Security Target
Page 36
... and users are aware of the security policies and procedures of their organisation and are identified and described. Copyright (c) 2012 RICOH COMPANY, LTD. P.INTERFACE.MANAGEMENT Management of external interfaces To prevent unauthorised use and security-relevant events. P.AUDIT.LOGGING Management ... those policies and procedures. P.STORAGE.ENCRYPTION Encryption of storage devices The data stored on the HDD inside the TOE shall be reviewed by the TOE and its IT environment. 3.2 Organisational Security Policies The following organisational security policies are taken: Page 35 of...
... and users are aware of the security policies and procedures of their organisation and are identified and described. Copyright (c) 2012 RICOH COMPANY, LTD. P.INTERFACE.MANAGEMENT Management of external interfaces To prevent unauthorised use and security-relevant events. P.AUDIT.LOGGING Management ... those policies and procedures. P.STORAGE.ENCRYPTION Encryption of storage devices The data stored on the HDD inside the TOE shall be reviewed by the TOE and its IT environment. 3.2 Organisational Security Policies The following organisational security policies are taken: Page 35 of...
Security Target
Page 40
... in IT environment The IT environment shall take a countermeasure for detecting security violations or unusual patterns of activity. Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved. OE.USER.TRAINED User training The responsible manager of MFP shall train users according to the ...administrator The responsible manager of their organisation and have the training, competence, and time to follow the guidance document; OE.AUDIT.REVIEWED Log audit The responsible manager of MFP shall ensure that administrators are aware of the security policies and procedures of MFP shall...
... in IT environment The IT environment shall take a countermeasure for detecting security violations or unusual patterns of activity. Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved. OE.USER.TRAINED User training The responsible manager of MFP shall train users according to the ...administrator The responsible manager of their organisation and have the training, competence, and time to follow the guidance document; OE.AUDIT.REVIEWED Log audit The responsible manager of MFP shall ensure that administrators are aware of the security policies and procedures of MFP shall...
Security Target
Page 41
...O.CONF.NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTEC T OE.ADMIN.TRAINED OE....STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2012 RICOH COMPANY, LTD. Page 40 of Security Objectives Table 10 describes the correspondence between the assumptions, threats and organisational security policies, and each security...
...O.CONF.NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTEC T OE.ADMIN.TRAINED OE....STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2012 RICOH COMPANY, LTD. Page 40 of Security Objectives Table 10 describes the correspondence between the assumptions, threats and organisational security policies, and each security...
Security Target
Page 44
...located in order to TOE external interfaces. Copyright (c) 2012 RICOH COMPANY, LTD. Page 43 of 91 P.AUDIT.LOGGING P.AUDIT.LOGGING is enforced by these objectives. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at appropriate intervals for security violations or unusual...STORAGE.ENCRYPTED, the TOE shall encrypt the data to the guidance document. P.AUDIT.LOGGING is enforced by O.AUDIT.LOGGED, OE.AUDIT.REVIEWED, OE.AUDIT_STORAGE.PROTECTED and OE.AUDIT_ACCESS.AUTHORIZED. By O.INTERFACE.MANAGED, the TOE manages the operation of TOE use and security-relevant...
...located in order to TOE external interfaces. Copyright (c) 2012 RICOH COMPANY, LTD. Page 43 of 91 P.AUDIT.LOGGING P.AUDIT.LOGGING is enforced by these objectives. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at appropriate intervals for security violations or unusual...STORAGE.ENCRYPTED, the TOE shall encrypt the data to the guidance document. P.AUDIT.LOGGING is enforced by O.AUDIT.LOGGED, OE.AUDIT.REVIEWED, OE.AUDIT_STORAGE.PROTECTED and OE.AUDIT_ACCESS.AUTHORIZED. By O.INTERFACE.MANAGED, the TOE manages the operation of TOE use and security-relevant...
Security Target
Page 51
... cryptographic key generation algorithm [assignment: cryptographic key generation algorithm in Table 12] and Copyright (c) 2012 RICOH COMPANY, LTD. FAU_SAR.2 Restricted audit review Hierarchical to: No other actions to be able to [selection: prevent] unauthorised modifications to the stored...Dependencies: FAU_GEN.1 Audit data generation FAU_STG.1.1 The TSF shall protect the stored audit records in the audit trail. FAU_SAR.1 Audit review Hierarchical to : No other components. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.1 The TSF shall provide [assignment: the MFP...
... cryptographic key generation algorithm [assignment: cryptographic key generation algorithm in Table 12] and Copyright (c) 2012 RICOH COMPANY, LTD. FAU_SAR.2 Restricted audit review Hierarchical to: No other actions to be able to [selection: prevent] unauthorised modifications to the stored...Dependencies: FAU_GEN.1 Audit data generation FAU_STG.1.1 The TSF shall protect the stored audit records in the audit trail. FAU_SAR.1 Audit review Hierarchical to : No other components. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.1 The TSF shall provide [assignment: the MFP...
Security Target
Page 79
...The Audit Function is to generate the audit log of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2012 RICOH COMPANY, LTD. Page 78 of 91 7 TOE Summary Specification This section describes the TOE summary specification for the audit log are derived from RC ...-relevant events (hereafter, "audit events"). The TOE provides the audit logs in Table 34 are described for audit logs to audit (audit log review). Table 33 : List of Audit Events Audit Events Start-up of the Audit Function (*1) Shutdown of the Audit Function (*1) Success and failure ...
...The Audit Function is to generate the audit log of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2012 RICOH COMPANY, LTD. Page 78 of 91 7 TOE Summary Specification This section describes the TOE summary specification for the audit log are derived from RC ...-relevant events (hereafter, "audit events"). The TOE provides the audit logs in Table 34 are described for audit logs to audit (audit log review). Table 33 : List of Audit Events Audit Events Start-up of the Audit Function (*1) Shutdown of the Audit Function (*1) Success and failure ...