Xerox Multi-Function Device Security Target
24
Copyright
2013 Xerox Corporation. All rights reserved.
3.4. Organizational Security Policies
This section describes the Organizational Security Policies (OSPs) that apply
to the TOE. OSPs are used to provide a basis for security objectives that are
commonly desired by TOE Owners in this operational environment, but for
which it is not practical to universally define the assets being protected or the
threats to those assets.
Table 15: Organizational Security Policies
To preserve operational accountability and security,
Users will be authorized to use the TOE only as
permitted by the TOE Owner.
To detect corruption of the executable code in the
TSF, procedures will exist to self-verify executable
code in the TSF.
To preserve operational accountability and security,
records that provide an audit trail of TOE use and
security-relevant events will be created, maintained,
and protected from unauthorized disclosure or
alteration, and will be reviewed by authorized
personnel.
To prevent unauthorized use of the external
interfaces of the TOE, operation of those interfaces
will be controlled by the TOE and its IT
environment.
To Next Page
Loading...
