Page 32 of 87
3.2 Organisational Security Policies
The following organisational security policies are taken:
P.USER.AUTHORIZATION User identification and authentication
Only users with a login user name shall be authorised to use the TOE.
P.SOFTWARE.VERIFICATION Software verification
Procedures shall exist to self-verify executable code in the TSF.
P.AUDIT.LOGGING Management of audit log records
The TOE shall create and maintain a log of TOE use and security-relevant events. The
audit log shall be protected from unauthorised disclosure or alteration, and shall be
reviewed by authorised persons.
P.INTERFACE.MANAGEMENT Management of external interfaces
To prevent unauthorised use of the external interfaces of the TOE (Operation Panel,
LAN, USB and telephone lines), operation of those interfaces shall be controlled by the
TOE and its IT environment.
P.STORAGE.ENCRYPTION Encryption of storage devices
The TOE shall encrypt the stored data on the HDD inside the TOE.
3.3 Assumptions
The assumptions related to this TOE usage environment are identified and described.
A.ACCESS.MANAGED Access management
According to the guidance document, the TOE is placed in a restricted or monitored
area that provides protection from physical access by unauthorised persons.
A.USER.TRAINING User training
The responsible manager of MFP trains users according to the guidance document and
users are aware of the security policies and procedures of their organisation and are
competent to follow those policies and procedures.
A.ADMIN.TRAINING Administrator training
Administrators are aware of the security policies and procedures of their organisation,
are competent to correctly configure and operate the TOE in accordance with the
guidance document following those policies and procedures.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
To Next Page
Loading...
Need help?
General
