Ricoh Aficio MP 6001 SP Security Target - Page 33

3.2 Organisational Security Policies The following organisational security policies are taken: Page 32 of 87 P.USER.AUTHORIZATION User identification and authentication Only users with a login user name shall be authorised to use the TOE. P.SOFTWARE.VERIFICATION Software verification Procedures shall exist to self-verify executable code in the TSF. P.AUDIT.LOGGING Management of audit log records The TOE shall create and maintain a log of TOE use and security-relevant events. The audit log shall be protected from unauthorised disclosure or alteration, and shall be reviewed by authorised persons. P.INTERFACE.MANAGEMENT Management of external interfaces To prevent unauthorised use of the external interfaces of the TOE (Operation Panel, LAN, USB and telephone lines), operation of those interfaces shall be controlled by the TOE and its IT environment. P.STORAGE.ENCRYPTION Encryption of storage devices The TOE shall encrypt the stored data on the HDD inside the TOE. 3.3 Assumptions The assumptions related to this TOE usage environment are identified and described. A.ACCESS.MANAGED Access management According to the guidance document, the TOE is placed in a restricted or monitored area that provides protection from physical access by unauthorised persons. A.USER.TRAINING User training The responsible manager of MFP trains users according to the guidance document and users are aware of the security policies and procedures of their organisation and are competent to follow those policies and procedures. A.ADMIN.TRAINING Administrator training Administrators are aware of the security policies and procedures of their organisation, are competent to correctly configure and operate the TOE in accordance with the guidance document following those policies and procedures. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.