is available in tive PDL depe pany attaches nated control to a valid sta ides the MFP delivered after P name and M ibed in Table available at t n a PDF file v of purchase an シリーズ用 ーガイド [US F / 4835F / 48 シリーズ用 [USRMA-763 Series Protec [USRMA-764 i / 4835i / 482 series ACCE USRMA-764 i / 4845 / 483 -00] *APE Ve series ACCE equipment) Super G3 FAX Board-BH1 Super G3 FAX Board-BH1 Super G3 FAX Board-BH1 ms of the nam he four-digit n n Japan. ends on the sa a fax board t ller version br ate according P body to cons r the above o MFP operation 1. the direction o via the websi nd select the Protection Pr RMA-7637-0 825F ユーザ ACCESS MA 39-00] ction Profile f 40-00 202206 25i User's Gu ESS MANAG 42-00] *USE 5i / 4835 / 48 ersion ESS MANAG D Copyrig Not required (standard equipment) Not required (standard equipment) PCL Printer Kit-CC1 me of the prod number and K ales area. to the MFP bo rought by the to purchased sumers. operation, and n panel MFP of the service ite (https://oip appropriate m rofile for Har 00 20220610 ザーズガイド(C ANAGEMEN for Hardcopy 610] uide (for CC c GEMENT SY Version 825i / 4825 U GEMENT SY Date of Issue: 2 ght Canon Inc d Not required (standard equipmen d PS Printe Kit-BG1 r PS Printe Kit-BG1 duct. The diffe KG is added af ody, installs f e service engi d license infor d is identified P body, firmw e engineer. Th p.manual.can model of CC c rdcopy Devic ] CC 認証参照 NT SYSTEM y Devices ada certification r YSTEM Admi User's Guide ( YSTEM Admi 2022/07/27 c. 2021 nt) r r erence fter the firmware ineer, sets rmation d by each ware, FAX, he on/). certified ces 対応 照用) M アドミニ aptive reference) inistrator (for CC inistrator G 1.4.2 L The logica audit log s TOE has th – Print This fu transm – Scan This fu in TIF – Copy This fu – Fax fu Fax Tra Guide (for CC Logical sco al scope of the ervers, client UI Func Audit Log Se LAN Data Prot File Managem Function Audit Log User A Sel Ma Op Di TOE he following function function prints mitted from a function function trans FF or PDF file y function function dupli function ansmission fu C certification ope of the e TOE is show t PCs, faxes, a erver tection ment Fi LAN D File Sh DocDa Print Scan Authentication Function lf-Testing Function anagement Function perate/ isplay digital multif s an electroni client PC on mits an electr e format. icates a paper unction n reference) [U TOE wn in Figure and time serv Figure 2 TO LAN Data Protec User ile Server Data Protection hare Function W B ata Hardcopy document Out Input Func Fax Copy n Access Contro Audit Log F Trusted U function mac ic document i paper. ronic docume r document by 9 USRMA-764 2 TOE Logic vers). The sec OE Logical tion Function Client PC LAN Data Protection Web Browser DocData tput Func Storage / Retrieval ol Function Function Sig Ge Hardcopy document Update Printer Driver hine function in a digital co ent generated y scanning an 44-00] *APE cal Boundary curity function Boundary SSD Time Ser Time Fun TimeInfo PSTN Fax-Network Separation SSD Encryption Fun gnature Verification and eneration Function LAN Data Pr ns. omposite mac d by scanning nd printing th D Copyrig Version y (Excluding u ns of the TOE rver nction nction d rotection Docdata chine or an el a paper docu he paper docu Date of Issue: 2 ght Canon Inc users, file ser E are shown i Flow of data FAX PSTN lectronic docu ument to a fil ument. 2022/07/27 c. 2021 rvers, in color. ument e server This fu Fax Re This fu the Inb – Docu Docum scanne (Print, space The TOE h – UI Fu The ab display It also brows – Outpu The ab – Input The ab The TOE h - User A Perfor require remote the pri interna previo display authen authen - Acces Restric - PSTN To pre - SSD E A TO TOE cope RAM encry unnec - LAN D function faxes eception funct function recei box (system b ument Storage ment managem er can be save , send (system or system bo has the follow unction bility for the y a screen on o has a remot er operation o ut Function bility of the T Function bility of TOE has the follow Authenticatio rms authentic es the user to e UI, and con inter driver be al authenticat ously assigned yed by a spec ntication fails ntication. s Control Fun ct access to jo Fax-Network event the intru Encryption Fu OE built-in SS built-in SSD with the threa M area of the yption chip, a cessary and e Data Protecti s an electroni tion ives an electr box) without e and Retriev ment function ed as an imag m box docum x. wing general e user to oper n the operation te UI function of a client PC TOE to print p E to scan pape wing security n Function ation on the u o enter a user nfirms that the efore acceptin tion to authen d to the user. cific characte s, and a functi nction obs, electroni k Separation usion into a L unction SD is taken a D is encrypted at of reading encryption c and is manage rased when th on Function c document g ronic docume being printed al function n of the adva ge in the pers ments only)), o functions. rate the TOE n panel. n for perform C. paper docume er documents. functions. user, to preve name and pa e user is an au ng a job from nticate within When authen er. It has a fun ion of automa ic documents LAN by limit away and co d by an encry data recorded chip when th ed so as not he power of t 10 generated by ent via the PS d. nced box and onal space of or delete an el E using the o ming TOE op ents. . ent any unauth ssword when uthenticated u m the printer d n the TOE. Gi ntication is pe nction of restr atically loggi s, and features ting the use o nnected to an yption chip b d in the SSD. he power of t to be taken o the TOE is tu scanning a pa STN. When r d the system b f the advance lectronic doc operation pan peration and m horized acces n operating fro user. The use driver. Verific ive the authen erformed, the ricting access ng out when s based on ro f a PSTN to a nother body built in the di . The key use the TOE is t out to the out urned off. D Copyrig aper documen receiving a fa box. A docum d box. You c ument stored nel, and the a management ss to the TOE om the opera er name is aut cation of user nticated user e inputted pas s by a defined no operation ole. a fax function or a PC, and igital multifu ed for encrypt turned on, an tside. The en Date of Issue: 2 ght Canon Inc nt through the fax, the file is ment loaded b can rename, re d in your pers ability for the through a ne E. User authen ation panel or thenticated th r information the privilege ssword charac d rule when state continu n. d all data stor unction devic tion is genera nd is used on ncryption key 2022/07/27 c. 2021 e PSTN. s saved in by a etrieve onal e TOE to etwork by ntication the hrough n supports s cter is ues after red in the e body to ated in the nly in the y becomes To en an ex remot embe of the - Signat It has comm - Self-T At bo - Audit An au of the is rec All sa admin comm numb new a - Truste When digita - Manag User functi admin 1.5 Te For terms u Follow the Ter Abbrev Multi-Func Product (M Control so PDL Control pa ncrypt LAN d xternal device te UI. The p dded SSD an e TOE and is ture Verificat s a function munication of Testing Functi oot time, verif Log Function udit log is ge e unit and the orded using t aved audit lo nistrator cann munication. T ber of audit lo audit log is re ed Update Fun n updating th al signature in gement Funct management ions for pro nistrators only erms and A used in this S e definition. D rms / viations ction MFP) oftware anel data by IPSec e and a remo pre-shared k nd protected. erased when tion and Gene of verifying f LAN data. ion fy firmware i n nerated with e operation of the managem ogs can only not change th There is a lim ogs exceeds etained. nction he TOE firmw n order to con tion t functions f operly opera y Abbreviatio ST that are de Definitions of Ta A machine as copier, fa facilitate su Software th It is a page types. The p description One of the h operation k c or TLS as a ote UI, and T ey and the The key gen the power of eration Funct g/generating a ntegrity with the user nam f the user can ment function be browsed he audit log. T mit on the nu the maximum ware, it has nfirm that the for registerin ating variou ns efined in CC a f other terms ble 4 - Term which incorp ax, printer, an uch capabilitie hat runs on the description la print function language and hardware elem eys, which pr 11 a sniffing cou TLS is also av server privat nerated during f the TOE is t tion a digital sign h signature ve me of the oper n be audited, a or the exact d by the admi The audit log umber of aud m number of a function o correct firmw ng and delet us security and PP that a are given in T s and Abbr D porates the fu nd Universal es. e hardware o anguage expr n converts pri d prints the ge ments of the rovides the in untermeasure vailable whe te key are e g communica turned off. nature for ve rification. rated user an and is stored date and time nistrator via g is stored in dit logs in the f retention, th f verifying th ware is used. ting users an functions, b are claimed to Table 4. reviations escription unctionality of Send, and co f the device, ressing print c int data expre enerated imag MFP, consist nterface for op D Copyrig e. IPsec is use en an adminis encrypted and ation is gener erifying the i nd the set tim in the TOE b e synchronize the remote U an audit log e TOE embe he oldest aud he firmware nd roles and both of whi o be complian f multiple dev ontaining a lar and controls contents, and essed in the co ge on paper. ting of a touc peration of th Date of Issue: 2 ght Canon Inc ed when conn strator conne d stored on rated in the R integrity of e e so that the built-in SSD. d with the tim UI. However server using edded SSD, a it log is dele by version d d device man ich are rest nt in Section 2 vices in one, rge capacity S security func d there are var orresponding ch panel and he MFP. 2022/07/27 c. 2021 necting to ects to the the TOE RAM area encrypted operation The time me server. r, even an protected and if the eted and a display or nagement tricted to 2, such SSD to ctions. rious g page Ter Abbrev Remote UI SSD Roles Administra General us Fax owner Authentica Jobs Image file Temporaly Document Mail Box Advancesd rms / viations I ator ser r ated users y image file t data d Box An interfac allow the ac operations, administrato A nonvolati and protecte A user's per associated w In addition custom role The default Administrat The Admin (administra In this ST, a U.ADMIN U.NORMA User assign Equivalent U.NORMA General Us A user who among the U from a Gen All TOE-au When a use document, a instructions The operati TX, Store, a generation, Image data An image fi unnecessary User data p Whether a g printing fro To provide digital mult document. There is a p *This TOE e that provide cquisition of and making v ors. ile storage de ed assets are rmission used with one role to the predef es that modify t role has the tor/Power Us nistrator role i ative permissi a custom role with the adm AL without th ned the Admin to U.ADMIN AL as defined er role and th o is authorized U.NORMAL eral User role uthenticated u er uses the fun a Job is the in s for processin ions that can b and Delete. T execution, an generated in file that is gen y when the jo rocessed with general user f m a PC, data an area for st tifunction dev private space does not use 12 D es access to th operating sta various settin evice built int stored. d by the acces . fined default r y the access r following rol ser/General U indicates the p on). e is defined ba ministrative pe e administrat nistrator role NISTRATOR in PP. Belon hat does not h d by the admi L defined in P e and that doe users, includin nctions of the ntended docu ng those data be performed The processin nd completio the MFP by nerated during ob is complete hin the MFP, feeds data to a can be stored toring an elec vice and capa for each user shared space escription he MFP from atus, perform j ngs. This inter to a digital mu ss control fun roles, it is pos restrictions de les User/Limited U permission to ased on the A ermission and tive permissio and has adm R defined in th ng to a custom have administ inistrator to a PP. Belong to es not have ad ng administra e TOE to exec ument data co a. d on a docume ng phases for n. reading, print g a job, such ed. consisting of the MFP dire d here to be p ctronic docum able of printin r and a shared e. D Copyrig m a Web brow job operation rface is only ultifunction d nction and eac ssible to crea etermined by User/Guest U o use manage Administrator d the General on. ministrative pr he PP. m role that is c trative privile access the Fax a custom role dministrative ators cute an opera mbined with ent are: Scan a Job issued b ting, receivin as copy/print f image files ectly, or speci printed later. ment read from ng the stored d space for all Date of Issue: 2 ght Canon Inc wser via the L ns or BOX available to device. Firmw ch user is ate new roles the default ro User ement functio r role to which l User to whic rivileges. created from eges. x/I-Fax Inbox e that is creat e privileges. ation on a the user n, Print, Copy by the user ar ng, etc. t, and become and print sett ifies a docum m a scanner i electronic l users to acc 2022/07/27 c. 2021 LAN, to ware as oles. ns h the ch the a x ted , Fax re: es ting. ment for in a ess. Ter Abbrev Firewall Time serve File server Audit log s [Print] [Copy] [Fax] [Scan and [Scan and [Access St [Fax/I-Fax rms / viations er r server Send] Store] tored Files] x Inbox] Device or s Internet. Server that Internet. A file serve control file A server tha protocol. A button on jobs. A button on A button on A button on function to A button on and save the A button on Box/Inbox. A button on documents ystem design uses the Netw er that uses th storage and a at stores audi n the control p n the control p n the control p n an operation send the load n the control p em to an adv n the control p n the operatio saved in the s 13 D ned to protect work Time Pr he SMB proto access it log files tha panel that act panel that act panel that act n panel that lo ded electronic panel that act anced box. panel that allo on panel that a system box w escription t the internal L rotocol to pro ocol to share f at TOE outpu tivates the fun tivates the Co tivates the Fa oads a paper c document to tivates the ab ows the user activates the where receive D Copyrig LAN against ovide the accu folders over t uts over a LAN nction to oper opy function. ax function. document an o a file server ility to impor to access file function for o ed fax docume Date of Issue: 2 ght Canon Inc threats from urate time ov the LAN and N using the S rate on-hold p nd activates th r. rt paper docum es stored in a operating elec ents are saved 2022/07/27 c. 2021 the ver the SMB print he ments Mail ctronic d. 2 Con 2.1 CC This ST an This ST co - - 2.2 PP This ST an - - 2.3 SF In this ST, 2.4 Co The TOE c Therefore, - Required P - Condition P - Optional I nformance C Conform nd TOE claim onforms to th Common Cr Common Cr P claim, Pa nd TOE claim Title: P V Errata: P FR Package no package c onformanc conforms the the TOE typ d Uses Printing, Scan nally Mandat PSTN faxing Uses Internal Audi e claims ance claim m CC complia e following C riteria version riteria confor ckage claim m exact confo Protection Pro Version: 1.0 d Protection Pro es claims compl e rationale following re pe is consisten nning, Copyi tory Uses , Storage and it Log Storag ms ance with bel Common Crit n: V rmance: Pa m ormance to the ofile for Hard dated Septem ofile for Hard liance. e quirements d nt with PP. ng, Network d retrieval, Fie e 14 ow. teria (CC). Version 3.1 Re art 2 extende e following P dcopy Device mber 10, 2015 dcopy Device defined in PP communicati eld-Replaceab elease 5 d and Part 3 c PP. es 5 es - v1.0 Erra and is Exact ions, Admini ble Nonvolat D Copyrig conformant ata #1, June 2 Conformanc istration tile Storage Date of Issue: 2 ght Canon Inc 017 e as required 2022/07/27 c. 2021 by PP. 3 Secu 3.1 TO TOE Design U.NORM U.ADMIN 3.2 As Two Design D.USER D.TSF 3.2.1 U User Design D.USER.D D.USER.J 3.2.2 T TSF urity Prob OE Users E users are de nation Ca MAL No N Ad ssets o asset classif nation A Us TS User Data r data are cla nation DOC Us JOB Us TSF Data F data are clas blem Defin efined in the f ategory nam ormal User dministrator fications are d Asset catego ser Data SF Data ssified into th User Data ser Document ser Job Data ssified into th nition following two Table me A User have an A User adminis defined for as Table ory Data c the TS Data c of the he following Table 7 type t Data In h In P he following t 15 o user catego 5 -TOE User r who has be n administrativ r who has b strative role ssets. e 6 - Assets created by an SF created by an TSF two types. 7 - User Dat nformation co hardcopy form nformation r Processing Job two types. ories. rs Defin een identified ve role been identifie s Defi nd for Users t nd for the TO ta D ontained in a m related to a b D Copyrig nition d and authen ed and authe inition that do not a OE that migh efinition a User's Docu User's Docu Date of Issue: 2 ght Canon Inc nticated and enticated and affect the ope ht affect the o ument, in elec ument or D 2022/07/27 c. 2021 does not d has an ration of operation ctronic or Document Design D.TSF.PR D.TSF.CO TSF Data h Type D.TSF.PR D.TSF.CO nation ROT Pro ONF Co handled in th e TS ROT User Role Lock settin Passw polic Auto Time Date/ settin IPSec TLS Audi expor Time settin ONF Passw SSD key Key S LAN Prote Encry Audi TSF Data otected TSF D onfidential TS his TOE are sh Ta SF Data name kout policy ngs word y settings Reset e setting /Time ng c settings settings t log rt settings e server ng word encryption Seed N Data ection yption Key t log Table type Data T d se SF Data T w m hown below. able 9 - Real User identif identificatio Used by acc functions tha Settings for of attempts b Policy for t such as m characters, a Timeout per operation pa logged out w Specifies the Settings for Settings for including th LAN Data P Configuratio to external I for synchro external IT e Password u User Identif Encryption k The internal used for AE Encryption function. An operatio logging faci user name, r 16 e 8 - TSF Data TSF Data for data owner n ecurity of the TSF Data for who is neithe might affect th lization of T Descr fication infor n and authen cess restrictio at each user c the lockout f before lockou the password minimum pas and combinat riod before a anel or the re when the user e date and tim the LAN Dat r the LAN D he settings t Protection fun on informatio T equipment onizing TOE equipment used to authe fication and A key used for l state of DR S encryption key used fo onal record ility. It inclu result, operati a D which altera nor in an Ad e TOE, but fo which either r the data ow he security of TSF Data ription rmation used tication funct n functions to can use. function, such ut and the loc d for user au ssword leng tion of charac a user logged mote UI is au r is idle. me that is set. ta Protection Data Protectio o enable or nction. on for sendin E time and enticate the Authentication SSD encrypti RBG and the key generati or LAN data generated b udes the dat ion contents, D Copyrig efinition ation by a Us dministrator r or which discl r disclosure o wner nor in a f the TOE by the user tion. o restrict the h as number ckout time. thentication, th, allowed cter types. in from the utomatically function. on function, disable the ng audit logs date with user in the n function. ion function e seed value on. a protection y the audit te and time, etc. Date of Issue: 2 ght Canon Inc ser who is ne role might a losure is acce r alteration b an Administr Stored SSD SSD SSD SSD SSD RTC SSD SSD SSD SSD SSD RAM in th encryption FLASH me in the encry chip SSD SSD 2022/07/27 c. 2021 either the affect the eptable by a User rator role d in he n chip emory yption 3.3 Th Show Designatio T.UNAUT T.TSF_CO T.TSF_FA T.UNAUT T.NET_CO 3.4 Or Show Designat P.AUTHO P.AUDIT P.COMMS P.STORAG P.KEY_M P.FAX_FL 3.5 As Show Assu Assumptio A.PHYSIC A.NETWO hreats w threats in T on THORIZED_A OMPROMISE AILURE THORIZED_U OMPROMIS rganization w Organization tion ORIZATION S_PROTECT GE_ENCRY MATERIAL LOW ssumptions umptions in T on CAL ORK Table 10. ACCESS E UPDATE E nal Security nal Security P Table D U ad Se m TION Th YPTION If Fi da C co N m th If be s Table 12. Defini Physic stores The O public Table Definition An attacker or change (m of the TOE' An attacker through one A malfunctio permitted to An attacker the TOE. An attacker security of t y Policies Policies in Ta 11- Organiz Definition Users must be dministrative ecurity-releva must be protec he TOE must f the TOE sto ield-Replacea ata on those d leartext keys ontribute to th Nonvolatile St must be protec hat storage de f the TOE pro etween the PS Table 12 ition cal security, c or processes, Operational En c access to its 17 10 - Threat may access ( modify or del s interfaces. may gain Un e of the TOE's on of the TSF o operate. may cause th may access d the TOE by m able 11. zational Secu authorized b functions. ant activities cted and trans t be able to id res User Doc able Nonvola devices. , submasks, r he creation of torage of Use cted from una evice. ovides a PSTN STN fax line - Assumpti commensurat , is assumed t nvironment is LAN interfa s (read, modify lete) User Job nauthorized A s interfaces. F may cause l he installation data in transit monitoring or urity Policies efore perform must be audi smitted to an dentify itself t cument Data o atile Storage D random numb f encryption k er Document D authorized acc N fax functio and the LAN ions e with the va to be provide s assumed to ce. D Copyrig , or delete) U b Data in the Access to TSF loss of securi n of unauthori t or otherwise r manipulating s ming Docume ited and the lo External IT E to other devic or Confidenti Devices, it wi bers, or any o keys for Field Data or Conf cess and mus n, it will ensu N. alue of the TO ed by the envi protect the T Date of Issue: 2 ght Canon Inc User Documen TOE through F Data in the T ity if the TOE ized software e compromise g ent Processing og of such ac Entity. ces on the LA ial TSF Data ill encrypt su other values th d-Replaceabl fidential TSF st not be store ure separation OE and the da ironment. TOE from dire 2022/07/27 c. 2021 nt Data h one TOE E is e on e the g and ctions AN. on uch hat e Data ed on n ata it ect, A.TRUSTE A.TRAINE ED_ADMIN ED_USERS N TOE A securit Autho polici Administrator ty policies. orized Users a es. 18 rs are trusted are trained to to administe use the TOE D Copyrig r the TOE ac E according to Date of Issue: 2 ght Canon Inc cording to sit o site security 2022/07/27 c. 2021 te y 4 Secu 4.1 Se Show Secu Desig OE.PH OE.NE OE.AD OE.US OE.AD urity Obje ecurity Obj urity Objectiv Table 1 gnation HYSICAL_PR ETWORK_PR DMIN_TRUS SER_TRAIN DMIN_TRAI ectives ectives for ves for the Op 13- Security ROTECTION ROTECTION ST NING INING r the Opera perational env y Objectives Definit N The Ope commen or proce N The Ope protect t The TO not use t The TO security The TO site secu manufac protect p 19 ational env vironment in s for the Op tion erational Env nsurate with t esses. erational Env the TOE from E Owner sha their privileg E Owner sha y policies and E Owner sha urity policies cturer's guida passwords an ironment Table 13. perational e vironment sha the value of th vironment sha m direct, publ all establish tr ges for malicio all ensure that have the com all ensure that and have the ance to correc nd keys accor D Copyrig environmen all provide ph he TOE and t all provide ne lic access to i rust that Adm ous purposes t Users are aw mpetence to fo t Administrat e competence ctly configure rdingly. Date of Issue: 2 ght Canon Inc nt hysical securi the data it sto etwork securi ts LAN interf ministrators w . ware of site follow them. ors are aware to use e the TOE and 2022/07/27 c. 2021 ity, ores ty to face. ill e of d 5 Exte This ST de in the PP s 5.1 FA Family be This family External IT Componen FAU_STG secure prot Managem The follow Th Audit: The follow PP/ST: Th FAU_STG Hiera Depen FAU_STG using a tru Rationale The TSF is non-TOE a ability to a that case. T External IT This exten componen 5.2 FC Family be FAU ended com efines the foll specified in S AU_STG_EX ehaviour: y defines req T Entity. nt leveling: G_EXT.1Ext tocol. ment: wing actions c he TSF shall wing actions s here are no au G_EXT.1Ext archical to: ndencies: G_EXT.1.1 usted channel : s required tha audit server f allow the adm The Common T Entity. nded compone nt. CS_CKM_E ehaviour: U_STG_EXT mponents lowing securi ection 2.2. XT Exten quirements for ternal Audit T could be cons have the abil should be aud uditable even tended: Prot No othe FAU_G FTP_IT The TSF sh according to at the transmi for storage an ministrator to n Criteria doe ent protects th EXT Exten T.1: Extended definition ity function r nded: Exte r the TSF to e Trail Storage sidered for the ity to configu ditable if FAU nts foreseen. tected Audit er component GEN.1 Aud TC.1 Inte hall be able t FTP_ITC.1. ission of gene nd review of a review these es not provide he audit recor nded: Cryp d: External Au 20 n requirements. ernal Audit ensure that se requires the e managemen ure the crypto U_GEN Secu Trail Storag ts dit data gener er-TSF truste to transmit the erated audit d audit records. audit records e a suitable SF rds, and it is t ptographic udit Trail Sto All of these Trail Stora ecure transmi TSF to use a nt functions i ographic func urity Audit Da ge ration, d channel e generated a data to an Ext . The storage s is provided FR for the tra therefore plac Key Manag orage D Copyrig extension com age ission of audi trusted chann n FMT: ctionality. ata Generatio audit data to a ternal IT Enti of these audi by the Opera ansmission of ced in the FA gement Date of Issue: 2 ght Canon Inc mponents are it data from T nel implemen n is included an External IT ity which reli it records and ational Enviro f audit data to AU class with 1 2022/07/27 c. 2021 e defined TOE to an nting a d in the T Entity es on a d the onment in o an h a single This family intended fo Componen FCS_CKM materials t Managem The follow Th Audit: The follow PP/ST: Th Rationale Cryptograp destroyed b Cryptograp This exten therefore p FCS_CKM Hiera Depen FCS_CKM cryptograp Rationale Cryptograp destroyed b Cryptograp This exten therefore p 5.3 FC Family be Componen and a Secu FCS_ y addresses th or cryptograp nt leveling: M_EXT.4 that are no lon ment: wing actions c here are no m wing actions s here are no au : phic Key Ma by using an a phic Key Ma nded compone placed in the F M_EXT.4 archical to: ndencies: M_EXT.4.1 phic critical se : phic Key Ma by using an a phic Key Ma nded compon placed in the F CS_HTTPS_ ehaviour: nts in this fam urity Adminis _CKM_EXT. he manageme phic key destr Crypto nger needed a could be cons management a should be aud uditable even terial Destruc approved met terial Destruc ent protects th FCS class wi Exten No othe [FCS_C FCS_C FCS_C The T ecurity param terial Destruc approved met terial Destruc nent protects FCS class wi _EXT Exten mily define re strator. This f .4 Extended: ent aspects of ruction. ographic Key are destroyed sidered for the actions forese ditable if FAU nts foreseen. ction is to ens thod, and the ction. he cryptograp ith a single co nded: Crypto er component CKM.1(a) C KM.1(b) Cry KM.4 Crypto SF shall dest meters when n ction is to ens thod, and the ction. s the cryptog ith a single co nded: HTTP quirements fo family describ Cryptograph 21 f cryptograph y Material De d by using an e managemen een. U_GEN Secu sure the keys Common Cri phic key and omponent. ographic Key ts ryptographic yptographic k ographic key troy all plaint no longer nee sure the keys Common Cri graphic key a omponent. PS selecte for protecting bes how HTT ic Key Mater hic keys. Espe estruction ens approved me nt functions i urity Audit Da and key mat iteria does no key materials y Material D Key Generat key generation destruction ext secret and eded. and key mat iteria does no and key mat d remote mana TPS will be im rial Destructio D Copyrig ecially, this e sures not only ethod. n FMT: ata Generatio erials that are ot provide a s s against expo Destruction tion (for asym n (Symmetric d private cryp erials that are ot provide a s terials agains agement sessi mplemented. on Date of Issue: 2 ght Canon Inc extended com y keys but als n is included e no longer ne uitable SFR f osure, and it i mmetric keys c Keys)], ptographic ke e no longer ne uitable SFR f st exposure, ions between This is a new 4 2022/07/27 c. 2021 mponent is o key d in the eeded are for the is ), or eys and eeded are for the and it is n the TOE w family defined for Componen FCS_HTT and suppor Managem The follow Th Audit: The follow PP/ST: Fa FCS_HTT Hiera Depen FCS_HTT FCS_HTT Rationale HTTPS is SFR for th This exten therefore p 5.4 FC Family be This family Componen FCS_IPSE Managem The follow Th Audit: The follow FCS_ FCS_ r the FCS Cla nt leveling: TPS_EXT.1 rts TLS. ment: wing actions c here are no m wing actions s ailure of HTT TPS_EXT.1 archical to: ndencies: TPS_EXT.1. TPS_EXT.1.2 : one of the se he communica nded compone placed in the F CS_IPSEC_ ehaviour: y addresses r nt leveling: EC_EXT.1 ment: wing actions c here are no m wing actions s _HTTPS_EX _IPSEC_EXT ass. HTTP could be cons management a should be aud TPS session e Exten No othe FCS_TL 1 The T 2 The T ecure commun ation protoco ent protects th FCS class wi _EXT Exten requirements IPsec could be cons management a should be aud XT.1 Extended T.1 Extended PS selected, re sidered for the actions forese ditable if FAU establishment nded: HTTPS er component LS_EXT.1 E SF shall impl SF shall impl nication proto ols using cryp he communic ith a single co nded: IPse for protecting requires that sidered for the actions forese ditable if FAU d: HTTPS sel d: IPsec select 22 equires that H e managemen een. U_GEN Secu S selected ts Extended: TLS lement the H lement HTTP ocols, and the tographic alg cation data us omponent. c selected g communica IPsec be imp e managemen een. U_GEN Secu lected ted HTTPS be im nt functions i urity Audit Da S selected TTPS protoc PS using TLS e Common C gorithms. sing cryptogra ations using I plemented as nt functions i urity Audit Da D Copyrig mplemented ac n FMT: ata Generatio ol that compl S as specified riteria does n aphic algorith Psec. specified. n FMT: ata Generatio Date of Issue: 2 ght Canon Inc ccording to R n is included lies with RFC d in FCS_TLS not provide a hms, and it is n is included 1 1 2022/07/27 c. 2021 RFC 2818 d in the C 2818. S_EXT.1. suitable d in the PP/ST: Fa FCS_IPSE Hiera Depen FCS_IPSE FCS_IPSE FCS_IPSE that is othe FCS_IPSE using [sele Secure Ha Secure Ha specified in FCS_IPSE Phase 1 ex sequence n functions, traversal, RFCs for h FCS_IPSE protocol u [selection: FCS_IPSE FCS_IPSE based on [ to: 24 hou [selection: hours for P FCS_IPSE (2048-bit M (384-bit R TOE], no o FCS_IPSE the [selecti Rationale IPsec is on SFR for th This exten ailure to estab EC_EXT.1 archical to: ndencies: EC_EXT.1.1 EC_EXT.1.2 EC_EXT.1.3 erwise unmat EC_EXT.1.4 ection: the cr ash Algorithm ash Algorithm n RFC 4106] EC_EXT.1.5 xchanges,as d numbers, RF RFC 4868 fo with mandat hash function EC_EXT.1.6 uses the crypt AES-GCM-1 EC_EXT.1.7 EC_EXT.1.8 [selection: nu rs for Phase : number of p Phase 1 SAs a EC_EXT.1.9 MODP), and Random ECP, other DH gro EC_EXT.1.1 ion: RSA, EC : ne of the secu he communica nded compone blish an IPsec Exten No othe FIA_PS FCS_C FCS_C FCS_C FCS_C FCS_C authent FCS_R Generat 1 The T 2 The T 3 The T tched, and dis 4 The T ryptographic m (SHA)-base m (SHA)-base . 5 The T defined in RF FC 4304 for or hash functi tory support f ns, RFC 4868 6 The T tographic alg 128, AES-GC 7 The T 8 The T umber of pack 1 SAs and 8 packets/numb and 8 hours f 9 The T d [selection: 2 , 5 (1536-bit oups]. 10 The T CDSA] algorit ure communic ation protoco ent protects th c SA nded: IPsec s er component SK_EXT.1 Ex KM.1(a) Cry OP.1(a) Cryp OP.1(b) Cryp OP.1(c) Cryp OP.1(g) Cryp tication) RBG_EXT.1 E tion) SF shall impl SF shall impl TSF shall hav scards it. TSF shall im algorithms A ed HMAC, A ed HMAC, AE TSF shall imp FCs 2407, 240 extended seq ions]; IKEv2 for NAT trav for hash func TSF shall ens gorithms AES CM-256 as spe SF shall ensu TSF shall ens kets/number o hours for Ph ber of bytes ; for Phase 2 SA TSF shall en 24 (2048-bit t MODP)), [a TSF shall ensu thm and Pre-s cation protoco ols using cryp he communic 23 selected ts xtended: Pre- yptographic K ptographic Op ptographic Op ptographic Op ptographic Op Extended: Cry lement the IP lement [selec ve a nominal mplement the AES-CBC-12 AES-CBC-256 ES-GCM-128 lement the pr 08, 2409, RF quence numb as defined in versal as spec ctions]]. sure the encry S-CBC-128, ecified in RF ure that IKEv sure that [sel of bytes; leng hase 2 SAs]; I length of tim SAs]]. nsure that a MODP with assignment: o ure that all IK shared Keys. ols, and the C tographic alg cation data us -Shared Key Key Generatio peration (Sym peration (for peration (Has peration (for yptographic O Psec architect ction: tunnel m , final entry IPsec protoc 28 (as specifi 6 (as specifie 8 as specified rotocol: [sele FC 4109, [sele bers], and [s n RFCs 5996[ cified in sect ypted payloa AES-CBC-2 C 5282, no o v1 Phase 1 exc lection: IKEv gth of time, w IKEv1 SA life me, where the all IKE proto h 256-bit PO other DH gr KE protocols Common Crit gorithms. sing cryptogra D Copyrig Composition on (for asymm mmetric encry signature gen sh Algorithm keyed-hash m Operation (Ra ture as specifi mode, transpo in the SPD t col ESP as d fied by RFC 3 ed by RFC 3 d in RFC 41 ction: IKEv1, ection: no oth selection: no [selection: wi ion 2.23], an d in the [sele 256 as specif ther algorithm changes use o v2 SA lifetim where the time fetimes can be e time values ocols implem OS), 19 (256-b roups that ar perform Peer eria does not aphic algorith Date of Issue: 2 ght Canon Inc n metric keys) yption/decryp neration/verif m) message andom Bit fied in RFC 43 ort mode]. that matches defined by R 3602) togeth 3602) togeth 06, AES-GCM , using Main her RFCs for other RFCs ith no suppor nd [selection: ection: IKEv1 fied in RFC m]. only main mo es can be es e values can b e established s can be limit ment DH G bit Random E re implemente r Authenticat provide a su hms, and it is 2022/07/27 c. 2021 ption) fication) 301. anything RFC 4303 her with a er with a M-256 as Mode for r extended for hash rt for NAT : no other 1, IKEv2] 3602 and ode. stablished be limited d based on ted to: 24 Groups 14 ECP), 20 ed by the tion using uitable therefore p 5.5 FC Family be This family secure the Componen FCS_KYC of that cha Managem The follow Th Audit: The follow PP/ST: Th FCS_KYC Hiera Depen FCS_KYC BEVor DE following m FCS_SMC FCS_KDF [selection: Rationale Key Chain chain. How layers of e This exten the FCS cl 5.6 FC FCS_ placed in the F CS_KYC_EX ehaviour: y provides th protected dat nt leveling: C_EXT Key ain. ment: wing actions c here are no m wing actions s here are no au C_EXT.1 archical to: ndencies: C_EXT.1.1 EK; intermed method(s): [s C_EXT.1, key F_EXT.1, key 128 bits, 256 : ning ensures t wever, the Co ncryption key nded compone lass with a sin CS_RBG_E _KYC_EXT FCS class wi XT Exten he specificatio ta encrypted o y Chaining, r could be cons management a should be aud uditable even Exten No othe [FCS_C FCS_SM FCS_C FCS_K and/or FCS_C The T diate keys or selection: key y encryption transport as 6 bits]. that the TSF m ommon Criter y to protect e ent protects th ngle compone EXT Exten Key Chainin ith a single co nded: Cryp on to be used on the storag requires the T sidered for the actions forese ditable if FAU nts foreseen. nded: Key Ch er component COP.1(e) Cry MC_EXT.1 E OP.1(i) Cryp KDF_EXT.1 C OP.1(f) Cryp TSF shall mai iginating fro y wrapping as n as specif s specified in maintains the ria does not p encrypted data he TSF data u ent. nded: Cryp ng 24 omponent. ptographic for using mu e. TSF to mainta e managemen een. U_GEN Secu haining ts yptographic o Extended: Su ptographic op Cryptographic ptographic op ntain a key c om one or mo s specified in fied in FCS FCS_COP.1 e key chain, a provide a suit a. using cryptog ptographic Operation ultiple layers ain a key chai nt functions i urity Audit Da peration (Key ubmask Comb eration (Key c Operation ( peration (Key chain of: [sele ore submask n FCS_COP.1 S_COP.1(f), 1(i)]] while m and also speci able SFR for graphic algori Operation D Copyrig (Key Chai of encryption in and specifi n FMT: ata Generatio y Wrapping), bining, Transport), (Key Derivati Encryption)] ection: one, u k(s) to the BE 1(e), key com key derivat maintaining an ifies the chara the managem ithms, and it (Random Date of Issue: 2 ght Canon Inc ning) n keys to ultim ies the charac n is included , ion), ]. using a subma EV or DEK mbining as sp tion as spe n effective st acteristics of ment of multi is therefore p Bit Genera 1 2022/07/27 c. 2021 mately cteristics d in the ask as the using the pecified in ecified in trength of that ple placed in ation) Family be This family selected st Componen FCS_RBG with select Managem The follow Th Audit: The follow PP/ST: Fa FCS_RBG Hiera Depen FCS_RBG accordance HMAC_DR FCS_RBG entropy fro [assignmen [selection: 18031:201 generate. Rationale Random b does not pr This exten with a sing 5.7 FC Family be This family submask b Componen FCS_ FCS_ ehaviour: y defines req andards and s nt leveling: G_EXT.1 Ran ted standards ment: wing actions c here are no m wing actions s ailure of HTT G_EXT.1 archical to: ndencies: G_EXT.1.1 e with [selec RBG (any), C G_EXT.1.2 om [selection nt: number o 128 bits, 256 11 Table C.1 : its/number w rovide a suita nded compone gle componen CS_SMC_E ehaviour: y defines the being used to nt leveling: _RBG_EXT. _SMC_EXT.1 quirements for seeded by an ndom Bit Ge and seeded b could be cons management a should be aud TPS session e Exten No othe No dep The T ction: ISO/IEC CTR_DRBG (A The d n: [assignme of hardware- 6 bits] of entr 1 "Security s will be used by able SFR for ent ensures th nt. EXT Exten means by wh derive or pro 1 Extended: R Extended: Su r random bit entropy sour neration requ by an entropy sidered for the actions forese ditable if FAU establishment nded: Random er component endencies. TSF shall pe C 18031:201 (AES)]. eterministic R ent: number o -based sourc ropy at least strength table y the SFRs fo the random b he strength of nded: Subm hich submask otect the BEV Random Bit ubmask Comb 25 generation to rce. uires random y source. e managemen een. U_GEN Secu m Bit Gener ts erform all de 11, NIST SP RBG shall be of software-b ces] hardwar equal to the g e for hash fu or key genera bit generation f encryption k mask Com ks are combin V. Generation bining o ensure that i bit generation nt functions i urity Audit Da ration eterministic r 800-90A] usi e seeded by a based sources re-based nois greatest secur unctions", of ation and dest n. keys, and it is bining ned, if the TO D Copyrig it is performe n to be perfor n FMT: ata Generatio random bit g ing [selection an entropy so s] software-b se source(s)] rity strength, f the keys an truction, and t s therefore pla OE supports m Date of Issue: 2 ght Canon Inc ed in accordan rmed in accor n is included generation se n: Hash_DRB ource that acc based noise s ] with a min according to nd hashes th the Common aced in the FC more than one 1 1 2022/07/27 c. 2021 nce with rdance d in the ervices in BG (any), cumulates source(s), nimum of o ISO/IEC hat it will Criteria CS class e FCS_SMC Managem The follow Th Audit: The follow PP/ST: Th FCS_SMC Hiera Depen FCS_SMC exclusive O Rationale Submask C This exten the FCS cl 5.8 FC Family be This family the server Componen FCS_TLS Managem The follow Th Audit: The follow PP/ST: Fa FCS_TLS Hiera Depen FCS C_EXT.1Sub ment: wing actions c here are no m wing actions s here are no au C_EXT.1Ext archical to: ndencies: C_EXT.1.1 OR (XOR), S : Combining is nded compone lass with a sin CS_TLS_EX ehaviour: y addresses th using the TL nt leveling: S_EXT.1 TLS ment: wing actions c here are no m wing actions ailure of TLS S_EXT.1 Ext archical to: ndencies: S_TLS_EXT. bmask combi could be cons management a should be aud uditable even tended: Subm No othe FCS_C The T SHA-256, SH s to ensure the ent protects t ngle compone XT Exten he ability for S protocol. S selected, req could be cons management a should be au session estab tended: TLS No othe FCS_C FCS_C 1 Extended: T ning requires sidered for the actions forese ditable if FAU nts foreseen. mask Combi er component OP.1(c) Cryp TSF shall co HA-512] to ge e TSF combin the TSF data ent. nded: TLS r a server and/ quires the TL sidered for the actions forese uditable if FA blishment S selected er component KM.1(a) Cry OP.1(a) Cryp TLS selected 26 s the TSF to c e managemen een. U_GEN Secu ining ts. ptographic op ombine subm enerate an int ne the subma using crypto selected /or a client to LS protocol im e managemen een. AU_GEN Sec ts yptographic K ptographic Op d combine the s nt functions i urity Audit Da peration (Hash masks using ermediary ke asks in order t graphic algor o use TLS to p mplemented a nt functions i curity Audit D Key Generatio peration (Sym D Copyrig submasks in a n FMT: ata Generatio h Algorithm) the followin ey or BEV. to derive or p rithms, and it protect data b as specified. n FMT: Data Generat on (for asymm mmetric encry Date of Issue: 2 ght Canon Inc a predictable n is included ) dependencie ng method [ protect the BE t is therefore between a clie tion is includ metric keys) yption/decryp 1 2022/07/27 c. 2021 fashion. d in the es. selection: EV. placed in ent and ded in the ption) FCS_TLS TLS 1.0 (R Mandatory • TLS_RS Optional C [selection: • None • TLS_RSA • TLS_DH • TLS_DH • TLS_RSA • TLS_RSA • TLS_DH • TLS_DH • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC • TLS_EC ]. Rationale TLS is one SFR for th This exten therefore p S_EXT.1.1 RFC 2246), TL y Ciphersuite SA_WITH_A Ciphersuites: : A_WITH_AE HE_RSA_WIT HE_RSA_WIT A_WITH_AE A_WITH_AE HE_RSA_WIT HE_RSA_WIT CDHE_RSA_W CDHE_RSA_W CDHE_ECDSA CDHE_ECDSA CDHE_RSA_W CDHE_RSA_W CDHE_RSA_W CDHE_RSA_W CDHE_ECDSA CDHE_ECDSA CDHE_ECDSA CDHE_ECDSA : e of the secur he communica nded compon placed in the F FCS_C FCS_C FCS_C authent FCS_R Generat The T TLS 1.1 (RFC es: AES_128_CB ES_256_CBC_ TH_AES_128_ TH_AES_256_ ES_128_CBC_ ES_256_CBC_ TH_AES_128_ TH_AES_256_ WITH_AES_1 WITH_AES_2 SA_WITH_AE SA_WITH_AE WITH_AES_1 WITH_AES_2 WITH_AES_1 WITH_AES_2 SA_WITH_AE SA_WITH_AE SA_WITH_AE SA_WITH_AE re communica ation protoco nent protects FCS class wi OP.1(b) Cryp OP.1(c) Cryp OP.1(g) Cryp tication) RBG_EXT.1 E tion) SF shall impl 4346), TLS 1 C_SHA _SHA _CBC_SHA 6_CBC_SHA _SHA256 _ SHA256 _CBC_ SHA2 6_CBC_ SHA2 128_CBC_SH 256_CBC_SH ES_128_CBC_ ES_256_CBC_ 128_CBC_SH 256_CBC_SH 128_GCM_SH 256_GCM_SH ES_128_GCM ES_256_GCM ES_128_CBC_ ES_256_CBC_ ation protoco ols using cryp s the comm ith a single co 27 ptographic Op ptographic Op ptographic Op Extended: Cry lement one o 1.2 (RFC 524 256 256 HA HA C_SHA C_SHA HA256 HA384 HA256 HA384 M_SHA256 M_SHA384 C_SHA256 C_SHA384 ls, and the Co tographic alg munication da omponent. peration (for peration (Has peration (for yptographic O r more of the 46)] supportin ommon Crite gorithms. ata using cry D Copyrig signature gen sh Algorithm keyed-hash m Operation (Ra e following pr ng the followi eria does not p yptographic Date of Issue: 2 ght Canon Inc neration/verif m) message andom Bit rotocols [sele ing ciphersuit provide a suit algorithms, 2022/07/27 c. 2021 fication) ection: tes: table and it is 5.9 FD Family be This family Componen FDP_DSK TSF and U these data Managem The follow Th Audit: The follow PP/ST: Th FDP_DSK Hiera Depen FDP_DSK FCS_COP certified to contains no FDP_DSK Rationale Extended: interventio This exten componen 5.10 FD Family be This family connected. Componen FDP DP_DSK_EX ehaviour: y is to manda nt leveling: K_EXT.1 Ext User Data stor in plaintext o ment: wing actions c here are no m wing actions here are no au K_EXT.1 Ext archical to: ndencies: K_EXT.1.1 P.1(d), use a s o conform to t o plaintext U K_EXT.1.2 : Protection of on, and the Co nded compone nt. DP_FXS_EX ehaviour: y addresses th . nt leveling: P_DSK_EXT XT Exten ate the encryp tended: Prote red on the Fie on the devices could be cons management a should be au uditable even tended: Prot No othe FCS_C The T self-encryptin the FDE EE c User Documen The T f Data on Dis ommon Crite ent protects t XT Exten he requireme .1 Extended: nded: Prote ption of all pr ection of Data eld-Replaceab s. sidered for the actions forese uditable if FA nts foreseen. tection of Da er component OP.1(d) Cryp SF shall [sele ng Field-Repl cPP] such tha nt Data and no SF shall encr sk is to specif eria does not p the Data on D nded: Fax S ents for separa Protection of 28 ection of D rotected data a on Disk, req ble Nonvolati e managemen een. AU_GEN Sec ata on Disk ts ptographic op ection: perfor laceable Nonv at any Field-R o plaintext co rypt all protec fy that encryp provide a suit Disk, and it is Separation ation between f Data on Dis Data on Dis written to the quires the TSF ile Storage D nt functions i curity Audit D peration (AES rm encryption volatile Stora Replaceable N onfidential TS cted data with ption of any c table SFR for s therefore pla n n Fax PSTN l sk D Copyrig sk e storage. F to encrypt a Devices in ord n FMT: Data Generat S Data Encry n in accordan age Device th Nonvolatile S SF Data. hout user inte confidential d r the Protectio aced in the F line and the L Date of Issue: 2 ght Canon Inc all the Confid der to avoid st tion is includ yption/Decryp nce with hat is separate Storage Devic ervention. data without u on of Data on DP class with LAN to which 1 2022/07/27 c. 2021 dential toring ded in the ption) ely CC ce user n Disk. h a single h TOE is FDP_FXS between a Managem The follow Audit: The follow PP/ST: FDP_FXS Hiera Depen FDP_FXS receiving U Rationale Fax Separa provide a s This exten with a sing 5.11 FIA Family be This family strong pass Componen FIA_PMG requiremen Managem The follow Th Audit: The follow PP/ST: FDP FIA_ S_EXT.1 Fax PSTN and a ment: wing actions c There are no wing actions There are no S_EXT.1 Ext archical to: ndencies: S_EXT.1.1 User Data usi : ation is to pro suitable SFR nded compon gle componen A_PMG_EX ehaviour: y defines req swords and p nt leveling: G _EXT.1 Pa nts, minimum ment: wing actions c here are no m wing actions P_FXS_EXT. _PMG _EXT x Separation, LAN to whic could be cons o managemen should be au o auditable ev tended: Fax No othe No dep The TSF sh ing fax protoc otect a LAN a for the Prote nent protects nt. XT Exten quirements for passphrases ca assword mana m lengths, ma could be cons management a should be au .1 Extended: T.1 Extended: requires the f ch TOE is con sidered for the nt actions fore uditable if FA vents foreseen separation er component endencies. hall prohibit c cols. against attack ction of TSF the TSF Dat nded: Pass r the attribute an be chosen agement requ aximum lifetim sidered for the actions forese uditable if FA Fax Separatio : Password M 29 fax interface nnected. e managemen eseen. AU_GEN Sec n. ts communicatio k from PSTN or User Data ta or User Da sword Man es of passwor and maintain uires the TSF me, and simil e managemen een. AU_GEN Sec on Management cannot be use nt functions i curity Audit D on via the fax line, and the a. ata, and it is agement rds used by ad ned. to support pa larity constra nt functions i curity Audit D D Copyrig ed to create a n FMT: Data Generat x interface, ex Common Cr therefore pla dministrative asswords with aints. n FMT: Data Generat Date of Issue: 2 ght Canon Inc a network brid tion is includ xcept transmi riteria does no aced in the F e users to ensu h varying com tion is includ 1 1 2022/07/27 c. 2021 dge ded in the itting or ot FDP class ure that mposition ded in the Th FIA_PMG Hiera Depen FIA_PMG passwords P n M p Rationale Password M the Comm This exten the FIA cla 5.12 FIA Family be This family Componen FIA_PSK_ Managem The follow Th Audit: The follow PP/ST: Th FIA_PSK_ Hiera Depen FIA_PSK FIA_PSK_ 2 FIA_ here are no au G _EXT.1 archical to: ndencies: G _EXT.1.1 : Passwords sh numbers, and "(", ")", [assi Minimum pa passwords of : Management mon Criteria d nded compone ass with a sin A_PSK_EX ehaviour: y defines req nt leveling: K_EXT.1 Pre- ment: wing actions c here are no m wing actions here are no au K_EXT.1 archical to: ndencies: K_EXT.1.1 K_EXT.1.2 22 characters _PSK_EXT.1 uditable even Exten No othe No dep The TSF s hall be able to d the followin gnment: othe assword length f 15 character t is to ensure t oes not provi ent protects t ngle compone XT Exten quirements for -Shared Key C could be cons management a should be au uditable even Exten No othe FCS_R Generat The TSF sh The TSF sh s in length an 1 Extended: P nts foreseen. nded: Passwo er component endencies. shall provide o be compose ng special cha er characters] h shall be set rs or greater. the strong au ide a suitable the TOE by m ent. nded: Pre-S r the TSF to e Composition sidered for the actions forese uditable if FA nts foreseen. nded: Pre-Sh er component RBG_EXT.1 E tion). hall be able to all be able to d [selection: Pre-Shared K 30 ord managem ts the following ed of any com aracters: [sele ]]; ttable by an A uthentication b SFR for the means of pass Shared Key ensure the ab , ensures auth e managemen een. AU_GEN Sec hared Key Co ts Extended: Cry o use pre-shar accept text-b [assignment: Key Composit ment g password m mbination of u ection: "!", "@ Administrator between the e Password Ma sword manag y Composi ility to use pr henticity and nt functions i curity Audit D omposition yptographic O red keys for I based pre-sha other suppor tion D Copyrig management c upper and low @", "#", "$", r, and have th endpoints of c anagement. gement, and it ition re-shared key access contro n FMT: Data Generat Operation (Ra Psec. ared keys that rted lengths], Date of Issue: 2 ght Canon Inc capabilities fo wer case letter "%", "^", "& he capability t communicati t is therefore ys for IPsec. ol for updates tion is includ andom Bit t are. no other leng 1 2022/07/27 c. 2021 or User rs, &", "*", to require on, and placed in s. ded in the gths]; c ( FIA_PSK SHA-256, pre-shared generator Rationale Pre-shared and the Co This exten the FIA cla 5.13 FP Family be This family nonvolatile Componen FPT_ KY plaintext k Managem The follow Th Audit: The follow PP/ST: Th FPT_ KY Hiera Depen FPT_ KY FCS_KYC key on a d Rationale Protection nonvolatile key materi This exten componen FPT composed of (that include: K_EXT.1.3 SHA-512, [as d keys; accep specified in F : d Key Compo ommon Criter nded compon ass with a sin PT_KYP_EX ehaviour: y addresses th e storage. nt leveling: P _EXT.1 Ex key or key ma ment: wing actions c here are no m wing actions here are no au P _EXT.1 archical to: ndencies: YP _EXT.1.1 C_EXT.1 in a evice that use : of Key and K e storage, and ial. nded compon nt. T_ KYP _EXT f any combina : "!", "@", "# The TSF sh ssignment: m t bit-based pr FCS_RBG_EX osition is to en ria does not p ent protects t ngle compone XT Exten he requireme xtended: Prot aterials are wr could be cons management a should be au uditable even Exten No othe No dep The TSF any Field-Rep es the key for Key Material d the Commo nent protects T.1 Protection ation of upper #", "$", "%", " hall condition ethod of cond re-shared key XT.1]. nsure the stro provide a suit the TOE by m ent. nded: Prote ents for keys a tection of key ritten to nonv sidered for the actions forese uditable if FA nts foreseen. nded: Protect er component endencies. shall not stor placeable Non r its encryptio is to ensure t on Criteria do the TSF data n of key and k 31 r and lower c "^", "&", "*", the text-base ditioning text ys; generate b ong authentic able SFR for means of stro ection of K and key mate y and key mat volatile storag e managemen een. AU_GEN Sec tion of Key a ts re plaintext ke nvolatile Stor on. that no plaint oes not provid a, and it is th key material case letters, nu , "(", and ")") ed pre-shared t string]] and bit-based pre ation between the Pre-share ong authentic Key and Ke erials to be pr terial, require ge. nt functions i curity Audit D and Key Mat eys that are p rage Device, a text key or ke de a suitable S herefore plac D Copyrig umbers, and s ). d keys by usin be able to [se -shared keys n the endpoin ed Key Comp cation, and it y Material rotected if and es the TSF to n FMT: Data Generat terial part of the key and not store ey material ar SFR for the p ced in the FP Date of Issue: 2 ght Canon Inc special chara ng [selection: election: use using the ran nts of commu position. t is therefore d when writte ensure that n tion is includ ychain specifi any such pla re written to protection of k PT class with 1 2022/07/27 c. 2021 acters SHA-1, no other ndom bit unications, placed in en to no ded in the fied by aintext key and h a single 5.14 FP Family be This family keys. This Componen FPT_SKP keys from Managem The follow Th Audit: The follow PP/ST: Th FPT_SKP Hiera Depen FPT_SKP keys. Rationale Protection securely, a This exten therefore p 5.15 FP Family be This family Componen FPT_TST demonstra Managem FPT FPT PT_SKP_EX ehaviour: y addresses th is a new fam nt leveling: P_EXT.1 Pro being read by ment: wing actions c here are no m wing actions here are no au P_EXT.1 Ext archical to: ndencies: P_EXT.1.1 : of TSF Data and the Comm nded compone placed in the F PT_TST_EX ehaviour: y addresses th nt leveling: T_EXT.1 TSF ate correct ope ment: T_SKP_EXT. T_TST_EXT. XT Exten he requireme mily modelled tection of TS y any user or could be cons management a should be au uditable even tended: Exte No othe No dep The TSF sh a is to ensure t mon Criteria d ent protects th FPT class wi XT Exten he requireme F testing requ eration of the 1 Extended: P 1 Extended: T nded: Prote ents for mana d as the FPT C SF Data (for r r subject. It is sidered for the actions forese uditable if FA nts foreseen. ended: Prote er component endencies. hall prevent r the pre-share does not prov he TOE by m th a single co nded: TSF ents for self-te uires a suite o e TSF. Protection of TSF testing 32 ection of T ging and prot Class. reading all sym the only com e managemen een. AU_GEN Sec ection of TSF ts eading of all ed keys, symm vide a suitable means of stron omponent. testing esting the TS f self-testing f TSF Data TSF Data tecting the TS mmetric keys mponent of th nt functions i curity Audit D F Data pre-shared ke metric keys an e SFR for the ng authenticat F for selected to be run dur D Copyrig SF data, such s), requires pr his family. n FMT: Data Generat eys, symmetr nd private key e protection o tion using Pr d correct oper ring initial sta Date of Issue: 2 ght Canon Inc h as cryptogra reventing sym tion is includ ric keys, and ys are protect of such TSF d e-shared Key ration. art-up in orde 1 1 2022/07/27 c. 2021 aphic mmetric ded in the private ted data. y, and it is er to The follow Th Audit: The follow PP/ST: Th FPT_TST Hiera Depen FPT_TST demonstra Rationale TSF testin suitable SF This exten componen 5.16 FP Family be This family firmware/s Componen FPT_TUD Managem The follow Th Audit: The follow PP/ST: Th FPT_TUD FPT_TUD Hiera FPT wing actions c here are no m wing actions here are no au T_EXT.1 Ext archical to: ndencies: T_EXT.1.1 ate the correct : g is to ensure FR for the TS nded compon nt. PT_TUD_EX ehaviour: y defines req software, and nt leveling: D_EXT.1 Tru ment: wing actions c here are no m wing actions here are no au D_EXT.1 Tru Hiera Depen D_EXT.1 Tru archical to: T_TUD_EXT could be cons management a should be au uditable even tended: TSF No othe No dep The TSF sh t operation of e the TSF can SF testing. In nent protects XT Exten quirements for d that such firm usted Update, could be cons management a should be au uditable even usted Update archical to: ndencies: usted Update No othe .1 Extended: sidered for the actions forese uditable if FA nts foreseen. testing er component endencies. hall run a suit f the TSF. n be operated particular, th s the TOE, a nded: Trus r the TSF to e mware/softw , ensures auth sidered for the actions forese uditable if FA nts foreseen. e No oth FCS_C genera FCS_C e er component Trusted Upd 33 e managemen een. AU_GEN Sec ts te of self-tests correctly, an here is no SFR and it is the sted Update ensure that on ware is authent henticity and e managemen een. AU_GEN Sec her componen COP.1(b) Cry ation/verifica COP.1(c) Cry ts date nt functions i curity Audit D s during initia nd the Commo R defined for erefore placed e nly administr tic. access contro nt functions i curity Audit D nts yptographic O ation), yptographic o D Copyrig n FMT: Data Generat al start-up (an on Criteria do TSF testing. d in the FPT rators can upd ol for updates n FMT: Data Generat Operation (fo operation (Ha Date of Issue: 2 ght Canon Inc tion is includ nd power on) oes not provid T class with date the TOE s. tion is includ or signature ash Algorithm 1 2022/07/27 c. 2021 ded in the to de a h a single ded in the m). Depen FPT_TUD version of FPT_TUD TOE firmw FPT_TUD using a dig those upda Rationale Firmware/ manageme This exten componen ndencies: D_EXT.1.1 the TOE firm D_EXT.1.2 ware/software D_EXT.1.3 gital signature ates. : /software is a ent of firmwa nded compon nt. FCS_C FCS_C The TSF sh mware/softwa The TSF sh e. The TSF sh e mechanism form of TSF are/software. I nent protects OP.1(b) Cryp OP.1(c) Cryp hall provide a are. hall provide a hall provide a and [selectio F Data, and th In particular, s the TOE, a 34 ptographic Op ptographic op authorized ad authorized ad a means to ve on: published he Common C there is no S and it is the peration (for peration (Hash dministrators dministrators erify firmwar d hash, no oth Criteria does n SFR defined f erefore placed D Copyrig signature gen h Algorithm) the ability to the ability to re/software up er functions] not provide a for importing d in the FPT Date of Issue: 2 ght Canon Inc neration/verif ). query the cu initiate upda pdates to the prior to insta a suitable SFR TSF Data. T class with 2022/07/27 c. 2021 fication), urrent ates to TOE alling R for the h a single 6 SEC 6.1 No - Bold typ to the origi - Italic typ - Bold itali PP and ind - [] indicat in this ST - A charac defined in 6.2 Se 6.2.1 C FAU_GE FAU_GEN FAU_GEN CURITY RE otation peface indicat inal SFR defi eface indicat ic typeface in dicates the tex tes the portio is shown afte cter in (), for HCD PP. To ecurity func Class FAU EN.1 Audi Hierar Depen N.1.1 The TS a) b) c) [assign – N.1.2 The TS a) b) [assign – EQUIREME tes the portio inition in Com es the text wi ndicates the p xt within an S on indicating er the [] part i r example, an o repeat furthe ctional req : Security A t data gen rchical to: ndencies: SF shall be ab Start-up and s All auditable All auditable auditable eve nment: other s None SF shall recor Date and time (success or fa For each audi components i [assignment: nment: other a None ENTS on of an SFR mmon Criteri ithin an SFR portion of an S SFR that mus "Assignment is extracted af n SFR compo er in ST, defi uirements Audit eration No oth FPT_S ble to generate shutdown of t events for the e events speci ents]. specifically de rd within each e of the event ailure) of the e it event type, b included in th other audit re audit relevant Table 14 - A 35 that has been ia Part 2 or to that must be SFR that has t be selected t" or "Selecti fter the text. onent follow ne as (a) (ssd her componen STM.1 Reliab e an audit reco the audit funct e not specified ified in Table efined auditab h audit record , type of even event; and based on the a e PP/ST, addi elevant inform t information] Auditable E n "completed o its Extended selected and/ been partiall and/or comp ion". The resu ed by (a) and d). nts. le time stamp ord of the follo tions; d level of aud e 14, [assignm ble events]. at least the fol nt, subject iden auditable even itional inform mation]. Events D Copyrig d" or "refined d Component /or completed y "completed leted in this S ult of "Assig d (b), indicat s owing auditab dit; and ment: other spe llowing inform ntity (if applic nt definitions o mation specifi Date of Issue: 2 ght Canon Inc d" in HCD PP t Definition. d in this ST. d" or "refined ST. gnment" or "S tes that repet ble events: ecifically defin mation: cable), and the of the function fied in Table 1 2022/07/27 c. 2021 P, relative d" in HCD Selection" tition was ned e outcome nal 14, FAU_GE FAU_GEN FAU_SA FAU_SAR FAU_SAR FAU_SA FAU_SAR Audit Job co Unsuc Unsuc Use o Modi are pa Chang Failur EN.2 User Hierar Depen N.2.1 For au auditab AR.1 Audi Hierar Depen R.1.1 The TS from th [assign – R.1.2 The TS inform AR.2 Rest Hierar Depen R.2.1 The TS table event ompletion ccessful User ccessful User of managemen fication to the art of a role ges to the time re to establish r identity a rchical to: ndencies: udit events resu ble event with t review rchical to: ndencies: SF shall provi he audit recor nment: an Ad U. ADMIN SF shall provi mation. ricted aud rchical to: ndencies: SF shall prohi authentication identification nt functions e group of Use e h session ssociation No oth FAU_ FIA_U ulting from ac h the identity o No oth FAU_ ide [assignmen rds. dministrator] N ide the audit r dit review No oth FAU_ ibit all users re 36 Rel FDP n FIA n FIA FM ers that FM FPT FTP FTP FTP n her componen _GEN.1 A UID.1 T ctions of ident of the user tha her componen _GEN.1 A nt: an Admin ecords in a ma her componen _SAR.1 A ead access to levant SFR P_ACF.1 A_UAU.1 A_UID.1 MT_SMF.1 MT_SMR.1 T_STM.1 P_ITC.1, P_TRP.1(a), P_TRP.1(b) nts Audit data gene iming of iden tified users, th at caused the e nts. Audit data gene istrator] with anner suitable nts Audit review the audit reco D Copyrig eration ntification he TSF shall b event. eration the capability e for the user t ords, except th Date of Issue: 2 ght Canon Inc Additional informatio Type of job None None None None None Reason for be able to asso y to read all re to interpret the hose users that 2022/07/27 c. 2021 l n b failure ociate each ecords e t have FAU_ST FAU_STG FAU_STG FAU_ST FAU_STG FAU_ST FAU_STG 6.2.2 C Th 6.2.3 C FCS_CK been g TG.1 Prote Hierar Depen G.1.1 The TS G.1.2 The TS audit tr TG.4 Preve Hierar Depen G.4.1 Refinem taken b and [as full. [select with – [assign – TG_EXT.1 Hierar Depen G_EXT.1.1 using a Class FCO here are no cl Class FCS KM.1(a) Hierar Depen granted explici ected audi rchical to: ndencies: SF shall prote SF shall be ab rail. ention of a rchical to: ndencies: ment: The TS by the authori ssignment: oth tion, choose o h special rights "overwrite nment: other a None Exten rchical to: ndencies: The TS a trusted chan O: Commun lass FCO req : Cryptogra Cryp rchical to: ndencies: it read-access t trail stor No oth FAU_ ect the stored a ble to prevent audit data FAU_ FAU_ SF shall [selec ised user with her actions to one of: "preven s", "overwrite e the oldest st actions to be t nded: Exte No oth FAU_ FTP_I SF shall be ab nnel according nication quirements. aphic Supp ptographic No oth [FCS_C FCS_C verifica FCS_C 37 . rage her componen _GEN.1 A audit records i t unauthorised loss _STG.3 A _STG.1 Pr ction, choose special rights be taken in c nt audited eve e the oldest sto tored audit rec taken in case o ernal Audi her componen _GEN.1 A ITC.1 In ble to transmit g to FTP_ITC. port Key Gene er component CKM.2 Crypt COP.1(b) Cryp ation), COP.1(i) Cryp nts Audit data gene in the audit tra d modification Action in case o rotected audit one of: "preve s", "overwrite ase of audit st ents, except th ored audit rec cords" of audit storag t Trail Sto nts Audit data gene nter-TSF trust t the generated 1. eration (for ts. tographic key ptographic Op tographic ope D Copyrig eration ail from unaut ns to the stored of possible au trail storage ent audited ev e the oldest sto torage failure hose taken by t cords"] ge failure] rage eration, ted channel. d audit data to r asymmet distribution, o peration (for si eration (Key T Date of Issue: 2 ght Canon Inc thorised deleti d audit records udit data loss vents, except t ored audit rec e] if the audit t the authorised o an External I tric keys) or ignature gener Transport)] 2022/07/27 c. 2021 ion. s in the those cords"] trail is d user IT Entity ration/ FCS_CKM M.1.1(a) Refin establi ] and stren [select ] [select – nement: ishment in ac NIST Specia Establishmen key establish NIST Specia Establishmen curve-based k and [selection Signature Sta NIST Specia Establishmen establishmen specified cry ngth of 112 b tion: NIST Specia Establishmen key establish NIST Specia Establishmen curve-based k and [selection Signature Sta NIST Specia Establishmen establishmen NIST Spec Establishme field-based k NIST Spec Establishme curve-based P-384 and "Digital Sign NIST Spec Establishme key establish tion: P-521, n no other cu FCS_C Destruc The TSF ccordance with l Publication nt Schemes U ment schemes l Publication nt Schemes U key establishm n: P-521, no o andard") l Publication nt Schemes U nt schemes yptographic k bits. l Publication nt Schemes U ment schemes l Publication nt Schemes U key establishm n: P-521, no o andard") l Publication nt Schemes U nt schemes cial Publica ent Schemes key establishm cial Publica ent Schemes d key establis [selection: P nature Standa cial Publica ent Schemes hment schem no other curve urves 38 CKM_EXT.4 E ction shall generate h [selection: 800-56A, "R Using Discrete s; 800-56A, "R Using Discrete ment schemes other curves] 800-56B, "R Using Integer F key sizes equiv 800-56A, "R Using Discrete s; 800-56A, "R Using Discrete ment schemes other curves] 800-56B, "R Using Integer F ation 800-56 s Using Di ment scheme ation 800-56 Using Dis shment schem P-521, no oth ard") ation 800-56 Using Intege mes es] Extended: Cry e asymmetric Recommendati e Logarithm C Recommendati e Logarithm C s and impleme ] (as defined in Recommendati Factorization valent to, or Recommendati e Logarithm C Recommendati e Logarithm C s and impleme ] (as defined in Recommendati Factorization 6A, "Recom iscrete Loga es; 6A, "Recom screte Logar mes and imp her curves] 6B, "Recom er Factorizati D Copyrig yptographic K c cryptographi ion for Pair-W Cryptography ion for Pair-W Cryptography enting "NIST n FIPS PUB ion for Pair-W n Cryptograph greater than, ion for Pair-W Cryptography ion for Pair-W Cryptography enting "NIST n FIPS PUB ion for Pair-W n Cryptograph mmendation arithm Cryp mmendation rithm Crypto plementing " (as defined mmendation ion Cryptogr Date of Issue: 2 ght Canon Inc Key Material ic keys used f Wise Key " for finite fie Wise Key " for elliptic T curves" P-2 186-4, "Digit Wise Key hy" for RSA-b , a symmetric Wise Key " for finite fie Wise Key " for elliptic T curves" P-2 186-4, "Digit Wise Key hy" for RSA-b for Pair-W ptography" f for Pair-W ography" fo "NIST curve in FIPS PU for Pair-W raphy" for R 2022/07/27 c. 2021 for key eld-based 256, P-384 tal based key c key eld-based 256, P-384 tal based key Wise Key for finite Wise Key r elliptic s" P-256, UB 186-4, Wise Key SA-based FCS_CK FCS_CKM FCS_CK FCS_CKM FCS_CK FCS_CKM KM.1(b) Hierar Depen M.1.1(b) Refin Bit Ge [select [select – KM_EXT.4 Hierar Depen M_EXT.4.1 crypto KM.4 Hierar Depend M.4.1 Refinem crypto For v [assig For n Cryp rchical to: ndencies: nement: enerator as sp tion: 128 bit, 2 tion: 128 bit, 128 bit, 25 Exten rchical to: ndencies: The TS graphic critica Cryp rchical to: dencies: ment: graphic key d volatile memo gnment: othe nonvolatile st ptographic No oth [FCS_ FCS_C encryp FCS_C Encryp FCS_C FCS_C FCS_C authen FCS_C authen FCS_C Destru FCS_R Genera The TSF pecified in FC 256 bit] that m 256 bit] 56 bit nded: Cryp No oth [FCS_C keys), o FCS_C FCS_C SF shall destro al security par ptographic No oth [FCS_C keys), o FCS_C The TSF destruction me ory, the destru er mechanism torage, the des 39 key gener her componen _CKM.2 Cryp COP.1(a) Cryp ption/decryptio COP.1(d) Cry ption/Decrypt COP.1(e) Cryp COP.1(f) Cryp COP.1(g) Cry ntication) COP.1(h) Cry ntication)] CKM_EXT.4 uction RBG_EXT.1 E ation) shall generate CS_RBG_EX meet the follo ptographic er component CKM.1(a) Cry or CKM.1(b) Cry CKM.4 Crypto oy all plaintex rameters when key destr er component CKM.1(a) Cry or CKM.1(b) Cry shall destroy ethod [selectio uction shall be that ensures struction shal ration (Sym nts. tographic key ptographic Op on) yptographic Op tion) ptographic Op ptographic op yptographic Op yptographic Op Extended: Cr Extended: Cry e symmetric c XT.1 and spec owing: No St c Key Mate ts. yptographic K yptographic ke ographic key d xt secret and p n no longer ne uction ts. yptographic K yptographic ke cryptographic on: e executed by keys are dest ll be executed D Copyrig mmetric K y distribution, peration (Sym peration (AES peration (Key eration (Key E peration (for k peration (for k ryptographic K yptographic O cryptographic cified cryptog andard. erial Destr Key Generation ey generation destruction private cryptog eeded. Key Generation ey generation c keys in acco y [selection: po troyed]]. d by a [selectio Date of Issue: 2 ght Canon Inc Keys) or mmetric S Data Wrapping) Encryption) keyed-hash m keyed-hash m Key Material Operation (Ran keys using a graphic key s ruction n (for asymm (Symmetric K graphic keys a n (for asymm (Symmetric K rdance with a owering off a on: single, thr 2022/07/27 c. 2021 essage essage ndom Bit Random izes etric Keys)], and etric Keys)] a specified a device, ree or FCS_CO FCS_COP more patte by a [ proce ] that m [select For vo [assi For no mor rand follo fails ] – – [sele destr – [select – [select a sta [select – [select – OP.1(a) Cry Hierar Depen P.1.1(a) Refin specifi crypto e times] overw ern using the T [selection: rea ess shall be re meets the foll tion: olatile memo ignment: oth onvolatile sto re times] overw dom pattern u owed by a [se s, the process For volatil device, [as For nonvo three or m a pseudo r a static pat the overwr ction: poweri royed]] powering o tion: single, t single tion: a pseudo atic pattern] – a st tion: read-ver none tion: NIST SP no standard yptograph rchical to: ndencies: ement: ied cryptograp graphic key si write of key da TSF's RBG (a ad-verify, non epeated again owing: [select ry, the destru er mechanism orage, the des write of key d using the TSF election: read- shall be repe le memory, th ssignment: oth olatile storage more times] ov random patter ttern], follow ritten data fai ing off a devic off a device three or more do random pat atic pattern rify, none] P800-88, no s d hic Operati No oth [FDP_I FDP_IT FCS_C FCS_C Destruc The TSF phic algorithm izes 128-bits 40 ata storage loc (as specified in ne]. If read-ve n; tion: NIST SP uction shall b m that ensures struction shal data storage F's RBG (as sp -verify, none] eated again; he destruction her mechanis e, the destruc verwrite of ke rn using the T wed by a [sele ils, the proces ce, [assignme times] ttern using th standard] ion (Symm er component ITC.1 Import TC.2 Import o CKM.1(b) Cry CKM_EXT.4 E ction shall perform m AES operat and 256-bits cation consist n FCS_RBG_ erification of P800-88, no s be executed b s keys are des ll be executed location cons pecified in FC . If read-veri n shall be exe sm that ensur ction shall be ey data storag TSF's RBG (a ection: read-v ss shall be rep ent: other mec e TSF's RBG metric encr ts. of user data w of user data w yptographic ke Extended: Cry m encryption a ting in [assign that meets the D Copyrig ting of [select _EXT.1), a sta the overwritte standard]. y [selection: p stroyed]]. d by a [selecti sisting of [sele CS_RBG_EX ification of th ecuted by [sel es keys are d e executed b ge location co as specified i verify, none]. peated again; chanism that G (as specified ryption/dec without securit with security at ey generation yptographic K and decryptio nment: one or e following: Date of Issue: 2 ght Canon Inc tion: a pseudo atic pattern], f en data fails, powering off ion: single, th ection: a pseu XT.1), a static p he overwritte lection: powe destroyed]]. by a [selectio onsisting of [ in FCS_RBG If read-verif ensures keys d in FCS_RBG cryption) ty attributes, o ttributes, or (Symmetric K Key Material on in accordan r more modes 2022/07/27 c. 2021 o random followed the f a device, hree or udo pattern], n data ering off a on: single, selection: G_EXT.1), fication of are G_EXT.1), or Keys)] nce with a ] and FCS_CO FCS_COP [assig – [Selec – OP.1(b) (up gene Hierar Depen P.1.1(b) (upda with a that m C C C ] [selec FIPS PUB 19 [Selection: N 800-38D] gnment: one CBC, GCM ction: NIST S NIST SP 8 pdate) eration/ver rchical to: ndencies: ate) Refineme [selection: Digital Signa or greater], RSA Digital S 2048 bits or g Elliptic Curv bits or greate meets the follow Case: Digital S F Case: RSA Dig F Case: Elliptic F T n S ction: Digital Signa 97, "Advance NIST SP 800-3 or more mod M SP 800-38A, N 800-38A, NIS Crypto rification) No oth [FDP_ FDP_I FCS_C FCS_C keys)] FCS_C Destru ent: The TSF ature Algorith Signature Alg greater], or ve Digital Sign er]] wing [selectio Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). ature Algorith 41 ed Encryptio 38A, NIST SP des] NIST SP 800-3 ST SP 800-38 graphic O her componen _ITC.1 Import ITC.2 Import CKM.1 Crypto CKM.1(a) Cr ] CKM_EXT.4 uction shall perform hm (DSA) with gorithm (rDSA nature Algori on: gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined hm (DSA) with n Standard ( P 800-38B, NI 38B, NIST SP 8D peration (f nts. t of user data w of user data w ographic key ryptographic Extended: Cr m cryptograph h key sizes (m SA) with key si ithm (ECDSA) Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU h key sizes (m D Copyrig (AES)" NIST SP 800-3 P 800-38C, NI for signatu without secur with security a generation Key Generat ryptographic K hic signature modulus) of [a izes (modulus A) with key siz andard" andard" andard" " P-256, P384 UB 186-4, "Dig modulus) of [a Date of Issue: 2 ght Canon Inc 38C, NIST SP NIST SP 800-3 ure ity attributes, attributes, or tion (for asym Key Material services in ac assignment: 2 s) of [assignm zes of [assignm 4 and [selecti igital Signatur assignment: 2 2022/07/27 c. 2021 P 38D] or mmetric ccordance 2048 bits ment: ment: 256 ion: P521, re 2048 bits FCS_CO FCS_COP – [assig – [select C C C ] – OP.1(b)(tls) gene Hierar Depen P.1.1(b)(tls) R with a or greater], RSA Digital S 2048 bits or g Elliptic Curv bits or greate RSA Digit 2048 bits o nment: 2048 2048 bits tion: Case: Digital S F Case: RSA Dig F Case: Elliptic F T n S Case: RSA F ) Cryp eration/ver rchical to: ndencies: Refinement: [selection: Digital Signa or greater], RSA Digital S 2048 bits or g Elliptic Curv Signature Alg greater], or ve Digital Sign er]] tal Signature or greater] bits or greate Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). A Digital Sign FIPS PUB 186 ptographic rification) No oth [FDP_ FDP_I FCS_C FCS_C keys)] FCS_C Destru The TSF ature Algorith Signature Alg greater], or ve Digital Sign 42 gorithm (rDSA nature Algori Algorithm (r er] gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined nature Algori 6-4, "Digital S Operation er component _ITC.1 Import ITC.2 Import CKM.1 Crypto CKM.1(a) Cr ] CKM_EXT.4 uction shall perform hm (DSA) with gorithm (rDSA nature Algori SA) with key si ithm (ECDSA) rDSA) with k Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU thm Signature Stan n (for signa ts. t of user data w of user data w ographic key ryptographic Extended: Cr m cryptograph h key sizes (m SA) with key si ithm (ECDSA) D Copyrig izes (modulus A) with key siz key sizes (mo andard" andard" andard" " P-256, P384 UB 186-4, "Dig ndard" ature without secur with security a generation Key Generat ryptographic K hic signature modulus) of [a izes (modulus A) with key siz Date of Issue: 2 ght Canon Inc s) of [assignm zes of [assignm dulus) of [ass 4 and [selecti igital Signatur ity attributes, attributes, or tion (for asym Key Material services in ac assignment: 2 s) of [assignm zes of [assignm 2022/07/27 c. 2021 ment: ment: 256 signment: ion: P521, re or mmetric ccordance 2048 bits ment: ment: 256 that m C C C ] [sele – – [assi – [assig – [sele C C C ] – – bits or greate meets the follow Case: Digital S F Case: RSA Dig F Case: Elliptic F T n S ection: Digital Signa or greater], RSA Digital S 2048 bits or g Elliptic Curv bits or greate RSA Digit 2048 bits o Elliptic C [assignmen gnment: 2048 2048 bits nment: 256 b 256 bits, 3 ction: Case: Digital S F Case: RSA Dig F Case: Elliptic F T n S Case: RSA FIPS P Case: Ellip er]] wing [selectio Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). ature Algorith Signature Alg greater], or ve Digital Sign er]] tal Signature or greater] Curve Digita nt: 256 bits o 8 bits or great bits or greater 84bits Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). A Digital Sign PUB 186-4, " ptic Curve Di 43 on: gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined hm (DSA) with gorithm (rDSA nature Algori Algorithm (r al Signature or greater] ter] r] gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined nature Algori "Digital Signa igital Signatu Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU h key sizes (m SA) with key si ithm (ECDSA) rDSA) with k e Algorithm Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU thm ature Standar ure Algorithm D Copyrig andard" andard" andard" " P-256, P384 UB 186-4, "Dig modulus) of [a izes (modulus A) with key siz key sizes (mo (ECDSA) andard" andard" andard" " P-256, P384 UB 186-4, "Dig rd" m Date of Issue: 2 ght Canon Inc 4 and [selecti igital Signatur assignment: 2 s) of [assignm zes of [assignm dulus) of [ass with key 4 and [selecti igital Signatur 2022/07/27 c. 2021 ion: P521, re 2048 bits ment: ment: 256 signment: sizes of ion: P521, re FCS_CO FCS_COP [sele – OP.1(b)(ips gene Hierar Depend P.1.1(b)(ipsec) with a that m C C C ] [sele FIPS P The T other c ction: P521, n no other cu sec) Cryp eration/ver rchical to: dencies: ) Refinement [selection: Digital Signa or greater], RSA Digital S 2048 bits or g Elliptic Curv bits or greate meets the follow Case: Digital S F Case: RSA Dig F Case: Elliptic F T n S ection: Digital Signa or greater], RSA Digital S PUB 186-4, “ TSF shall imp curves] (as de no other curv urves ptographic rification) No oth [FDP_I FDP_IT FCS_C FCS_C keys)] FCS_C Destruc t: The TSF ature Algorith Signature Alg greater], or ve Digital Sign er]] wing [selectio Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). ature Algorith Signature Alg 44 “Digital Signa plement “NIS efined in FIP ves] Operation er component ITC.1 Import TC.2 Import o CKM.1 Crypto CKM.1(a) Cry CKM_EXT.4 E ction shall perform hm (DSA) with gorithm (rDSA nature Algori on: gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined hm (DSA) with gorithm (rDSA ature Standar T curves” P-2 S PUB 186-4 n (for signa ts. of user data w of user data w ographic key g yptographic K Extended: Cry m cryptograph h key sizes (m SA) with key si ithm (ECDSA) Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU h key sizes (m SA) with key si D Copyrig rd” 256, P384 an 4, “Digital Sig ature without securit with security at generation Key Generati yptographic K hic signature modulus) of [a izes (modulus A) with key siz andard" andard" andard" " P-256, P384 UB 186-4, "Dig modulus) of [a izes (modulus Date of Issue: 2 ght Canon Inc nd [selection: gnature Stand ty attributes, o ttributes, or ion (for asym Key Material services in ac assignment: 2 s) of [assignm zes of [assignm 4 and [selecti igital Signatur assignment: 2 s) of [assignm 2022/07/27 c. 2021 P521, no dard”). or mmetric ccordance 2048 bits ment: ment: 256 ion: P521, re 2048 bits ment: FCS_CO FCS_COP FCS_CO – – [assig – [assig – [select C C C ] – – [select – OP.1(c) Cry Hierar Depen P.1.1(c) Refine with [s 10118- [select – OP.1(d) Cry Hierar 2048 bits or g Elliptic Curv bits or greate RSA Digit 2048 bits o Elliptic C [assignmen nment: 2048 2048 bits nment: 256 b 256 bits, 3 tion: Case: Digital S F Case: RSA Dig F Case: Elliptic F T n S Case: RSA FIPS P Case: Ellip FIPS P The T other c tion: P521, no no other cu yptograph rchical to: ndencies: ement: selection: SHA -3:2004]. tion: SHA-1, S SHA-1, SH yptograph rchical to: greater], or ve Digital Sign er]] tal Signature or greater] Curve Digita nt: 256 bits o bits or greate bits or greater 84 bits Signature Alg FIPS PUB 186 igital Signatur FIPS PUB 186 Curve Digita FIPS PUB 186 The TSF shall no other curve Standard"). A Digital Sign PUB 186-4, " ptic Curve Di PUB 186-4, " TSF shall imp curves] (as de o other curves urves hic operatio No oth No dep The TSF A-1, SHA-256 SHA-256, SH HA-256, SHA hic operatio No oth 45 nature Algori Algorithm (r al Signature or greater] er] r] gorithm 6-4, "Digital re Algorithm 6-4, "Digital al Signature A 6-4, "Digital l implement " es] (as defined nature Algori "Digital Signa igital Signatu "Digital Signa plement "NIS efined in FIP ] on (Hash A her componen pendencies shall perform 6, SHA-384, S HA-384, SHA- A-384, SHA-5 on (AES D her componen ithm (ECDSA) rDSA) with k e Algorithm Signature Sta Signature Sta Algorithm Signature Sta "NIST curves d in FIPS PU thm ature Standar ure Algorithm ature Standar T curves" P-2 S PUB 186-4 Algorithm) nts. m cryptograph SHA-512] tha -512] 512 Data Encry nts. D Copyrig A) with key siz key sizes (mo (ECDSA) andard" andard" andard" " P-256, P384 UB 186-4, "Dig rd" m rd" 256, P384 an 4, "Digital Sig ) hic hashing se at meet the foll ption/Decr Date of Issue: 2 ght Canon Inc zes of [assignm dulus) of [ass with key 4 and [selecti igital Signatur nd [selection: gnature Stand ervices in acc lowing: [ISO/ ryption) 2022/07/27 c. 2021 ment: 256 signment: sizes of ion: P521, re P521, no dard"). ordance /IEC FCS_COP FCS_CO FCS_COP FCS_HT FCS_HTT FCS_HTT FCS_IPS Depen P.1.1(d) The crypto key siz 18033- and X [select – [select – [select XTS – OP.1(g) Cry Hierar Depend P.1.1(g) Refin accord SHA-2 messa PUB 1 "Secu [select – [assign – [select – TTPS_EXT. Hierar Depen TPS_EXT.1.1 TPS_EXT.1.2 SEC_EXT.1 ndencies: e TSF shall pe graphic algori zes [selection -3, [selection XTS as specifie tion: CBC, G XTS tion: 128 bits, 256 bits tion: CBC as S as specified XTS as sp yptograph rchical to: dencies: ement: dance with a sp 256, SHA-384 ge digest size 198-1, "The K re Hash Stan tion: SHA-1, S SHA-1, SH nment: key si 160, 256, 3 tion: 160, 224 160, 256, 3 .1 Exten rchical to: ndencies: The TS The TS 1 Exten FCS_C FCS_C Destru erform data en ithm AES use : 128 bits, 256 : CBC as spec ed in IEEE 16 GCM, XTS] , 256 bits] specified in I in IEEE 1619 ecified in IEE hic Operati No oth FCS_C FCS_C Destruc The TSF pecified crypt 4, SHA-512], es [selection: Keyed-Hash M ndard." SHA-224, SH HA-256, SHA ze (in bits) us 384 bits 4, 256, 384, 51 384 nded: HTT No oth FCS_T SF shall imple SF shall imple nded: IPse 46 CKM.1(b) Cry CKM_EXT.4 uction ncryption an ed in [selectio 6 bits] that me cified in ISO/ 619]. ISO/IEC 1011 9] EE 1619 ion (for key er component CKM.1(b) Cry CKM_EXT.4 E ction shall perform tographic algo key size [assi 160, 224, 256 Message Auth HA-256, SHA- A-384 sed in HMAC 12] TPS select her componen TLS_EXT.1 E ement the HT ement HTTPS ec selected yptographic k Extended: Cr d decryption on: CBC, GCM eet the followi /IEC 10116, G 16, GCM as sp yed-hash ts. yptographic ke Extended: Cry m keyed-hash orithm HMAC ignment: key s 6, 384, 512] bi hentication C -384, SHA-51 C] ed nts. Extended: TLS TPS protocol S using TLS a d D Copyrig key generation ryptographic K in accordanc M, XTS] mod ing: AES as s GCM as specif pecified in IS message a ey generation yptographic K message auth C-[selection: S size (in bits) u its that meet th Code, and FIP 12] S selected that complies s specified in Date of Issue: 2 ght Canon Inc n (Symmetric K Key Material e with a speci de and cryptog specified in IS ified in ISO/IE SO/IEC 19772 authentica (Symmetric K Key Material hentication in SHA-1, SHA- used in HMA he following: PS PUB 180-3 s with RFC 28 FCS_TLS_EX 2022/07/27 c. 2021 Keys) ified graphic SO/IEC IEC 19772, 2, and ation) Keys) n -224, AC], and FIPS 3, 818. XT.1. FCS_IPSE FCS_IPSE FCS_IPSE FCS_IPSE FCS_IPSE Hierar Depen EC_EXT.1.1 EC_EXT.1.2 [select – EC_EXT.1.3 otherw EC_EXT.1.4 [select with a togethe RFC 4 [select with 3602 spec – EC_EXT.1.5 Phase for ext other R [select specifi functio [select 2409 exten hash trave [sele – rchical to: ndencies: The TS The TS tion: tunnel m transport m The TS wise unmatche The TS tion: the crypt Secure Hash er with a Secu 4106, AES-GC tion: the crypt h a Secure Has 2) together wi cified in RFC 4 the crypto with a Sec by RFC 3 AES-GCM The TS 1 exchanges, tended sequen RFCs for hash tion: with no s ied in section ons]]. tion: IKEv1, u 9, RFC 4109, nded sequenc h functions]; IK ersal, with ma ection: no othe IKEv1, us No oth FIA_P FCS_C keys) FCS_C encryp FCS_C genera FCS_C FCS_C authen FCS_R Genera SF shall imple SF shall imple mode, transpor mode SF shall have ed, and discard SF shall imple tographic algo Algorithm (SH ure Hash Algo CM-256 as spe tographic algo sh Algorithm ith a Secure H 4106, AES-GC graphic algor cure Hash Al 3602) togeth M-128 as speci SF shall imple as defined in nce numbers, R h functions, RF support for NA 2.23], and [se using Main Mo [selection: no e numbers], a KEv2 as defin andatory supp er RFCs for h ing Main Mo 47 her componen PSK_EXT.1 E CKM.1(a) Cry COP.1(a) Cryp ption/decryptio COP.1(b) Cry ation/verificati COP.1(c) Cryp COP.1(g) Cry ntication) RBG_EXT.1 E ation) ement the IPse ement [selecti rt mode] a nominal, fin ds it. ement the IPse orithms AES-C HA)-based HM orithm (SHA)- ecified in RFC orithms AES-C (SHA)-based H Hash Algorithm CM-256 as sp rithms AES-C lgorithm (SH her with a S fied in RFC 4 ement the prot RFCs 2407, 2 RFC 4304 for FC 4868 for h AT traversal, w election: no oth Mode for Phase o other RFCs f and [selection: ned in RFCs 5 port for NAT tr hash functions, ode for Phase nts. Extended: Pre- yptographic K ptographic Op on) yptographic Op ion) ptographic Op yptographic Op Extended: Cry ec architecture ion: tunnel mo nal entry in th ec protocol ES CBC-128 (as s MAC, AES-CB -based HMAC C 4106]. CBC-128 (as HMAC, AES- m (SHA)-base pecified in RFC CBC-128 (as HA)-based HM Secure Hash 4106, AES-GC tocol: [selecti 2408, 2409, R extended sequ hash functions with mandator her RFCs for e 1 exchanges, for extended s no other RFC 5996, [selectio raversal as sp , RFC 4868 fo e 1 exchange D Copyrig -Shared Key C Key Generation peration (Sym peration (for s peration (Hash peration (for k yptographic O e as specified ode, transport he SPD that m SP as defined specified by R BC-256 (as sp C, AES-GCM-1 specified by R CBC-256 (as ed HMAC, AES C 4106] s specified by MAC, AES-C Algorithm ( CM-256 as spe on: IKEv1, us RFC 4109, [sel uence number s]; IKEv2 as d ry support for hash function , as defined in sequence num Cs for hash fu on: with no sup pecified in sec or hash functio es, as defined Date of Issue: 2 ght Canon Inc Composition n (for asymme mmetric signature h Algorithm) keyed-hash m Operation (Ran in RFC 4301 mode]. matches anythin by RFC 4303 RFC 3602) tog pecified by RF 128 as specifi RFC 3602) tog specified by R S-GCM-128 a y RFC 3602) CBC-256 (as (SHA)-based ecified in RFC sing Main Mod lection: no oth rs], and [selec defined in RFC r NAT traversa ns, RFC 4868 f n RFCs 2407, bers, RFC 43 unctions, RFC pport for NAT ction 2.23], an ons]] d in RFCs 24 2022/07/27 c. 2021 etric essage ndom Bit . ng that is 3 using gether FC 3602) ed in gether RFC as ) together specified d HMAC, C 4106 de for her RFCs ction: no Cs 5996, al as for hash 2408, 04 for 4868 for T d 407, 2408, FCS_IPSE FCS_IPSE FCS_IPSE FCS_IPSE FCS_IPSE [select num – [select – EC_EXT.1.6 protoc 3602 a algorit [select – [select – EC_EXT.1.7 EC_EXT.1.8 on [sel limited establi time va [select pack Phas [sele limit – [select limit – EC_EXT.1.9 MODP (384-b implem [select Rand the T – EC_EXT.1.10 [select 2409, RFC 4304 for e functions, tion: no other mbers] RFC 4304 tion: no other RFC 4868 The TS ol uses the cry and [selection thm]. tion: IKEv1, IK IKEv1 tion: AES-GC no other al The TS The TS lection: numb d to: 24 hours ished based on alues can be l tion: IKEv2 SA kets/number of se 1 SAs and 8 ection: numbe ted to: 24 hou IKEv1 SA packets/nu 24 hours fo tion: number o ted to: 24 hou length of t and 8 hour The TS P), and [select bit Random EC mented by the tion: 24 (2048 dom ECP, 5 ( TOE], no othe 19 (256-bi 0 The TS tion: RSA, ECD C 4109, [sele extended seq RFC 4868 fo r RFCs for ext for extended r RFCs for has for hash func SF shall ensur yptographic a : AES-GCM-1 IKEv2] CM-128, AES-G lgorithm SF shall ensur SF shall ensur er of packets/n for Phase 1 S n [selection: n limited to: 24 A lifetimes ca of bytes; length 8 hours for Ph er of packets/n urs for Phase 1 A lifetimes umber of byte for Phase 1 SA of packets/num urs for Phase 1 time, where t rs for Phase 2 SF shall ensur tion: 24 (2048 CP, 5 (1536-b TOE], no oth 8-bit MODP w (1536-bit MOD er DH groups] it Random EC SF shall ensur CDSA] algorith 48 ction: no oth quence numb or hash functi ended sequen d sequence nu sh functions, R ctions re the encrypt lgorithms AE 128, AES-GCM GCM-256 as s re that IKEv1 re that [selecti /number of byt SAs and 8 hou number of pac hours for Pha n be establish h of time, whe hase 2 SAs]; IK number of byte 1 SAs and 8 h can be es es ; length of As and 8 hou mber of bytes; 1 SAs and 8 h the time valu 2 SAs re that all IKE 8-bit MODP w bit MODP)), [a her DH groups with 256-bit P DP)), [assignm ] CP), 20 (384- re that all IKE hm and Pre-sh her RFCs for bers], and [se ons] ce numbers, R umbers RFC 4868 for ed payload in S-CBC-128, A M-256 as spec specified in R Phase 1 exch ion: IKEv2 SA tes; length of urs for Phase 2 ckets/number o ase 1 SAs and hed based on [ ere the time va IKEv1 SA lifet es ; length of t ours for Phas stablished b f time, where rs for Phase ; length of tim ours for Phas ues can be lim E protocols im with 256-bit PO assignment: o s]. OS), 19 (256- ment: other DH -bit Random E E protocols per hared Keys. D Copyrig extended seq election: no RFC 4304 for hash function the [selection AES-CBC-25 cified in RFC RFC 5282, no o hanges use onl A lifetimes can time, where th 2 SAs]; IKEv1 of bytes ; leng 8 hours for P [selection: num alues can be li times can be e time, where th se 2 SAs]] based on [s the time val 2 SAs] me, where the t se 2 SAs] mited to: 24 h mplement DH G OS), 19 (256-b ther DH group -bit Random E DH groups that ECP) rform Peer Au Date of Issue: 2 ght Canon Inc quence numb other RFCs extended sequ ns] n: IKEv1, IKE 6 as specified 5282, no othe other algorith ly main mode. n be establishe he time values 1 SA lifetimes gth of time, wh Phase 2 SAs]]. mber of imited to: 24 h established bas he time values selection: nu lues can be li time values ca hours for Pha Groups 14 (20 bit Random E ups that are ECP), 20 (384 t are impleme uthentication u 2022/07/27 c. 2021 bers, RFC for hash uence Ev2] d in RFC er hm] . ed based s can be can be here the hours for sed on can be umber of imited to: an be ase 1 SAs 048-bit ECP), 20 -bit ented by using the FCS_KY FCS_KYC FCS_RB FCS_RBG [select – YC_EXT.1 Hierar Depend C_EXT.1.1 BEV o using t combin deriva mainta [select more as sp encr key t – [select FCS in F – [sele – BG_EXT.1 Gene Hierar Depen G_EXT.1.1(ne in acco Hash_ [select – [select – tion: RSA, EC RSA, ECD Exten rchical to: dencies: The TS or DEK; interm the following ning as specif tion as specifi aining an effec tion: one, usin e submask(s) pecified in FC ryption as spec transport as sp intermedia using the FCS_COP specified i transport a tion: key wrap S_SMC_EXT.1 FCS_KDF_EX key combi ction: 128 bits 256 bits (network) eration) rchical to: ndencies: etwork): ordance with [ _DRBG (any), tion: ISO/IEC NIST SP 8 tion: Hash_DR CTR_DRB CDSA] DSA nded: Key No oth [FCS_C FCS_S FCS_C FCS_K FCS_C SF shall main mediate keys o method(s): [se fied in FCS_SM fied in FCS_KD ctive strength ng a submask to the BEV or CS_COP.1(e), cified in FCS_ specified in FC ate keys origi e following P.1(e), key com in FCS_COP as specified in pping as specif 1, key encrypt XT.1, key transp ining as speci s, 256 bits] Extend No oth No dep The TSF [selection: ISO HMAC_DRB C 18031:2011, 800-90A RBG (any), H BG (AES) 49 y Chaining er component COP.1(e) Cry SMC_EXT.1 E COP.1(f) Cryp KDF_EXT.1 C COP.1(i) Cryp ntain a key cha originating fro election: key w MC_EXT.1, k KDF_EXT.1, ke of [selection: as the BEV or r DEK using th key combinin _COP.1(f), key CS_COP.1(i)] inating from method(s): mbining as sp P.1(f), key de n FCS_COP. ified in FCS_C ion as specifie sport as specif ified in FCS_ ded: Crypto her componen pendencies. shall perform O/IEC 18031: BG (any), CTR NIST SP 800 HMAC_DRBG ts. yptographic op Extended: Sub ptographic ope Cryptographic tographic ope ain of: [selecti om one or mor wrapping as sp key encryption ey transport a 128 bits, 256 r DEK; interm he following m ng as specified ey derivation a ] one or more [selection: pecified in FC rivation as sp 1(i)] COP.1(e), key ed in FCS_CO fied in FCS_C _SMC_EXT.1 ographic O nts. m all determini 2011, NIST SP R_DRBG (AES 0-90A] G (any), CTR_D D Copyrig peration (Key bmask Combin eration (Key E Operation (K eration (Key T ion: one, using re submask(s) specified in FC n as specified i as specified in 6 bits]. mediate keys o method(s): [se d in FCS_SMC as specified in e submask(s) key wrapp CS_SMC_EX specified in F y combining as OP.1(f), key de COP.1(i)] 1 Operation stic random b SP 800-90A] u S)]. DRBG (AES)] Date of Issue: 2 ght Canon Inc Wrapping), ning, Encryption), Key Derivation Transport)] g a submask a ) to the BEV o CS_COP.1(e), in FCS_COP. FCS_COP.1( originating fro election: key w C_EXT.1, key n FCS_KDF_E ) to the BEV ing as spe XT.1, key encr FCS_KDF_EX s specified in erivation as sp (Random B bit generation using [selection ] 2022/07/27 c. 2021 n), and/or as the or DEK , key 1(f), key (i)]] while om one or wrapping EXT.1, V or DEK ecified in ryption as XT.1, key pecified Bit services n: FCS_RBG FCS_RB FCS_RBG FCS_RBG FCS_SM G_EXT.1.2(ne that ac softwa hardwa least e "Secur [select [assi – [assign – [select – BG_EXT.1(s Hierar Depen G_EXT.1.1(ss accord Hash_ [select – [select – G_EXT.1.2(ss accum softwa hardwa least e "Secur [select [assi [assign – [select – MC_EXT.1 Hierar Depen etwork): ccumulates ent are-based nois are-based nois qual to the gre rity Strength T tion: [assignm ignment: num [assignmen nment: numbe 1 tion: 128 bits, 256 bits ssd) Exten rchical to: ndencies: d): The TS dance with [se _DRBG (any), tion: ISO/IEC NIST SP 8 tion: Hash_DR Hash_DRB d): The de mulates entropy are-based nois are-based nois qual to the gre rity Strength T tion: [assignm ignment: num – [ass sou nment: numbe 1 tion: 128 bits, 256 bits Exten rchical to: ndencies: The deter tropy from [se se source(s), [a se source(s)] w eatest security Table for Hash ment: number o mber of hardwa nt: number of er of hardwar 256 bits] nded: Cryp No oth No dep SF shall perfo lection: ISO/I HMAC_DRB C 18031:2011, 800-90A RBG (any), H BG (SHA-25 eterministic R y from [select se source(s), [a se source(s)] w eatest security Table for Hash ment: number o mber of hardwa signment: nu rce(s) er of hardwar 256 bits] nded: Sub No oth FCS_C 50 rministic RBG election: [assi assignment: n with a minimu y strength, acc h Functions", of software-ba are-based sou f hardware-b re-based sourc ptographic her componen pendencies. orm all determ IEC 18031:20 BG (any), CTR NIST SP 800 HMAC_DRBG 6) RBG shall be s tion: [assignm assignment: n with a minimu y strength, acc h Functions", of software-ba are-based sou umber of ha re-based sourc bmask Com her componen COP.1(c) Cryp G shall be seed gnment: numb umber of hard um of [selecti cording to ISO of the keys an ased sources] urces] hardwar ased sources ces] c Operatio nts. ministic random 011, NIST SP 8 R_DRBG (AES 0-90A] G (any), CTR_D eeded by at le ment: number o umber of hard um of [selecti cording to ISO of the keys an ased sources] urces] hardwar ardware-base ces] mbining nts. ptographic op D Copyrig ded by at least ber of softwar dware-based s on: 128 bits, 2 O/IEC 18031:2 nd hashes that software-base re-based noise s] hardware-b n (Random m bit generatio 800-90A] usin S)]. DRBG (AES)] east one entrop of software-ba dware-based s on: 128 bits, 2 O/IEC 18031:2 nd hashes that software-base re-based noise d sources] h peration (Hash Date of Issue: 2 ght Canon Inc t one entropy re-based sourc sources] 256 bits] of en 2011 Table C. t it will genera ed noise sourc e source(s)] based noise so m Bit Gene on services in ng [selection: ] py source that ased sources] sources] 256 bits] of en 2011 Table C. t it will genera ed noise sourc e source(s)] hardware-bas h Algorithm) 2022/07/27 c. 2021 source ces] ntropy at .1 ate. ce(s), ource(s) eration) n t ntropy at .1 ate. ce(s), sed noise FCS_SMC FCS_TL FCS_TLS_ C_EXT.1.1: OR (X [select S_EXT.1 Hierar Depend _EXT.1.1The 2246), Manda Option [select The TS XOR), SHA-25 tion: exclusive – SHA Exten rchical to: dencies: e TSF shall im TLS 1.1 (RFC atory Ciphersu TLS_RSA nal Ciphersuit tion: None TLS_RSA TLS_DH TLS_DH TLS_RSA TLS_RSA TLS_DH TLS_DH TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD SF shall comb 6, SHA-512] t e OR (XOR), S A-256 nded: TLS No oth FCS_C FCS_C encrypt FCS_C generat FCS_C FCS_C authent FCS_R Genera mplement one C 4346), TLS uites: A_WITH_AE tes: A_WITH_AE HE_RSA_WIT HE_RSA_WIT A_WITH_AE A_WITH_AE HE_RSA_WIT HE_RSA_WIT DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA 51 bine submasks to generate an SHA-256, SHA S selected er component CKM.1(a) Cry COP.1(a) Cryp tion/decryptio COP.1(b) Cryp tion/verificatio COP.1(c) Cryp COP.1(g) Cryp tication) RBG_EXT.1 E ation) or more of the 1.2 (RFC 524 ES_128_CBC_ ES_256_CBC TH_AES_128 TH_AES_256 ES_128_CBC ES_256_CBC TH_AES_128 TH_AES_256 WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE WITH_AES_ WITH_AES_ WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE s using the fol n intermediary A-512 ] ts. yptographic Ke ptographic Op on) ptographic Op on) ptographic Op ptographic Op Extended: Cry e following pr 46)] supportin _SHA C_SHA 8_CBC_SHA 6_CBC_SHA C_SHA256 C_ SHA256 8_CBC_ SHA 6_CBC_ SHA _128_CBC_S _256_CBC_S ES_128_CBC ES_256_CBC _128_CBC_S _256_CBC_S _128_GCM_S _256_GCM_S ES_128_GCM ES_256_GCM D Copyrig llowing metho y key or BEV. ey Generation peration (Symm peration (for si peration (Hash peration (for k yptographic Op rotocols [selec g the followin A A A256 A256 SHA SHA C_SHA C_SHA SHA256 SHA384 SHA256 SHA384 M_SHA256 M_SHA384 Date of Issue: 2 ght Canon Inc od [selection: n (for asymme metric ignature h Algorithm) keyed-hash me peration (Ran ction: TLS 1.0 ng ciphersuite 2022/07/27 c. 2021 exclusive etric keys) essage ndom Bit 0 (RFC s: 6.2.4 C FDP_AC ]. [select – [select ]. Class FDP CC.1 Subs Hierar Depen TLS_ECD TLS_ECD tion: TLS 1.0 TLS 1.2 (R tion: None TLS_RSA TLS_DH TLS_DH TLS_RSA TLS_RSA TLS_DH TLS_DH TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_RSA TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD TLS_ECD : User Data set access rchical to: ndencies: DHE_ECDSA DHE_ECDSA (RFC 2246), T RFC 5246) A_WITH_AE HE_RSA_WIT HE_RSA_WIT A_WITH_AE A_WITH_AE HE_RSA_WIT HE_RSA_WIT DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA DHE_ECDSA DHE_ECDSA A_WITH_AE DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_RSA_W DHE_ECDSA DHE_ECDSA a Protectio s control No oth FDP_A 52 A_WITH_AE A_WITH_AE TLS 1.1 (RFC ES_256_CBC TH_AES_128 TH_AES_256 ES_128_CBC ES_256_CBC TH_AES_128 TH_AES_256 WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE WITH_AES_ WITH_AES_ WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE A_WITH_AE A_WITH_AE ES_256_CBC WITH_AES_ WITH_AES_ WITH_AES_ WITH_AES_ A_WITH_AE A_WITH_AE on her componen ACF.1 Securit ES_128_CBC ES_256_CBC C 4346), TLS 1 C_SHA 8_CBC_SHA 6_CBC_SHA C_SHA256 C_ SHA256 8_CBC_ SHA 6_CBC_ SHA _128_CBC_S _256_CBC_S ES_128_CBC ES_256_CBC _128_CBC_S _256_CBC_S _128_GCM_S _256_GCM_S ES_128_GCM ES_256_GCM ES_128_CBC ES_256_CBC C_SHA _128_CBC_S _256_CBC_S _128_GCM_S _256_GCM_S ES_128_GCM ES_256_GCM nts. ty attribute ba D Copyrig C_SHA256 C_SHA384 1.2 (RFC 5246 A A A256 A256 SHA SHA C_SHA C_SHA SHA256 SHA384 SHA256 SHA384 M_SHA256 M_SHA384 C_SHA256 C_SHA384 SHA SHA SHA256 SHA384 M_SHA256 M_SHA384 ased access co Date of Issue: 2 ght Canon Inc 6)] ontrol 2022/07/27 c. 2021 FDP_ACC FDP_AC FDP_ACF FDP_ACF FDP_ACF FDP_ACF Prin Sca C.1.1 Refinem and op CF.1 Secu Hierar Depend F.1.1 Refinem follow F.1.2 Refinem contro subjec Table F.1.3 Refinem follow Contro objects [assign secu – F.1.4 Refinem additio based [assign secu – nt Job ow U.ADM U.NOR Unauth an Job ow U.ADM U.NOR ment: The TS perations amon urity attribu rchical to: dencies: ment: The TS wing: subjects, ment: The TS lled subjects a cts and contro 15 and Table ment: The TS wing additional ol SFP, based s]. nment: rules t urity attributes None ment: The TS onal rules: [as on security at nment: rules t urity attributes None Table 15 Operation: wner MIN RMAL henticated Operation: wner MIN RMAL SF shall enfor ng subjects an ute based No oth FDP_A FMT_M SF shall enfor objects, and a SF shall enfor and controlled olled objects u e 16. SF shall expli l rules: [assign d on security a that do not co s, that explicit SF shall expli signment: rul ttributes, that that do not co s, that explicit - D.USER.D "Create Submit document t printed (note 1 allowed allowed allowed denied Submit document scannin (note 2 allowed allowed allowed 53 rce the User D nd objects spe access co er component ACC.1 Subset MSA.3 Static rce the User D attributes spec rce the follow d objects is all using controlle icitly authorise nment: rules t attributes, that onflict with th tly authorise a icitly deny acc les that do not explicitly deny onflict with th tly deny acces DOC Acces e" "R a to be d View or R pri ou ) d allo d de d de d de a t for ng View s im ) d allo d de d de Data Access C cified in Tabl ontrol ts. access contro c attribute init Data Access C cified in Tabl ing rules to de lowed: rules g ed operations e access of sub that do not co t explicitly au e User Data A access of subje cess of subject t conflict with ny access of su e User Data A ss of subjects t ss Control S Read" w image Release inted utput M owed enied enied enied scanned mage M owed enied enied D Copyrig Control SFP o le 15 and Tab ol tialization Control SFP t e 15 and Tab etermine if an governing acc s on controlled bjects to objec onflict with th thorise access Access Contro ects to objects ts to objects b h the User Da ubjects to obje Access Contro to objects] SFP "Modify" Modify stored document allowed denied denied denied Modify stored image allowed denied denied Date of Issue: 2 ght Canon Inc on subjects, ob ble 16. to objects base ble 16. n operation am cess among co d objects spec cts based on th e User Data A s of subjects to ol SFP, based s] based on the fo ata Access Con ects]. ol SFP, based "Delete" Delete stor documen allowed allowed denied denied Delete stor image allowed allowed denied 2022/07/27 c. 2021 bjects, ed on the mong ontrolled cified in he Access o d on ollowing ntrol SFP, d on " red nt red Cop Fax se Fax recei Stora retrie Prin Unauth py Job ow U.ADM U.NOR Unauth end Job ow U.ADM U.NOR Unauth x ive Fax ow U.ADM U.NOR Unauth ge / eval Job ow U.ADM U.NOR Unauth nt Job ow henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated Table 16 Operation: wner denied Submit a document f copying (note 2 allowed allowed allowed denied Submit documen send as a f (note 2 allowed allowed allowed denied Receive a f and store it (note 3 allowed (note 4 allowed (note 4 allowed allowed Store document (note 1 allowed allowed allowed denied - D.USER.J "Create" Create pri job (note 1) allowed 54 d de for View s image Releas printe outpu ) d allo d de d de d de a t to fax View s im ) d allo d de d de d de fax t View f image Releas printe outpu ) d allo ) d allo ) d de d de Retrie stored docum ) d allo d allo d de d de JOB Acces " * "R int View queu ) d allo enied scanned e or se ed copy t Mo im owed enied enied enied scanned mage M owed enied enied enied fax e or se ed fax t Mo of fax owed owed enied enied eve d ment Mo do owed owed enied enied ss Control S ead" " w print ue / log M owed D Copyrig denied Modify stored mage allowed denied denied denied Modify stored image allowed denied denied denied Modify image f received x allowed allowed denied denied Modify stored ocument allowed denied denied denied SFP "Modify" Modify print job allowed Date of Issue: 2 ght Canon Inc denied Delete store image allowed allowed denied denied Delete stor image allowed allowed denied denied Delete imag of received fax allowed allowed denied denied Delete store document allowed allowed denied denied "Delete" Cancel prin job allowed 2022/07/27 c. 2021 ed red ge ed nt Sca Cop Fax se Fax recei Stora retrie Applica The fol Note 1: U.ADM U.NOR Unaut an Job ow U.ADM U.NOR Unaut py Job ow U.ADM U.NOR Unaut end Op Job ow U.ADM U.NOR Unaut x ive Fax ow U.ADM U.NOR Unaut age / eval Job ow U.ADM U.NOR Unaut ation notes: lowing Notes Job Owner is MIN RMAL henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated peration: wner MIN RMAL henticated Operation: wner MIN RMAL henticated Operation: wner MIN RMAL henticated that are refere s identified by allowed allowed denied Create sca job (note 2) allowed allowed allowed denied Create cop job (note 2) allowed allowed allowed denied Create fa send job (note 2) allowed allowed allowed denied Create fax receive job (note 3) allowed (note 4) allowed (note 4) allowed allowed Create stor / retrieval j (note 2) allowed allowed allowed denied enced in Tabl y a credential o 55 d allo d den den an View statu ) d allo d allo d allo den opy View statu ) d allo d allo d den den ax b View f queu ) d allo d allo d allo den View f receive / log ) d allo ) d allo ) d allo d den rage job View s retriev ) d allo d allo d allo den e 15 and Tabl or assigned to owed nied nied w scan us / log M owed owed owed nied w copy us / log M owed owed nied nied fax job ue / log M owed owed owed nied fax e status Mo rec owed owed owed nied storage / val log Mo sto ret owed owed owed nied le 16: o an authorized D Copyrig denied denied denied Modify scan job allowed allowed denied denied Modify copy job denied denied denied denied Modify fax send job allowed allowed denied denied Modify fax ceive job denied denied denied denied Modify orage / trieval job denied denied denied denied d User as part Date of Issue: 2 ght Canon Inc allowed denied denied Cancel scan job allowed allowed denied denied Cancel copy job allowed allowed denied denied Cancel fax send job allowed allowed denied denied Cancel fax receive job denied allowed denied denied Cancel storage / retrieval job allowed allowed denied denied t of the proces 2022/07/27 c. 2021 n y x b ss of submitt Note 2: or retrie Note 3: faxes is Note 4: FDP_DS FDP_DSK FDP_DSK FDP_FX FDP_FXS_ 6.2.5 C FIA_AFL FIA_AFL. ting a print or Job Owner is eval Job. Job Owner o s assigned to a PSTN faxes a SK_EXT.1 E Hierar Depen K_EXT.1.1 use a s certifie Device [select Field the F – K_EXT.1.2 XS_EXT.1 Hierar Depen _EXT.1.1The User D Class FIA: L.1 Auth Hierar Depen .1.1 The TS config authen [select with – storage Job. s assigned to a f received fax a specific user are received f Extended: rchical to: ndencies: The TS self-encrypting ed to conform e contains no p tion: perform d-Replaceable FDE EE cPP] perform en The TS Exten rchical to: ndencies: e TSF shall pr Data using fax Identificat hentication rchical to: ndencies: SF shall detec urable positiv ntication attem tion: [assignm hin [assignmen an admin acceptable an authorized xes is assigned r or U.ADMIN from outside o Protect No oth FCS_C Encryp SF shall [selec g Field-Repla to the FDE E plaintext User encryption in e Nonvolatile ] ncryption in a SF shall encry nded: Fax No oth No dep rohibit commu x protocols. ion and Au n failure ha No oth FIA_U ct when [selec ve integer with mpts occur rela ment: positive nt: range of ac istrator conf e values] 56 User as part o d by default or N role. of the TOE, th tion of Dat her componen COP.1(d) Cry ption/Decrypt ction: perform aceable Nonvo EE cPP], such r Document D accordance w Storage Devi accordance w ypt all protecte separatio her componen pendencies. unication via t uthenticatio andling her componen UAU.1 Timing tion: [assignm hin [assignmen ated to [assign integer numbe cceptable valu figurable po of the process r configuration hey are not init ta on Disk nts. yptographic op tion). m encryption in olatile Storage h that any Field Data and no pl with FCS_CO ice that is sepa with FCS_COP ed data withou n nts. the fax interfa on nts. g of authentica ment: positive nt: range of ac nment: list of a er], an admini ues]] ositive intege D Copyrig of initiating a n. Minimally, tiated by User peration (AES n accordance e Device that i d-Replaceable aintext Confid OP.1(d), use a arately CC ce P.1(d) ut user interve ace, except tran ation integer numb cceptable valu authentication istrator config er within [a Date of Issue: 2 ght Canon Inc a scan, copy, f ownership of rs of the TOE. Data with FCS_CO is separately C e Nonvolatile dential TSF D self-encryptin rtified to conf ention. nsmitting or r er], an admini ues]] unsucce n events]. gurable positiv assignment: 2022/07/27 c. 2021 fax send, f received . OP.1(d), CC Storage Data. ng form to receiving istrator ssful ve integer range of FIA_AFL. FIA_ATD FIA_ATD FIA_PMG FIA_PMG FIA_PSK [assign – [assign – .1.2 When surpas [select – [assign – D.1 User Hierar Depen .1.1 The TS [assign [assign – G_EXT.1 Hierar Depen G_EXT.1.1 passwo [select – [assign – K_EXT.1 Hierar Depen nment: range positive in nment: list of Login attem the defined nu sed], the TSF tion: met, surp met nment: list of lock out un r attribute d rchical to: ndencies: SF shall main nment: list of s nment: list of User Name Exten rchical to: ndencies: The TS ords: Passwords sh letters, numb "^", "&", "*" Minimum pas to require pas tion: "!", "@" "!", "@", " nment: other c "(space)", "{", "|", "} Exten rchical to: ndencies: of acceptable nteger within f authenticatio mpts from th umber of unsu shall [assignm passed] f actions] ntil preset tim definition No oth No dep tain the follow security attrib f security attrib e, Role nded: Pas No oth No dep SF shall provi hall be able to ers, and the fo , "(", ")", [assi ssword length sswords of 15 , "#", "$", "% "#", "$", "%", characters] """, "'", "+", ", "~" nded: Pre- No oth FCS_R Genera 57 e values] 1 to 10 n events] e control pan uccessful auth ment: list of a me has passed her componen pendencies. wing list of se butes]. butes] sword Ma her componen pendencies. ide the follow be composed ollowing spec ignment: othe h shall be setta characters or ", "^", "&", "* , "^", "&", "* ",", "-", "/", -Shared Ke her componen RBG_EXT.1 E ation) nel or remote hentication att ctions]. d that can set nts. curity attribut nagement nts. wing password of any combi ial characters: er characters]] able by an Adm greater; *", "(", ")", [as ", "(", ")", [as ":", ";", "<", ey Compo nts. Extended: Cry D Copyrig UIs or Printe empts has bee in 1 - 60 min tes belonging management ination of upp : [selection: "! ]; ministrator, an ssignment: oth ssignment: ot "=", ">", "?" osition yptographic O Date of Issue: 2 ght Canon Inc er Driver. en [selection: nutes to individual capabilities fo per and lower !", "@", "#", " nd have the ca her character ther character , "[", "¥", "]" Operation (Ran 2022/07/27 c. 2021 met, users: for User case "$", "%", apability rs]] rs] ", "_", "`", ndom Bit FIA_PSK_ FIA_PSK_ FIA_PSK_ FIA_UAU FIA_UAU FIA_UAU FIA_UAU FIA_UAU _EXT.1.1 The _EXT.1.2 The [select – [assign – _EXT.1.3 The SHA-5 other p using t [select – [assig – [select pre- – U.1 Timin Hierar Depen U.1.1 Refinem with th not ch [assign SFP – U.1.2 The TS TSF-m U.7 Prote Hierar Depen U.7.1 The TS e TSF shall be e TSF shall be 22 character lengths]; composed o characters ( tion: [assignm [assignmen nment: other s Up to 24 c e TSF shall co 512, [assignme pre-shared key the random bi tion: SHA-1, S SHA-1, SH gnment: meth SHA-384 tion: use no o shared keys u use no oth ng of auth rchical to: ndencies: ent: The TS he User Data ange any TSF nment: list of P, and do not p Submit Fa SF shall requi mediated action ected auth rchical to: ndencies: SF shall provi e able to use p e able to accep rs in length an of any combin that include: " ment: other sup nt: other supp supported len characters ondition the te ent: method of ys; accept bit- it generator sp SHA-256, SHA HA-256, [assi od of conditio ther pre-share using the rand er pre-shared entication No oth FIA_U SF shall allow Access Contr F data] on beh f TSF mediated provide access x receive job ire each user t ns on behalf o hentication No oth FIA_U ide only [assig 58 pre-shared key pt text-based p nd [selection: nation of upper "!", "@", "#", pported length ported length gths] ext-based pre-s f conditioning -based pre-sh pecified in FC A-512, [assign ignment: met oning text strin ed keys; accep dom bit genera d keys her componen UID.1 Timing w [assignment rol SFP, and d half of the use d actions that s to D.TSF.CO b o be successfu of that user. n feedback her componen UAU.1 Timing gnment: list of ys for IPsec. pre-shared key [assignment: r and lower ca "$", "%", "^" hs], no other l hs] shared keys by g text string]] a ared keys; gen CS_RBG_EXT nment: method thod of condi ng] pt bit-based pr ator specified nts. of identificati : list of TSF m do not provide er to be perfor do not conflic ONF, and do n ully authentica k nts. g of authentica f feedback] to D Copyrig ys that are: other support ase letters, num , "&", "*", "(" lengths] y using [selec and be able to nerate bit-bas T.1]. d of condition tioning text s re-shared key in FCS_RBG_ ion mediated actio de access to D. rmed before th ct with the Use not change an ated before al ation the user whil Date of Issue: 2 ght Canon Inc ted lengths], n mbers, and sp ", and ")"). ction: SHA-1, S o [selection: us sed pre-shared ing text string tring] ys; generate bi _EXT.1] ons that do no .TSF.CONF, he user is auth er Data Acces ny TSF data] llowing any ot e the authenti 2022/07/27 c. 2021 no other pecial SHA-256, se no d keys g]] it-based t conflict and do henticated. ss Control ther cation is FIA_UID FIA_UID. FIA_UID. FIA_USB FIA_USB. FIA_USB. FIA_USB. 6.2.6 C FMT_MO in prog [assign – D.1 Timin Hierar Depen 1.1 Refineme with th not ch [assign Con – 1.2 The TS TSF-m B.1 User Hierar Depen .1.1 The TS of that [assign – .1.2 The TS with su attribu [assign – .1.3 The TS associa attribu [assign – Class FMT OF.1 Mana Hierar Depend gress. nment: list of f *, ● ng of identi rchical to: ndencies: ent: The TS he User Data ange any TSF nment: list of ntrol SFP, and Submit Fa SF shall requi mediated action r-subject b rchical to: ndencies: SF shall assoc t user: [assignm nment: list of User Name SF shall enfor ubjects acting utes]. nment: rules f None SF shall enfor ated with subj utes]. nment: rules f None : Security agement o rchical to: dencies: f feedback] fication No oth No dep SF shall allow Access Contr F data] on beh f TSF-mediated d do not provi x receive job ire each user t ns on behalf o binding No oth FIA_A ciate the follow ment: list of u user security e, Role rce the followi g on the behalf for the initial a rce the followi jects acting on for the changi Manageme of security No oth FMT_S 59 her componen pendencies. w [assignment rol SFP, and d half of the use d actions that ide access to D b o be successfu of that user. her componen ATD.1 U wing user secu user security a attributes] ing rules on th f of users: [ass association of ing rules gove n the behalf of ing of attribut ent functions er component SMR.1 Se nts. : list of TSF-m do not provide er to be perfor t do not confli D.TSF.CONF ully identified nts. User attribute d urity attribute attributes]. he initial assoc signment: rule f attributes] erning change f users: [assign es] behavior ts. ecurity roles D Copyrig mediated actio de access to D. rmed before th ict with the Us F, and do not d before allow definition s with subject ciation of user es for the initi es to the user s nment: rules f Date of Issue: 2 ght Canon Inc ons that do no .TSF.CONF, he user is iden User Data Acce change any T wing any other ts acting on th r security attri ial association security attribu for the changi 2022/07/27 c. 2021 ot conflict and do ntified. ess TSF data] he behalf ibutes n of utes ing of FMT_MO FMT_MS FMT_MSA FMT_MS FMT_MSA OF.1.1 Refinem enable [select – [assign – SA.1 Mana Hierar Depend A.1.1 Refinem [select attribu [select – [assig – [assign – [assign Security at User Name Role SA.3 Static Hierar Depen A.3.1 Refinem ment: The TS e, modify the b tion: determin disable, ena nment: list of f TLS agement o rchical to: dencies: ment: The TS tion: change_d utes [assignme tion: change_ query, mod gnment: other create nment: list of Refer to " nment: the au – Ref Table 17 ttributes e c attribute rchical to: ndencies: ment: The TS FMT_S SF shall restri behaviour of] t ne the behavio able f functions] of security No oth FDP_A FMT_S FMT_S SF shall enfor default, query ent: list of secu _default, query dify, delete, [ operations] f security attrib Security attri uthorised ident fer to " Autho - Managem Operation query create,delete query create,modify e initializat No oth FMT_ FMT_ SF shall enfor 60 SMF.1 Sp ict the ability t the functions our of, disable attributes er component ACC.1 Su SMR.1 Se SMF.1 Sp rce the User D y, modify, dele urity attribute y, modify, dele [assignment: butes] ibutes " in Ta tified roles] orised role(s)" ment of secu y,delete ion her componen _MSA.1 M _SMR.1 Se rce the User D pecification o to [selection: [assignment: e, enable, mod ts. ubset access c ecurity roles pecification o Data Access C ete, [assignme s] to [assignm ete, [assignme other operati able 17 - Man " in Table 17 urity attribu Authorised r U.ADMIN, the owning U U.ADMIN U.ADMIN U.ADMIN nts. Management of ecurity roles Data Access C D Copyrig f Managemen determine the list of function dify the behavi control f Managemen Control SFP t ent: other oper ment: the autho ent: other oper ons] nagement secu - Manageme utes role(s) U.NORMAL f security attri Control SFP t Date of Issue: 2 ght Canon Inc nt Functions e behaviour of ns] to U.ADM iour of] nt Functions to restrict the rations]] the s orised identifi rations]] urity attribute ent security at ibutes to provide [se 2022/07/27 c. 2021 f, disable, MIN. ability to security ied roles]. es ttributes lection, FMT_MSA FMT_MT FMT_MTD FMT_SM FMT_SMF choose attribu [select – A.3.2 Refinem initial [select – TD.1 Mana Hierar Depend D.1.1 Refinem specifi Data User passw Audit log Date/Time IPSec setti TLS setting Auto Reset Lockout po Password p Audit log e Firmware MF.1 Spec Hierar Depen F.1.1: The e one of: restr utes that are us tion, choose o restrictive ment: The TS values to over tion: U.ADMI no role agement o rchical to: dencies: ment: The TS ied TSF Data Table word e setting ngs gs t Time setting olicy settings policy setting export setting cification o rchical to: ndencies: e TSF shall be rictive, permis sed to enforce one of: restrict SF shall allow rride the defau IN, no role] of TSF data No oth FMT_S FMT_S SF shall restri a to the roles 18- Device g s gs gs of Managem No oth No dep e capable of pe 61 ssive, [assignm the SFP. tive, permissiv w the [selection ult values whe a er component SMR.1 Se SMF.1 Sp ict the ability t specified in T manageme Operation create, delet modify query modify query, modi query, modi query, modi query, modi query, modi query, modi modify ment Func her componen pendencies. erforming the ment: other pr ve, [assignme n: U.ADMIN, en an object o ts. ecurity roles pecification o to perform th Table 18. ent Function te ify ify ify ify ify ify ctions nts. following ma D Copyrig roperty]] defau nt: other prop N, no role] to s or information f Managemen he specified o n Authorised r U.ADMIN U.ADMIN, the owning U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN U.ADMIN anagement fun Date of Issue: 2 ght Canon Inc ult values for perty]] pecify alterna is created. nt Functions operations on role(s) U.NORMAL nctions: [assig 2022/07/27 c. 2021 security ative the L gnment: FMT_SM FMT_SMR FMT_SMR 6.2.7 C There are n 6.2.8 C FPT_KY FPT_KYP FPT_SK FPT_SKP_ FPT_STM list of m [assign – MR.1 Secu Hierar Depen R.1.1 Refinem R.1.2 The T Class FPR no class FPR Class FPT: YP_EXT.1 E Hierar Depen P_EXT.1.1 Re specifi KP_EXT.1 E Hierar Depen _EXT.1.1The M.1 Relia management f nment: list of Refer to T Ta Managem User Man Date/Tim IPSec sett TLS settin Auto Rese Lockout p Password Audit log Trusted U urity roles rchical to: ndencies: ment: The TS SF shall be a : Privacy R requirement : Protection Extended: rchical to: ndencies: efinement: ied by FCS_K Extended: rchical to: ndencies: e TSF shall pr able time s functions prov f management f able 19. ble 19– Man ment Function negement Fun me setting Man tings Manege ngs Manegem et Time settin policy setting d policy settin Manegemen Update Maneg No oth FIA_U SF shall main able to associa s. n of the TS Protect No oth No dep The TSF KYC_EXT.1 in Protect No oth No dep revent reading stamps 62 vided by the T functions pro nagement F ns nction negement Fun ement Functio ment Function ng Manegeme gs Manegeme ngs Manegem nt Function gement Funct her componen UID.1 Ti ntain the roles ate users with SF tion of Key her componen pendencies. shall not store n any Field-R tion of TSF her componen pendencies. g of all pre-sha TSF]. vided by the T unctions nction on n ent Function nt Function ment Function tion nts. iming of ident U.ADMIN, U h roles. y and Key nts. e plaintext key Replaceable N F Data nts. ared keys, sym D Copyrig TSF] tification U.NORMAL Material ys that are par Nonvolatile St mmetric keys, Date of Issue: 2 ght Canon Inc rt of the keych torage Device and private k 2022/07/27 c. 2021 hain e. eys. FPT_STM FPT_TST FPT_TST_ FPT_TU FPT_TUD FPT_TUD FPT_TUD 6.2.9 C There are n 6.2.10 C FTA_SS FTA_SSL. Hierar Depen M.1.1 The TS T_EXT.1 Hierar Depen _EXT.1.1The the cor D_EXT.1 Hierar Depend D_EXT.1.1 version D_EXT.1.2 TOE f D_EXT.1.3 using a installi [select – Class FRU no class FRU Class FTA: L.3 (LUI) Hierar Depen .3.1 (LUI) user in [assign – rchical to: ndencies: SF shall be ab Exten rchical to: ndencies: e TSF shall ru rrect operation Exten rchical to: dencies: The TS n of the TOE The TS firmware/softw The TS a digital signa ing those upda tion: publishe no other fu : Resource U requirement : TOE Acce TSF- rchical to: ndencies: The TS nactivity]. nment: time in User inacti No oth No dep ble to provide nded: TSF No oth No dep un a suite of se n of the TSF. nded: Trus No oth FCS_C generat FCS_C SF shall provi firmware/soft SF shall provi ware. SF shall provi ature mechanis ates. ed hash, no oth unctions e Utilization ts. ess initiated te No oth No dep SF shall termi nterval of user ivity at the co 63 her componen pendencies. reliable time F testing her componen pendencies. elf-tests during sted Upda er component COP.1(b) Cryp tion/verificatio COP.1(c) Cryp ide authorized tware. ide authorized ide a means to sm and [select her functions] n ermination her componen pendencies. inate an intera r inactivity] ontrol panel l nts. stamps. nts. g initial start-u te ts. ptographic Op on), ptographic ope d administrato d administrato o verify firmw tion: publishe n nts. active session asting for the D Copyrig up (and power peration (for si eration (Hash ors the ability t ors the ability t ware/software u ed hash, no oth after a [assign e specified pe Date of Issue: 2 ght Canon Inc r on) to demon ignature Algorithm). to query the c to initiate upd updates to the her functions] nment: time in eriod of time 2022/07/27 c. 2021 nstrate urrent dates to e TOE prior to nterval of FTA_SS FTA_SSL. 6.2.11 C FTP_ITC FTP_ITC. FTP_ITC. FTP_ITC. FTP_TR L.3 (RUI) Hierar Depen .3.1 (RUI) user in [assign – Class FTP: C.1 Inter- Hierar Depend .1.1 Refineme trusted follow is logic end po the ch [select – [select – [assig – .1.2 Refineme commu .1.3 Refineme of serv [assign P.1(a) Tru Hierar Depend TSF- rchical to: ndencies: The TS nactivity]. nment: time in User inacti : Trusted P -TSF trust rchical to: dencies: ent: The TS d communica wing capabilit cally distinct f oints and prote hannel data. tion: IPsec, S IPsec tion: authenti [assignmen gnment: other File server ent: The TS unication via ent: The TS vices for whic nment: list of – Sen usted path rchical to: dencies: initiated te No oth No dep SF shall termi nterval of user ivity at the R Paths/Chan ed channe No oth [FCS_I FCS_T FCS_S FCS_H SF shall use [ ation channel b ies: [selection from other co ection of the c SSH, TLS, TL tication server nt: other cap capabilities] r, Audio log s SF shall perm the trusted ch SF shall initia ch the TSF is f services for w nd service, Au h (for Adm No oth [FCS_I 64 ermination her componen pendencies. inate an intera r inactivity] Remote UI las nnels el er component IPSEC_EXT.1 TLS_EXT.1 Ex SSH_EXT.1 E HTTPS_EXT.1 selection: IPs between itself n: authenticat mmunication channel data fr LS/HTTPS] r, [assignmen abilities] server, Time s mit the TSF, or hannel ate communica able to initiat which the TSF udit log servic inistrators er component IPSEC_EXT.1 n nts. active session ting for the sp ts. 1 Extended: IP xtended: TLS xtended: SSH 1 Extended: H sec, SSH, TLS f and authoriz tion server, [a channels and rom disclosur t: other capab server r the authoriz ation via the tr te communica F is able to in ce, Time serv s) ts. 1 Extended: IP D Copyrig after a [assign pecified perio Psec selected, selected, or H selected, or HTTPS selecte S, TLS/HTTP zed IT entitie assignment: o provides assu re and detecti bilities]] zed IT entitie rusted channe ations]. nitiate commu vice Psec selected, Date of Issue: 2 ght Canon Inc nment: time in od of time , or ed]. PS] to provide es supporting other capabilit ured identifica ion of modifi es, to initiate el for [assignm unications] , or 2022/07/27 c. 2021 nterval of e a the ties]] that ation of its cation of ment: list FTP_TRP FTP_TRP FTP_TRP FTP_TR FTP_TRP FTP_TRP initiate co FTP_TRP user auth 6.3 Se Table 20 li EAL1 augm Assuranc .1.1(a) Refine TLS/H admin identif detect [select – .1.2(a) Refine trusted .1.3(a) Refine authen P.1(b) Tru Hierar Depend .1.1(b) Refine TLS/H logical points of the [select – P.1.2(b) Ref ommunicat [select – P.1.3(b) Ref hentication ecurity Ass ists the Securi mented by A ce class ement:The TS HTTPS] to pr nistrators that fication of its e tion of modifi tion, choose a IPsec, TLS ement:The TS d path ement:The TS ntication and usted path rchical to: dencies: ement: HTTPS] to pro lly distinct fro and protectio communicat tion, choose a IPsec finement: tion via the tion: the TSF, remote use finement: and all rem surance Re ity Assurance ASE_SPD.1. Table 20-TO FCS_T FCS_S FCS_H SF shall use [ rovide a truste t is logically d end points and ication of the at least one of S/HTTPS SF shall perm SF shall requi d all remote a h (for Non- No oth [FCS_I FCS_T FCS_S FCS_H The TSF ovide a truste om other comm n of the comm ted data. at least one of The TSF trusted pat F, remote users ers The TSF mote user ac equirement Requirement OE Security Assuran 65 TLS_EXT.1 Ex SSH_EXT.1 E HTTPS_EXT.1 selection, cho ed communic distinct from o d protection o communicat f: IPsec, SSH mit remote adm ire the use of t administration -administra er component IPSEC_EXT.1 TLS_EXT.1 Ex SSH_EXT.1 E HTTPS_EXT.1 shall use [sele ed communica munication pa municated data f: IPsec, SSH F shall per th s] F shall requ ctions. ts s for Protectio y Assuranc nce compone xtended: TLS xtended: SSH 1 Extended: H oose at least o ation path bet other commun of the commun ted data. H, TLS, TLS/H ministrators t the trusted pat n actions. ators) ts. 1 Extended: IP xtended: TLS xtended: SSH 1 Extended: H ection, choos ation path betw aths and provi a from disclos H, TLS, TLS/H mit [selecti uire the use on Profile for ce Requirem ents D Copyrig selected, or H selected, or HTTPS selecte one of: IPsec, tween itself an nication paths nicated data fr HTTPS] to initiate com th for initial a Psec selected, selected, or H selected, or HTTPS selecte e at least one ween itself an des assured id sure and dete HTTPS] ion: the TS e of the trus r Hardcopy D ments Date of Issue: 2 ght Canon Inc ed]. , SSH, TLS, nd remote and provides rom disclosur mmunication v administrator , or ed]. of: IPsec, SS nd remote use dentification o ection of mod SF, remote u sted path fo Devices, an 2022/07/27 c. 2021 assured re and via the r SH, TLS, rs that is of its end dification users] to or initial nd related Assuranc ADV: De AGD: Gu ALC: Lif ASE: Sec ATE: Te AVA: Vu 6.4 Se 6.4.1 T This sectio Funct Requir FAU_GEN. FAU_GEN.2 FAU_SAR.1 FAU_SAR.2 FAU_STG.1 FAU_STG.4 FAU_STG_ FCS_CKM. FCS_CKM. ce class evelopment uidance doc fe-cycle sup curity Targ sts ulnerability ecurity func The depen on provides th T tional rement 1 2 1 2 1 4 _EXT.1 1(a) 1(b) cuments port get evaluatio assessmen ctional req dencies of he justificatio able 21- The Dependenc by FPT_STM.1 FAU_GEN.1 FIA_UID.1 FAU_GEN.1 FAU_SAR.1 FAU_GEN.1 FAU_STG.1 FAU_GEN.1 FTP_ITC.1 FCS_COP.1(b FCS_CKM_EX [FCS_COP.1(a or FCS_COP.1 or FCS_COP.1 or FCS_COP.1 or FCS_COP.1 or FCS_COP.1 Assuran ADV_F AGD_O AGD_P ALC_C ALC_C on ASE_C ASE_E ASE_IN ASE_O environ ASE_R ASE_S ASE_T ATE_IN nt AVA_V uirements f security re on for any dep e dependen cies required CC ) XT.4 a), 1(d), 1(e), 1(f), 1(g), 1(h)] 66 nce compone FSP.1 Basic OPE.1 Oper PRE.1 Prepa CMC.1 Labe CMS.1 TOE CCL.1 Confo ECD.1 Exten NT.1 ST int OBJ.1 Secu nment REQ.1 State SPD.1 Secur TSS.1 TOE s ND.1 Indep VAN.1 Vuln rationale equiremen pendencies no cies of sec d Depende b FPT_STM. FAU_GEN FIA_UID.1 FAU_GEN FAU_SAR FAU_GEN FAU_STG FAU_GEN FTP_ITC.1 FCS_COP. FCS_CKM FCS_COP. FCS_COP. FCS_COP. FCS_CKM FCS_RBG_ ents c functional rational use arative proc elling of the CM covera ormance cla nded compo troduction urity objec ed security r rity problem summary sp pendent test nerability su nts ot met urity requir encies satisfie by ST .1 N.1 1 N.1 R.1 N.1 G.1 N.1 1 .1(b) M_EXT.4 .1(a) .1(d) .1(g) M_EXT.4 _EXT.1(networ D Copyrig specificatio er guidance cedures TOE ge aims onents defin ctives for requiremen m definition pecification ting – Confo urvey rements ed Reason d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) rk) N/A (dep satisfied) Date of Issue: 2 ght Canon Inc on nition the oper nts ormance n for not me dependencies pendencies are pendencies are pendencies are pendencies are pendencies are pendencies are pendencies are pendencies are pendencies are 2022/07/27 c. 2021 rational eeting s Funct Requir FCS_CKM_ FCS_CKM.4 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_COP.1 FCS_HTTPS FCS_IPSEC FCS_KYC_ FCS_RBG_E (network) FCS_RBG_E FCS_SMC_ FCS_TLS_E tional rement _EXT.4 4 (a) (b)(update) (b)(tls) (b)(ipsec) (c) (d) (g) S_EXT.1 C_EXT.1 _EXT.1 EXT.1 EXT.1(ssd) _EXT.1 EXT.1 Dependenc by FCS_CKM_EX FCS_RBG_EX [FCS_CKM.1( or FCS_CKM. FCS_CKM.4 [FCS_CKM.1( or FCS_CKM. FCS_CKM.1(b FCS_CKM_EX FCS_CKM.1(a FCS_CKM_EX FCS_CKM.1(a FCS_CKM_EX FCS_CKM.1(a FCS_CKM_EX No dependenci FCS_CKM.1(b FCS_CKM_EX FCS_CKM.1(b FCS_CKM_EX FCS_TLS_EX FIA_PSK_EX FCS_CKM.1(a FCS_COP.1(a) FCS_COP.1(b FCS_COP.1(c) FCS_COP.1(g FCS_RBG_EX [FCS_COP.1(e or FCS_SMC_ or FCS_COP.1 or FCS_KDF_ and/or FCS_CO No dependenci No dependenci FCS_COP.1(c) FCS_CKM.1(a cies required CC XT.4 XT.1 (a) .1(b)] (a) .1(b)] b) XT.4 a) XT.4 a) XT.4 a) XT.4 ies b) XT.4 b) XT.4 XT.1 T.1 a) ) ) ) ) XT.1 e), _EXT.1, 1(f), _EXT.1, OP.1(i)] ies ies ) a) 67 d Depende b FCS_RBG_ FCS_CKM FCS_CKM FCS_CKM FCS_CKM FCS_CKM FCS_CKM FCS_CKM No depend FCS_CKM FCS_CKM FCS_CKM FCS_CKM No depend FCS_CKM FCS_CKM FCS_CKM FCS_CKM FCS_TLS_ FIA_PSK_ FCS_CKM FCS_COP. FCS_COP. FCS_COP. FCS_COP. FCS_RBG_ k) FCS_SMC No depend No depend FCS_COP. FCS_CKM encies satisfie by ST _EXT.1(ssd) M.1(a) M.1(b) M.4 M.1(a) M.1(b) M.1(b) M_EXT.4 dencies M.1(a) M_EXT.4 M.1(a) M_EXT.4 dencies M.1(b) M_EXT.4 M.1(b) M_EXT.4 _EXT.1 _EXT.1 M.1(a) .1(a) .1(b) (ipsec) .1(c) .1(g) _EXT.1(netwo _EXT.1 dencies dencies .1(c) M.1(a) D Copyrig ed Reason d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) FCS_CKM because: Since onl performed embedded generatio the encry unnecess N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) or N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (no d N/A (dep satisfied) N/A (dep Date of Issue: 2 ght Canon Inc n for not me dependencies pendencies are pendencies are pendencies are M.4 are not cla ly the verificati d with the publ d in advance, on and destruct yption key are ary. pendencies are pendencies are dependencies) pendencies are pendencies are pendencies are pendencies are pendencies are dependencies) dependencies) pendencies are pendencies are 2022/07/27 c. 2021 eeting s aimed on is lic key tion of Funct Requir FDP_ACC.1 FDP_ACF.1 FDP_DSK_E FDP_FXS_E FIA_AFL.1 FIA_ATD.1 FIA_PMG_E FIA_PSK_E FIA_UAU.1 FIA_UAU.7 FIA_UID.1 FIA_USB.1 FMT_MOF. FMT_MSA. FMT_MSA. FMT_MTD. FMT_SMF. FMT_SMR. FPT_KYP_E FPT_SKP_E FPT_STM.1 FPT_TST_E FPT_TUD_E tional rement 1 1 EXT.1 EXT.1 EXT.1 EXT.1 1 7 .1 .1 .3 .1 1 1 EXT.1 EXT.1 1 EXT.1 EXT.1 Dependenc by FCS_COP.1(a) FCS_COP.1(b FCS_COP.1(c) FCS_COP.1(g FCS_RBG_EX FDP_ACF.1 FDP_ACC.1 FMT_MSA.3 FCS_COP.1(d No dependenci FIA_UAU.1 No dependenci No dependenci FCS_RBG_EX FIA_UID.1 FIA_UAU.1 No dependenci FIA_ATD.1 FMT_SMR.1 FMT_SMF.1 FDP_ACC.1 FMT_SMR.1 FMT_SMF.1 FMT_MSA.1 FMT_SMR.1 FMT_SMR.1 FMT_SMF.1 No dependenci FIA_UID.1 No dependenci No dependenci No dependenci No dependenci FCS_COP.1(b FCS_COP.1(c) cies required CC ) ) ) ) XT.1 d) ies ies ies XT.1 ies ies ies ies ies ies ) ) 68 d Depende b FCS_COP. FCS_COP. FCS_COP. FCS_COP. FCS_RBG_ k) FDP_ACF. FDP_ACC FMT_MSA FCS_COP. No depend FIA_UAU. No depend No depend No depend FIA_UID.1 FIA_UAU. No depend FIA_ATD. FMT_SMR FMT_SMF FDP_ACC FMT_SMR FMT_SMF FMT_MSA FMT_SMR FMT_SMR FMT_SMF No depend FIA_UID.1 No depend No depend No depend No depend FCS_COP. FCS_COP. encies satisfie by ST .1(a) .1(b)(tls) .1(c) .1(g) _EXT.1(netwo .1 .1 A.3 .1(d) dencies .1 dencies dencies dencies 1 .1 dencies 1 R.1 F.1 .1 R.1 F.1 A.1 R.1 R.1 F.1 dencies 1 dencies dencies dencies dencies .1(b) (update) .1(c) D Copyrig ed Reason d or satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (dep satisfied) N/A (no d N/A (no d FCS_RBG claimed b Not requi selected i N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) N/A (no d N/A (dep satisfied) N/A (no d N/A (no d N/A (no d N/A (no d N/A (dep satisfied) Date of Issue: 2 ght Canon Inc n for not me dependencies pendencies are pendencies are pendencies are dependencies) pendencies are dependencies) dependencies) G_EXT.1 is no because: ired because it i in SFR. pendencies are pendencies are dependencies) pendencies are pendencies are pendencies are pendencies are pendencies are dependencies) pendencies are dependencies) dependencies) dependencies) dependencies) pendencies are 2022/07/27 c. 2021 eeting s t is not Funct Requir FTA_SSL.3 FTA_SSL.3 FTP_ITC.1 FTP_TRP.1( FTP_TRP.1( tional rement (LUI) (RUI) (a) (b) Dependenc by No dependenci No dependenci [FCS_IPSEC or FCS_TLS_E or FCS_SSH_E or FCS_HTTP [FCS_IPSEC_ or FCS_TLS_E or FCS_SSH_E or FCS_HTTP [FCS_IPSEC_ or FCS_TLS_E or FCS_SSH_E or FCS_HTTP cies required CC ies ies _EXT.1, EXT.1, EXT.1, PS_EXT.1] _EXT.1, EXT.1, EXT.1, PS_EXT.1] _EXT.1, EXT.1, EXT.1, PS_EXT.1] 69 d Depende b No depend No depend FCS_IPSE FCS_IPSE FCS_TLS_ FCS_HTTP FCS_IPSE encies satisfie by ST dencies dencies C_EXT.1 C_EXT.1 _EXT.1 PS_EXT.1 C_EXT.1 D Copyrig ed Reason d N/A (no d N/A (no d N/A (dep satisfied) N/A (dep satisfied) N/A (dep satisfied) Date of Issue: 2 ght Canon Inc n for not me dependencies dependencies) dependencies) pendencies are pendencies are pendencies are 2022/07/27 c. 2021 eeting s 7 TOE 7.1 Us – Sup FIA To identify before the job is inpu performed User authe – For user au authenticat password t remote UI. The TOE m authenticat FIA_USB The TO E pro vide s a lockout fun The lock out func tion can be set only by U. The follow out. – Ac an att – Th co TOE has a inactivity. Op pan Re Op pan Re E Summar ser Authen pported fun A_USB.1, FIA y and authent user operates ut, identificati d. However, su entication sup Internal Au Authenticat uthentication, tion succeeds text area at th . [FIA_UAU maintains use ted, the attrib .1] nction in orde .ADMIN. Th wing condition ccumulate th nd lock out th tempts is reac he lockout tim onfigured lock an automatic l The administ peration nel: mote UI: peration nel: mote UI: ry specific tication Fu nctional req A_AFL.1, FT ticate a legitim s the digital m ion authentica ubmission of pports the foll uthentication tion is based o , the TOE pro s only if the u he time of pas U.7] er names and bute is allocat er to minimiz e operation is ns can be set he number of he account tha ched. The allo me is set to kout time. logout functio trator can set – Settings/R Managem Register/E – Settings/R Authentic – Settings/R Settings > – Settings/R Authentic cation unction quirements: TA_SSL.3(L mate user, the multifunction ation of a use f a fax receivi lowing authen on user inform ompts input o user name and ssword input roles as attrib ted by issuing ze invalid log s as follows for the locko f failed login at failed to lo owable numb 3 or grater o on that autom t the automati Registration > ment > Authen Edit Authenti Registration > cation Manag Registration > > Authenticat Registration > cation/Passwo 70 FIA_UAU. LUI), FTA_S e TOE requir device in an er requested th ing job is perm ntication met mation regist of the user na d password m is displayed a butes for the g an access co gin attempts. [ out function. I attempts from og in and den ber of login at out of 1 - 60 matically logs ic logout time > Device Sett ntication Man ication User > Managemen gement > Device Sett tion/Password > Managemen ord Settings > .1, FIA_UID SL.3(RUI) res identificat operation pa hrough a prin mitted. [FIA_ thods: tered in the de me, password matches the on as "*" in the o user. If the u ontrol token ( [FIA_AFL.1 If the conditio m the operati ny login when ttempts is set 0. The user is out a logged e by setting th tings > Manag nagement > U nt Settings > tings > Manag d Settings > A nt Settings > > Authenticat D Copyrig D.1, FIA_U tion and authe anel or a remo nter driver on _UAU.1, FIA evice. d, and the log ne at the spec operation pan ser's identity (ACT) for eac ] ons are met, t ion panel/rem n the set num t to 3 or less o s not allowed d-in user after he Auto Rese gement Settin Use User Auth User Manage gement Settin Authenticatio Security Sett tion Function Date of Issue: 2 ght Canon Inc UAU.7, FIA entication of ote UI. When a client PC i A_UID.1] gin destination cified destinat nel and "●" is successful ch user.[FIA_ the account is mote UI/print mber of allowa out of 1 - 10. d to log in d r a specified p et Time when ngs > User hentication > ement > ngs > Securit on Function S tings > n Settings> 2022/07/27 c. 2021 A_ATD.1, the user a print is n. User tion. The " in the lly _ATD.1, s locked ter driver, able login during the period of n logging > y ettings> in from the [FTA_SSL The auto mati c logo ut time setti ngs can be set only by U.ADM The follow is logged o – The sess ion setti ngs can be The follow account is – 7.2 Ac The TOE h function, s – – – – – The TOE p assigned to authenticat 7.2.1 P Op pan Re Re e operation pa L.3(RUI)] MIN. The ope wing condition out. At the contr from 10 seco e set only by U wing condition logged out. When the ti operating the ccess Cont has the follow scan function, print functio scanning fu copy functi fax functio function document s performs thes o the user acc ted. Print proce peration nel: mote UI: mote UI: anel or by ses eration is as fo ns can be set rol panel, ses onds to 9 min U.ADMIN. T ns can be set imeout perio e Remote UI trol Functio wing access c , copy functio on: print proc unction: scan on: copy proc on: Fax tran tore and retri se access con cording to the ess control – Settings/R Auto Rese – Settings/R Restrict A – Settings/R Settings > – Settings/R Time – Settings/R ssion settings ollows for the autom ssion timeout nutes can be s The operation for the sessio d set by the . Choose from on control functio on, fax functi cess control f process contr cess control f smission pro ieve function ntrol functions e contents of t l function Registration > et Time Registration > Auto Reset Ti Registration > > Auto Reset Registration > Registration > 71 s when loggin matic logout f t occurs after specified (Init n is as follows on manageme session man m 15 to 150 m ons for jobs a ion, and docu function rol function function ocess control : document st s by identifyi the ACT issu > Device Sett > Device Sett ime > Preferences Time > Preferences > Preferences ng in from the function. If th r a specified tial value: 2 m s ent function. nagement set minutes (Initi and document ument storage l function a tore and retrie ng the user n ued to the use tings > Prefer tings > Prefer s > Timer/Ene s > Timer/Ene s > Network S D Copyrig e remote UI. he conditions period of us minutes). If the conditi tting function al value: 15 m ts in jobs pro e and retrieval nd fax recep eve process c name and iden r who is iden rences > Time rences> Time ergy Settings ergy Settings Settings > Ses Date of Issue: 2 ght Canon Inc [FTA_SSL.3 are met, the ser inactivity ions are met, n has elapsed minutes). ocessed by the l function of ption proces control functi ntifying the ro ntified and er/Energy Se er/Energy Set > Power Sav > Restrict Au ssion Settings 2022/07/27 c. 2021 3(LUI)] account . A value the d without e print the TOE. ss control on ole ttings > ttings > ve uto Reset s – Sup TOE provi jobs is init change the When a pr determines access con [Submit a TOE allow printed and The metho held by the - The us user u user au sent if [View ima TOE allow printed out The metho - If a use display - The pr - The da TOE does output. [View prin TOE allow The metho - Job ow check the job of the maske - If a Job display - U.ADM jobs th pported func ides the follow tialized with t e user name a rint job is exe s the owner o ntrol. a document t w all authentic d to create pr od for inputtin e print functio ser executes p ses the user a uthentication f user authent age or Releas w Job owner ( tput the imag od for viewing er logs in to t yed. rint function c ata held by th not allow U,A nt queue / lo w Job owner o od for viewing wner and U.A the list of job b log only dis print job). Fo ed and cannot b owner logs yed. MIN can log hat are printin ctional requir wing access c the name of th assigned to job cuted, TOE t of a print job v o be printed cated users (J rint job. TOE ng print docu on. printing via a authentication n is successful tication fails. se printed ou (a user whom ges of digital d g image or re the machine a can display im he print functi ADMIN, U.N g] or U.ADMIN g the print qu ADMIN can lo bs that are pr splays the job or jobs owned t be viewed in in to the mac in to the Rem ng/waiting to rements: FD control functi he user that g bs. temporarily sa via the user n , Create prin Job owner, U does not allo uments and cr printer drive n function of l, the print job utput] m user name is documents fo elease printed and selects
, the lis
e held data.
inted.
r Unauthentic
nt queue / log.
ndicated belo
ontrol panel a
g to be printe
er owns (whe
ers, informati
ueue / log.
ects , the lis
n can be used
Print>, the lis
onditions (num
r Unauthentic
ored documen
nceling print
cesses