Security Target
Page 33
...TRAINING Administrator training Administrators are aware of the security policies and procedures of their organisation and are identified and described. Copyright (c) 2011 RICOH COMPANY, LTD. A.ACCESS.MANAGED Access management According to the guidance document, the TOE is placed in a restricted or monitored area... that provides protection from unauthorised disclosure or alteration, and shall be reviewed by authorised persons. P.AUDIT.LOGGING Management of audit log records The TOE shall create and maintain a log of TOE use the...
...TRAINING Administrator training Administrators are aware of the security policies and procedures of their organisation and are identified and described. Copyright (c) 2011 RICOH COMPANY, LTD. A.ACCESS.MANAGED Access management According to the guidance document, the TOE is placed in a restricted or monitored area... that provides protection from unauthorised disclosure or alteration, and shall be reviewed by authorised persons. P.AUDIT.LOGGING Management of audit log records The TOE shall create and maintain a log of TOE use the...
Security Target
Page 37
... appropriate intervals according to follow the security policies and procedures of their organisation; OE.AUDIT.REVIEWED Log audit The responsible manager of MFP shall ensure that users are reviewed at the time of installation according to the guidance document. 4.2.2 Non-IT Environment OE.....TRUSTED Trusted administrator The responsible manager of MFP shall select administrators who follow those policies and procedures. Copyright (c) 2011 RICOH COMPANY, LTD. Page 36 of 87 appropriately configure the firewall according to the guidance document, and prevent the attacks to the guidance...
... appropriate intervals according to follow the security policies and procedures of their organisation; OE.AUDIT.REVIEWED Log audit The responsible manager of MFP shall ensure that users are reviewed at the time of installation according to the guidance document. 4.2.2 Non-IT Environment OE.....TRUSTED Trusted administrator The responsible manager of MFP shall select administrators who follow those policies and procedures. Copyright (c) 2011 RICOH COMPANY, LTD. Page 36 of 87 appropriately configure the firewall according to the guidance document, and prevent the attacks to the guidance...
Security Target
Page 38
...USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED OE.ADMIN.TRAINED OE.ADMIN.TRUSTED OE.USER.TRAINED T.DOC.DIS...INTERFACE.MANAGEMENT X X P.STORAGE.ENCRYPTION X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. Table 11: Rationale of security objectives. The security objectives are for upholding the assumptions, countering the threats, and enforcing the...
...USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED OE.ADMIN.TRAINED OE.ADMIN.TRUSTED OE.USER.TRAINED T.DOC.DIS...INTERFACE.MANAGEMENT X X P.STORAGE.ENCRYPTION X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. Table 11: Rationale of security objectives. The security objectives are for upholding the assumptions, countering the threats, and enforcing the...
Security Target
Page 41
...O.INTERFACE.MANAGED, the TOE manages the operation of TOE use of USB is located in accordance with the security policies. Copyright (c) 2011 RICOH COMPANY, LTD. P.INTERFACE.MANAGEMENT P.INTERFACE.MANAGEMENT is enforced by this objective. The TOE controls the access to the Operation Panel and the ... protects those records can be accessed in the MFP and prevents its unauthorised disclosure or alteration. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at the time of MFP ensures that the only encrypted data is written into /read from telephone line...
...O.INTERFACE.MANAGED, the TOE manages the operation of TOE use of USB is located in accordance with the security policies. Copyright (c) 2011 RICOH COMPANY, LTD. P.INTERFACE.MANAGEMENT P.INTERFACE.MANAGEMENT is enforced by this objective. The TOE controls the access to the Operation Panel and the ... protects those records can be accessed in the MFP and prevents its unauthorised disclosure or alteration. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at the time of MFP ensures that the only encrypted data is written into /read from telephone line...
Security Target
Page 47
...trail storage FAU_STG.4.1 The TSF shall [selection: overwrite the oldest stored audit records] and [assignment: no other components. Dependencies: FAU_GEN.1 Audit data generation Copyright (c) 2011 RICOH COMPANY, LTD. b) Minimal: Identification of the initiator and target of the trusted channel functions. Dependencies: FAU_GEN.1 Audit data generation FAU_STG.1.1 The TSF shall protect the... stored audit records in case of session by the session locking mechanism. FAU_STG.1.2 The TSF shall be taken in the audit trail. FAU_SAR.1 Audit review Hierarchical to the time;
...trail storage FAU_STG.4.1 The TSF shall [selection: overwrite the oldest stored audit records] and [assignment: no other components. Dependencies: FAU_GEN.1 Audit data generation Copyright (c) 2011 RICOH COMPANY, LTD. b) Minimal: Identification of the initiator and target of the trusted channel functions. Dependencies: FAU_GEN.1 Audit data generation FAU_STG.1.1 The TSF shall protect the... stored audit records in case of session by the session locking mechanism. FAU_STG.1.2 The TSF shall be taken in the audit trail. FAU_SAR.1 Audit review Hierarchical to the time;
Security Target
Page 48
All rights reserved. Dependencies: FAU_SAR.1 Audit review FAU_SAR.2.1 The TSF shall prohibit all users read access to the audit records, except those users that have been granted explicit read [assignment: all of ...: cryptographic key sizes shown in Table 14] that meet the following : [assignment: standards in a manner suitable for the user to : No other components. Copyright (c) 2011 RICOH COMPANY, LTD. The TSF shall provide the audit records in Table 13]. Page 47 of 87 FAU_SAR.1.1 FAU_SAR.1.2 The TSF shall provide [assignment: the MFP...
All rights reserved. Dependencies: FAU_SAR.1 Audit review FAU_SAR.2.1 The TSF shall prohibit all users read access to the audit records, except those users that have been granted explicit read [assignment: all of ...: cryptographic key sizes shown in Table 14] that meet the following : [assignment: standards in a manner suitable for the user to : No other components. Copyright (c) 2011 RICOH COMPANY, LTD. The TSF shall provide the audit records in Table 13]. Page 47 of 87 FAU_SAR.1.1 FAU_SAR.1.2 The TSF shall provide [assignment: the MFP...
Security Target
Page 75
...function to access to read the audit log. FCS_COP.1 (Cryptographic operation) The TOE encrypts data before writing it from the MFP administrator. FAU_SAR.1 (Audit review) The TOE allows only MFP administrator who are successfully identified and authenticated to read and delete the audit log. FAU_STG.1 (Protected audit trail storage ) ...reading it to read and delete the audit log. Page 74 of 87 Success and failure of the occurrence factor. FAU_SAR.2 (Restricted audit review) The TOE allows only MFP administrator who are the specific cryptographic operations: Copyright (c) 2011...
...function to access to read the audit log. FCS_COP.1 (Cryptographic operation) The TOE encrypts data before writing it from the MFP administrator. FAU_SAR.1 (Audit review) The TOE allows only MFP administrator who are successfully identified and authenticated to read and delete the audit log. FAU_STG.1 (Protected audit trail storage ) ...reading it to read and delete the audit log. Page 74 of 87 Success and failure of the occurrence factor. FAU_SAR.2 (Restricted audit review) The TOE allows only MFP administrator who are the specific cryptographic operations: Copyright (c) 2011...