Page 29 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
O.LINE_PROTECT (Prevention of intrusion from telephone line)
The TOE shall prevent unauthorised access to the TOE from a telephone line connected
to the Fax Unit.
4.2 Security Objectives of Operational Environment
The following describes the security objectives of the operational environment.
OE.ADMIN (Trusted administrator)
The responsible manager of the MFP shall select trusted persons as administrators and
instructs them on their administrator roles. Once instructed, administrators then shall
instruct general users, familiarising them with the compliance rules for secure TOE
operation as defined in the administrator guidance for the TOE.
OE.SUPERVISOR (Trusted supervisor)
The responsible manager of the MFP shall select a trusted person as a supervisor and
instructs him/her on the role of supervisor.
OE.NETWORK (Network environment for TOE connection)
If the internal network, to which the TOE is connected, is connected to an external
network such as the Internet, the organisation that manages operation of the internal
network shall close any unnecessary ports between the external and internal networks
(e.g. by employing a firewall)
4.3 Security Objectives Rationale
This section describes the rationale of the security objectives.
If all security objectives are fulfilled as explained in the following, the security problems defined in "3
Security Problem Definitions" are solved: all threats are countered, all organisational security policies
enforced, and all assumptions upheld.
4.3.1 Tracing
This section describes the correspondence between the previously described "3.1 Threats", "3.2
Organisational Security Policies" and "3.3 Assumptions", and either "4.1 Security Objectives for TOE" or
"4.2 Security Objectives of Operational Environment" with Table 3. The "v" in the table indicates that each
of the elements of the TOE Security Environment is satisfied by security objectives.
Table 3 demonstrates that each security objective corresponds to at least one threat, organisational security
policy, or assumption. As indicated by the shaded region in Table 3, assumptions are not upheld by TOE
security objectives.
To Next Page
Loading...
