Xerox Multi-Function Device Security Target
77
Copyright
2013 Xerox Corporation. All rights reserved.
8. Glossary
For the purposes of this document, the following terms and definitions apply.
IEEE Std. 100, The Authoritative Dictionary of IEEE Standards, Seventh
Edition, should be referenced for terms not defined in this annex.
Access: Interaction between an entity and an object that results in the flow or
modification of data.
Access Control: Security service that controls the use of hardware and
software resources and the disclosure and modification of stored or
communicated data.
Accountability: Property that allows activities in an IT system to be traced to
the entity responsible for the activity.
Administrator: A User who has been specifically granted the authority to
manage some portion or all of the TOE and whose actions may affect the
TSP. Administrators may possess special privileges that provide capabilities
to override portions of the TSP.
Asset: An entity upon which the TOE Owner, User, or manager of the TOE
places value.
Authentication: Security measure that verifies a claimed identity.
Authentication data: Information used to verify a claimed identity.
Authorization: Permission, granted by an entity authorized to do so, to
perform functions and access data.
Authorized User: An authenticated User who may, in accordance with the
TSP, perform an operation, This includes Users who are permitted to perform
some operations but may be able to attempt or perform operations that are
beyond those permissions.
Availability: (A) A condition in which Authorized Users have access to
information, functionality and associated assets when requested. (B) Timely
(according to a defined metric), reliable access to IT resources.
Channel: Mechanisms through which data can be transferred into and out of
the TOE.
Confidentiality: (A) A condition in which information is accessible only to
those authorized to have access. (B) A security policy pertaining to disclosure
of data.
Enterprise: An operational context typically consisting of centrally-managed
networks of IT products protected from direct Internet access by firewalls.
Enterprise environments generally include medium to large businesses,
certain governmental agencies, and organizations requiring managed
telecommuting systems and remote offices
To Next Page
Loading...
