Page 45 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
administrator IDs, administrator roles and supervisor ID].
FIA_USB.1.2 The TSF shall enforce the following rules on the initial association of user security attributes
with subjects acting on the behalf of users: [assignment: rules for the initial association of
attributes listed in Table15].
Table 15: Rules for initial association of attributes
Users Subjects Security attributes of users
General user General user process
General user ID,
Document data default ACL
Administrator Administrator process
Administrator ID,
Administrator roles
Supervisor Supervisor process Supervisor ID
FIA_USB.1.3 The TSF shall enforce the following rules governing changes to the user security attributes
associated with subjects acting on the behalf of users: [assignment: administrators can add
their own assigned administrator roles to other administrators, and can delete their own
administrator roles. However, the administrator cannot delete the assigned
administrator role if that role is assigned to no other administrators].
6.1.5 Class FMT: Security management
FMT_MSA.1 Management of security attributes
Hierarchical to: No other components.
Dependencies: [FDP_ACC.1 Subset access control, or
FDP_IFC.1 Subset information flow control]
FMT_SMR.1 Security roles
FMT_SMF.1 Specification of Management Functions
FMT_MSA.1.1 The TSF shall enforce the [assignment: MFP access control SFP] to restrict the ability to
[selection: query, modify, delete, [assignment: newly create, change, add]] the security
attributes [assignment: security attributes in Table 16] to [assignment: users/roles in
Table16].
Table 16: Management roles of security attributes
Security attributes Operations User roles
General user IDs (a data
item of general user
information)
Query,
newly create,
delete
- User administrator
To Next Page
Loading...
