Security Target
Page 38
... prevent unauthorised use of the external interfaces of the TOE, operation of storage devices The data stored on the HDD inside the TOE shall be reviewed by unauthorised persons. P.STORAGE.ENCRYPTION Encryption of those policies and procedures. 3.2 Organisational Security Policies The following organisational security policies are taken: Page 37 of 93... that provides protection from unauthorised disclosure or alteration, and shall be encrypted. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to use the TOE. Copyright (c) 2011 RICOH COMPANY, LTD.
... prevent unauthorised use of the external interfaces of the TOE, operation of storage devices The data stored on the HDD inside the TOE shall be reviewed by unauthorised persons. P.STORAGE.ENCRYPTION Encryption of those policies and procedures. 3.2 Organisational Security Policies The following organisational security policies are taken: Page 37 of 93... that provides protection from unauthorised disclosure or alteration, and shall be encrypted. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to use the TOE. Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 42
... those policies and procedures. OE.ADMIN.TRAINED Administrator training The responsible manager of MFP shall ensure that audit logs are reviewed at appropriate intervals according to the guidance document for detecting security violations or unusual patterns of activity. OE.USER.AUTHORIZED ...the authority to use their privileged access rights for malicious purposes according to the guidance document. Copyright (c) 2011 RICOH COMPANY, LTD. OE.AUDIT.REVIEWED Log audit The responsible manager of MFP shall ensure that administrators are aware of the security policies and procedures...
... those policies and procedures. OE.ADMIN.TRAINED Administrator training The responsible manager of MFP shall ensure that audit logs are reviewed at appropriate intervals according to the guidance document for detecting security violations or unusual patterns of activity. OE.USER.AUTHORIZED ...the authority to use their privileged access rights for malicious purposes according to the guidance document. Copyright (c) 2011 RICOH COMPANY, LTD. OE.AUDIT.REVIEWED Log audit The responsible manager of MFP shall ensure that administrators are aware of the security policies and procedures...
Security Target
Page 43
...PROT.NO_ALT O.CONF.NO_DIS O.CONF.NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT OE.ADMIN.TRAINED OE.ADMIN.TRUSTED OE.USER.TRAINED T.... X P.AUDIT.LOGGING X XXX P.INTERFACE.MANAGEMENT X X P.STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
...PROT.NO_ALT O.CONF.NO_DIS O.CONF.NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT OE.ADMIN.TRAINED OE.ADMIN.TRUSTED OE.USER.TRAINED T.... X P.AUDIT.LOGGING X XXX P.INTERFACE.MANAGEMENT X X P.STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Security Target
Page 46
... access by this objective. P.RCGATE.COMM.PROTECT P.RCGATE.COMM.PROTECT is protected from unauthorised access, deletion and alteration. Copyright (c) 2011 RICOH COMPANY, LTD. By O.AUDIT.LOGGED, the TOE creates and maintains a log of 93 P. P.INTERFACE.MANAGEMENT is upheld by the ...INTERFACE.MANAGED. A.ACCESS.MANAGED A.ACCESS.MANAGED is enforced by these objectives. All rights reserved. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at appropriate intervals for security violations or unusual patterns of MFP ensures that prevents unmanaged access to...
... access by this objective. P.RCGATE.COMM.PROTECT P.RCGATE.COMM.PROTECT is protected from unauthorised access, deletion and alteration. Copyright (c) 2011 RICOH COMPANY, LTD. By O.AUDIT.LOGGED, the TOE creates and maintains a log of 93 P. P.INTERFACE.MANAGEMENT is upheld by the ...INTERFACE.MANAGED. A.ACCESS.MANAGED A.ACCESS.MANAGED is enforced by these objectives. All rights reserved. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at appropriate intervals for security violations or unusual patterns of MFP ensures that prevents unmanaged access to...
Security Target
Page 53
... to: No other components. FAU_SAR.2 Restricted audit review Hierarchical to: No other components. Dependencies: FAU_SAR.1 Audit review FAU_SAR.2.1 The TSF shall prohibit all of log items] from unauthorised deletion. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.1 The TSF shall provide [assignment: the MFP ....1.1 The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm [assignment: cryptographic key generation algorithm in Table 13] and Copyright (c) 2011 RICOH COMPANY, LTD.
... to: No other components. FAU_SAR.2 Restricted audit review Hierarchical to: No other components. Dependencies: FAU_SAR.1 Audit review FAU_SAR.2.1 The TSF shall prohibit all of log items] from unauthorised deletion. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.1 The TSF shall provide [assignment: the MFP ....1.1 The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm [assignment: cryptographic key generation algorithm in Table 13] and Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 81
The TOE provides the audit logs in a text format when the MFP administrator instructs the TOE to audit (audit log review). All rights reserved. FPT_STM.1 The date (year/month/day) and time (hour/minute/second) the TOE records for the audit log are recorded. ...Success and failure of login operations from the system clock of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. The recorded audit log can be read the audit logs. This function provides the recorded audit log in a legible fashion for each corresponding...
The TOE provides the audit logs in a text format when the MFP administrator instructs the TOE to audit (audit log review). All rights reserved. FPT_STM.1 The date (year/month/day) and time (hour/minute/second) the TOE records for the audit log are recorded. ...Success and failure of login operations from the system clock of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. The recorded audit log can be read the audit logs. This function provides the recorded audit log in a legible fashion for each corresponding...