Ricoh Aficio MP 6001 SP Security Target - Page 65

O.DOC.NO_DIS Protection of document disclosure

Get Ricoh Aficio MP 6001 SP PDF manuals and user guides View all Ricoh Aficio MP 6001 SP manuals
Add to My Manuals
Save this manual to your list of manuals

Page 65 highlights

Page 64 of 87 FDP_ACC.1(b) X FDP_ACF.1(a) X X X FDP_ACF.1(b) X FDP_RIP.1 X X FIA_AFL.1 X FIA_ATD.1 X FIA_SOS.1 X FIA_UAU.1 X X FIA_UAU.7 X FIA_UID.1 X X FIA_USB.1 X FPT_FDI_EXP.1 X FMT_MSA.1(a) X X X FMT_MSA.1(b) X FMT_MSA.3(a) X X X FMT_MSA.3(b) X FMT_MTD.1 X X X X FMT_SMF.1 X X X X FMT_SMR.1 X X X X FPT_STM.1 X FPT_TST.1 X FTA_SSL.3 X X FTP_ITC.1 X X X X X X 6.3.2 Justification of Traceability This section describes below how the TOE security objectives are fulfilled by the TOE security functional requirements corresponding to the TOE security objectives. O.DOC.NO_DIS Protection of document disclosure O.DOC.NO_DIS is the security objective to prevent the documents from unauthorised disclosure by persons without a login user name, or by persons with a login user name but without an access permission to the document. To fulfil this security objective, it is required to implement the following countermeasures. (1) Specify and implement the access control to the user document. FDP_ACC.1(a) and FDP_ACF.1(a) restrict the reading of user document by the user role. Additionally, the normal users are restricted to read the user document by the operation permission granted to them. To normal users, the available document type of the user document is restricted by the executing MFP application, and the normal user can read only user document for which the reading permission is granted. The MFP administrator and supervisor are not allowed to read the user documents. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
Page 64 of
87
FDP_ACC.1(b)
X
FDP_ACF.1(a)
X
X
X
FDP_ACF.1(b)
X
FDP_RIP.1
X
X
FIA_AFL.1
X
FIA_ATD.1
X
FIA_SOS.1
X
FIA_UAU.1
X
X
FIA_UAU.7
X
FIA_UID.1
X
X
FIA_USB.1
X
FPT_FDI_EXP.1
X
FMT_MSA.1(a)
X
X
X
FMT_MSA.1(b)
X
FMT_MSA.3(a)
X
X
X
FMT_MSA.3(b)
X
FMT_MTD.1
X
X
X
X
FMT_SMF.1
X
X
X
X
FMT_SMR.1
X
X
X
X
FPT_STM.1
X
FPT_TST.1
X
FTA_SSL.3
X
X
FTP_ITC.1
X
X
X
X
X
X
6.3.2
Justification of Traceability
This section describes below how the TOE security objectives are fulfilled by the TOE security functional
requirements corresponding to the TOE security objectives.
O.DOC.NO_DIS Protection of document disclosure
O.DOC.NO_DIS is the security objective to prevent the documents from unauthorised disclosure by persons
without a login user name, or by persons with a login user name but without an access permission to the
document. To fulfil this security objective, it is required to implement the following countermeasures.
(1)
Specify and implement the access control to the user document.
FDP_ACC.1(a) and FDP_ACF.1(a) restrict the reading of user document by the user role. Additionally,
the normal users are restricted to read the user document by the operation permission granted to them.
To normal users, the available document type of the user document is restricted by the executing MFP
application, and the normal user can read only user document for which the reading permission is
granted. The MFP administrator and supervisor are not allowed to read the user documents.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.