Page 28 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
4 Security Objectives
This section describes the security objectives of the TOE and its security objectives of the operational
environment and their rationale.
4.1 Security Objectives for TOE
The following define the security objectives of the TOE.
O.AUDIT (Audit)
The TOE shall record Security Function-related events in an audit log, and provides the
machine administrator with a function for reading the audit logs, allowing the machine
administrator to detect whether or not a security intrusion has occurred.
O.I&A (Identification and Authentication)
The TOE shall perform identification and authentication of users prior to their use of the
TOE Security Functions, and allows successfully authenticated users to use the
functions for which they have permission.
O. DOC_ACC (Access control to protected assets)
The TOE shall ensure general users have access to document data according to their
permissions to process document data. The TOE shall also allow the file administrator
to delete document data stored in the D-BOX.
O. MANAGE (Security management)
The TOE shall only allow specified users to manage its Security Functions, TSF data,
and security attributes. Such users are required to maintain the TOE security.
O.MEM.PROTECT (Prevention of disclosure of data stored in memory)
The TOE shall convert the format of the document data stored on the HDD into a format
that is difficult to decode.
O. NET.PROTECT (Protection of network communication data)
The TOE shall protect document data and print data travelling over the communication
network from interception, and detect any tampering.
O.GENUINE (Protection of integrity of MFP Control Software)
The TOE shall provide TOE users with a function that verifies the integrity of the MFP
Control Software, which is installed in the FlashROM.
To Next Page
Loading...
