HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 36 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
3 Security Problem Definition
3.1 Introduction
The statement of TOE security environment describes the security aspects of the environment in which
the TOE is intended to be used and the manner in which it is expected to be deployed.
To this end, the statement of TOE security environment identifies the list of assumptions made on the
Operational Environment (including physical and procedural measures) and the intended method of use
of the product, defines the threats that the product is designed to counter, and the organizational security
policies with which the product is designed to comply.
3.2 Threat Environment
This security problem definition addresses threats posed by four categories of threat agents:
a) Persons who are not permitted to use the TOE who may attempt to use the TOE.
b) Persons who are authorized to use the TOE who may attempt to use TOE functions for which
they are not authorized.
c) Persons who are authorized to use the TOE who may attempt to access data in ways for which
they not authorized.
d) Persons who unintentionally cause a software malfunction that may expose the TOE to
unanticipated threats.
The threats and policies defined in this Security Target address the threats posed by these threat agents.
The threat agents are assumed to originate from a well-managed user community in a non-hostile
working environment. Therefore, the product protects against threats of security vulnerabilities that might
be exploited in the intended environment for the TOE with low level of expertise and effort. The TOE
protects against straightforward or intentional breach of TOE security by attackers possessing a Basic
attack potential.
3.2.1 Threats countered by the TOE
T.DOC.DIS
User Document Data may be disclosed to unauthorized persons.
T.DOC.ALT
User Document Data may be altered by unauthorized persons.
T.FUNC.ALT
User Function Data may be altered by unauthorized persons.
T.PROT.ALT
TSF Protected Data may be altered by unauthorized persons.
T.CONF.DIS
TSF Confidential Data may be disclosed to unauthorized persons.
T.CONF.ALT
TSF Confidential Data may be altered by unauthorized persons.
To Next Page
Loading...