TD0393: Require FTP_TRP.1(b) only for printing
Publication Date
2019.02.26
Protection Profiles
PP_HCD_V1.0
Other References
FTP_TRP.1(b)
Issue Description
HCDPP allows for one or more of the following functions defined in section 1.3.1.1: printing, scanning, copying. HCDPP also contains FTP_TRP.1(b) which requires the existence of a remote, non-administrative interface to the device regardless of the devices functionality. FTP_TRP.1(b) is an issue for department-level copy-only and scan-only devices containing a control panel, which don't have a need for a remote, non-administrative interface. Resolution
The following changes are made to HCDPP v1.0 to remove the requirement for remote non-administrative access and allow copy-only and scan-only devices to be evaluated against this PP: 1.3.1.1 Required Uses 24 The Required Uses that shall be present in a conforming HCD are: i. Printing: converting an electronic document to hardcopy form, or — and — — and — 28 In other words, a conforming HCD must support at least one of the Required Uses scanning, printing, or copying, and must support the Required Uses network communications and administration. Section 1.3.1.2 Conditionally Mandatory Uses 29 Conditionally Mandatory Uses that may be present in a conforming HCD are: 30 PSTN faxing: sending and receiving documents over the public switched telephone network (PSTN) using standard facsimile protocols 33 To conform, the HCD must meet requirements associated with these functions if they are present in the TOE. If the TOE supports remote non-administrative functionality but this requirement is not included, then the functionality must be disabled in the evaluated configuration. 2.1 Users 77 Note that a User can be a human user or an external IT entity. Also, a Normal User can be a Local User or a Network User as described in Section 1.3.3. 4.13.3 FTP_TRP.1(b) Trusted path (for non-Administrators) Move the entire section to a new B.3 Network Communications A.1 User Definitions Definition for U.NORMAL: A User who has been identified and authenticated and does not have an administrative role. A Normal User can be a Local User or a Network User as described in Section 1.3.3.
Justification
Remote, non-administrative user access to the device is not required anywhere except for this SFR. The concepts of Local and Network Users are mentioned and used in Section 1 but are not incorporated into the U.NORMAL definition in Section 2.1 and A.1. The use cases for copying and scanning specifically apply to Local Users only. |