CRP-C0266-01
5
3. Security Policy
This chapter describes security function policies and organisational security policies.
The TOE imports the paper documents of users, receives the document data from client
computers which are connected via Network, stores the confidential document data into HDD
of the TOE, and performs outputting by print and delivery. Therefore, the TOE is a digital
MFP with Security Function regarding receiving, storing, and outputting the document data.
The Security Functions of the TOE protect the stored document data and setting data in the
TOE from tampering and leakage by a third party with the user identification and
authentication, the access control, and the encryption, and it protects the communication
data on the internal network with the communication encryption.
And the Security Functions of the TOE have the functions to confirm that MFP control
software is software officially provided by RICOH COMPANY, LTD. and to record as audit
logs the events when checking the operation status of the entire TOE, or in the occurrence of
security breaches such as consecutive failures of the password entry.
Furthermore, the Security Functions of the TOE have the functions to manage the settings
related to the Security Functions, and to record the processing of the Security Functions.
Preventing and detecting against the breaches of the usage of the assumed TOE Security
Functions protect these implemented Security Functions.
3.1 Security Function Policies
The TOE possesses the Security Functions to counter the threats shown in Chapter 3.1.1 and
to meet the organisational security policy shown in Chapter 3.1.2.
3.1.1 Threats and Security Function Policies
3.1.1.1 Threats
The TOE assumes the threats shown in Table 3-1 and provides the functions for
countermeasure against them.
Table 3-1 Assumed Threats
Identifier Threat
T.ILLEGAL_USE
Attackers may read or delete document data by gaining
unauthorised access to the TOE though the external
TOE interfaces (the operation panel, network interface,
USB interface, or SD card interface).
T.UNAUTH_ACCESS
Authorised TOE users may breach the limits of
authorised usage and access document data through the
external TOE interfaces (the operation panel, network
interface, or USB interface).
T.ABUSE_SEC_MNG
Persons not authorised to use Security Management
Functions may abuse them.
T.SALVAGE
Attackers may remove the HDD from the TOE and
disclose document data.
(231 páginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais