Page 36 of 93
Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
3.2 Organisational Security Policies
The following organisational security policies are taken:
P.USER.AUTHORIZATION User identification and authentication
Only users with operation permission of the TOE shall be authorised to use the TOE.
P.SOFTWARE.VERIFICATION Software verification
Procedures shall exist to self-verify executable code in the TSF.
P.AUDIT.LOGGING Management of audit log records
The TOE shall create and maintain a log of TOE use and security-relevant events. The
audit log shall be protected from unauthorised disclosure or alteration, and shall be
reviewed by authorised persons.
P.INTERFACE.MANAGEMENT Management of external interfaces
To prevent unauthorised use of the external interfaces of the TOE, operation of those
interfaces shall be controlled by the TOE and its IT environment.
P.STORAGE.ENCRYPTION Encryption of storage devices
The data stored on the HDD inside the TOE shall be encrypted.
P.RCGATE.COMM.PROTECT Protection of communication with RC Gate
As for communication with RC Gate, the TOE shall protect the communication data
between itself and RC Gate.
3.3 Assumptions
The assumptions related to this TOE usage environment are identified and described.
A.ACCESS.MANAGED Access management
According to the guidance document, the TOE is placed in a restricted or monitored
area that provides protection from physical access by unauthorised persons.
A.USER.TRAINING User training
The responsible manager of MFP trains users according to the guidance document and
users are aware of the security policies and procedures of their organisation and are
competent to follow those policies and procedures.
To Next Page
Loading...
