Ricoh Aficio MP 6001 SP Security Target - Page 65
O.DOC.NO_DIS Protection of document disclosure
View all Ricoh Aficio MP 6001 SP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 65 highlights
Page 64 of 87 FDP_ACC.1(b) X FDP_ACF.1(a) X X X FDP_ACF.1(b) X FDP_RIP.1 X X FIA_AFL.1 X FIA_ATD.1 X FIA_SOS.1 X FIA_UAU.1 X X FIA_UAU.7 X FIA_UID.1 X X FIA_USB.1 X FPT_FDI_EXP.1 X FMT_MSA.1(a) X X X FMT_MSA.1(b) X FMT_MSA.3(a) X X X FMT_MSA.3(b) X FMT_MTD.1 X X X X FMT_SMF.1 X X X X FMT_SMR.1 X X X X FPT_STM.1 X FPT_TST.1 X FTA_SSL.3 X X FTP_ITC.1 X X X X X X 6.3.2 Justification of Traceability This section describes below how the TOE security objectives are fulfilled by the TOE security functional requirements corresponding to the TOE security objectives. O.DOC.NO_DIS Protection of document disclosure O.DOC.NO_DIS is the security objective to prevent the documents from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to the document. To fulfil this security objective, it is required to implement the following countermeasures. (1) Specify and implement the access control to the user document. FDP_ACC.1(a) and FDP_ACF.1(a) restrict the reading of user document by the user role. Additionally, the normal users are restricted to read the user document by the operation permission granted to them. To normal users, the available document type of the user document is restricted by the executing MFP application, and the normal user can read only user document for which the reading permission is granted. The MFP administrator and supervisor are not allowed to read the user documents. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.