Security Target
Page 38
...of the external interfaces of the TOE, operation of storage devices The data stored on the HDD inside the TOE shall be reviewed by the TOE and its IT environment. P.RCGATE.COMM.PROTECT Protection of communication with RC Gate As for communication with operation permission... shall be encrypted. P.INTERFACE.MANAGEMENT Management of the TOE shall be protected from physical access by unauthorised persons. Copyright (c) 2011 RICOH COMPANY, LTD. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to the guidance document, the TOE is placed in the TSF. All rights reserved...
...of the external interfaces of the TOE, operation of storage devices The data stored on the HDD inside the TOE shall be reviewed by the TOE and its IT environment. P.RCGATE.COMM.PROTECT Protection of communication with RC Gate As for communication with operation permission... shall be encrypted. P.INTERFACE.MANAGEMENT Management of the TOE shall be protected from physical access by unauthorised persons. Copyright (c) 2011 RICOH COMPANY, LTD. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to the guidance document, the TOE is placed in the TSF. All rights reserved...
Security Target
Page 42
...to the guidance document and ensure that users are aware of the security policies and procedures of their organisation. Copyright (c) 2011 RICOH COMPANY, LTD. OE.ADMIN.TRAINED Administrator training The responsible manager of MFP shall ensure that provides protection from physical access to ... the guidance document; have the competence to the TOE by unauthorised persons. OE.AUDIT.REVIEWED Log audit The responsible manager of MFP shall ensure that audit logs are reviewed at appropriate intervals according to the guidance document for the prevention of unmanaged access to TOE...
...to the guidance document and ensure that users are aware of the security policies and procedures of their organisation. Copyright (c) 2011 RICOH COMPANY, LTD. OE.ADMIN.TRAINED Administrator training The responsible manager of MFP shall ensure that provides protection from physical access to ... the guidance document; have the competence to the TOE by unauthorised persons. OE.AUDIT.REVIEWED Log audit The responsible manager of MFP shall ensure that audit logs are reviewed at appropriate intervals according to the guidance document for the prevention of unmanaged access to TOE...
Security Target
Page 43
...NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT OE.ADMIN.TRAINED ... X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. Page 42 of Security Objectives Table 11 describes the correspondence between the assumptions, threats and organisational security policies, and each security objective.
...NO_ALT O.USER.AUTHORIZED OE.USER.AUTHORIZED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED OE.AUDIT_STORAGE.PROTCTED OE.AUDIT_ACCESS_AUTHORIZED OE.AUDIT.REVIEWED O.INTERFACE.MANAGED OE.PHYSICAL.MANAGED OE.INTERFACE.MANAGED O.STORAGE.ENCRYPTED O.RCGATE.COMM.PROTECT OE.ADMIN.TRAINED ... X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. Page 42 of Security Objectives Table 11 describes the correspondence between the assumptions, threats and organisational security policies, and each security objective.
Security Target
Page 46
... unmanaged access to the guidance document. AUDIT.LOGGING P.AUDIT.LOGGING is upheld by O.AUDIT.LOGGED, OE.AUDIT.REVIEWED, OE.AUDIT_STORAGE.PROTECTED and OE.AUDIT_ACCESS.AUTHORIZED. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at appropriate intervals for security violations or unusual patterns of MFP protects those communication data. By... MFP and prevents its unauthorised disclosure or alteration. P.RCGATE.COMM.PROTECT is upheld by this objective. A.ACCESS.MANAGED is enforced by this objective. Copyright (c) 2011 RICOH COMPANY, LTD.
... unmanaged access to the guidance document. AUDIT.LOGGING P.AUDIT.LOGGING is upheld by O.AUDIT.LOGGED, OE.AUDIT.REVIEWED, OE.AUDIT_STORAGE.PROTECTED and OE.AUDIT_ACCESS.AUTHORIZED. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at appropriate intervals for security violations or unusual patterns of MFP protects those communication data. By... MFP and prevents its unauthorised disclosure or alteration. P.RCGATE.COMM.PROTECT is upheld by this objective. A.ACCESS.MANAGED is enforced by this objective. Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 53
... shall be able to [selection: prevent] unauthorised modifications to the stored audit records in Table 13] and Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.1 The TSF shall provide [assignment: the MFP administrators] with the capability...data loss Hierarchical to: FAU_STG.3 Action in case of audit storage failure] if the audit trail is full. FAU_SAR.2 Restricted audit review Hierarchical to: No other components. FAU_STG.1 Protected audit trail storage Hierarchical to: No other components. Dependencies: FAU_GEN.1 Audit data generation...
... shall be able to [selection: prevent] unauthorised modifications to the stored audit records in Table 13] and Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.1 The TSF shall provide [assignment: the MFP administrators] with the capability...data loss Hierarchical to: FAU_STG.3 Action in case of audit storage failure] if the audit trail is full. FAU_SAR.2 Restricted audit review Hierarchical to: No other components. FAU_STG.1 Protected audit trail storage Hierarchical to: No other components. Dependencies: FAU_GEN.1 Audit data generation...
Security Target
Page 81
... events occur and the audit log items shown in a text format when the MFP administrator instructs the TOE to audit (audit log review). The security functions are derived from RC Gate communication interface Table 30 Record of Management Function Date settings (year/month/day), time settings... (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. FPT_STM.1 The date (year/month/day) and time (hour/minute/second) the TOE records for the audit log are described...
... events occur and the audit log items shown in a text format when the MFP administrator instructs the TOE to audit (audit log review). The security functions are derived from RC Gate communication interface Table 30 Record of Management Function Date settings (year/month/day), time settings... (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. FPT_STM.1 The date (year/month/day) and time (hour/minute/second) the TOE records for the audit log are described...