Ricoh Aficio MP 8001 sec - Page 31

Security Objectives of Operational Environment, Security Objectives Rationale

Get Ricoh Aficio MP 8001 PDF manuals and user guides View all Ricoh Aficio MP 8001 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 31 highlights

Page 30 of 82 O.LINE_PROTECT (Prevention of intrusion from telephone) The TOE shall prevent unauthorised access to the TOE from a telephone line connected to the Fax Unit. 4.2 Security Objectives of Operational Environment The following describes the security objectives of the operational environment. OE.ADMIN (Trusted administrators) The responsible manager of the MFP shall select trusted persons as administrators and instructs them on their administrator roles. Once instructed, administrators then shall instruct general users, familiarising them with the compliance rules for secure TOE operation as defined in the administrator guidance for the TOE. OE.SUPERVISOR (Trusted supervisor) The responsible manager of the MFP shall select a trusted person as a supervisor and instructs him/her on the role of supervisor. OE.NETWORK (Network environment for TOE connection) If the internal network, to which the TOE is connected, is connected to an external network such as the Internet, the organisation that manages operation of the internal network shall close any unnecessary ports between the external and internal networks (e.g. by employing a firewall) 4.3 Security Objectives Rationale This section describes the rationale of the security objectives. If all security objectives are fulfilled as explained in the following, the security problems defined in "3 Security Problem Definitions" are solved: all threats are countered, all organisational security policies enforced, and all assumptions upheld. 4.3.1 Tracing This section describes the correspondence between the previously described "3.1 Threats", "3.2 Organisational Security Policies" and "3.3 Assumptions", and either "4.1 Security Objectives for TOE" or "4.2 Security Objectives of Operational Environment" with Table 4. The "v" in the table indicates that each of the elements of the TOE Security Environment is satisfied by security objectives. Table 4 demonstrates that each security objective corresponds to at least one threat, organisational security policy, or assumption. As indicated by the shaded region in Table 4, assumptions are not upheld by TOE security objectives. Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 30 of 82
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
O.LINE_PROTECT
(Prevention of intrusion from telephone)
The TOE shall prevent unauthorised access to the TOE from a telephone line
connected to the Fax Unit.
4.2
Security Objectives of Operational Environment
The following describes the security objectives of the operational environment.
OE.ADMIN
(Trusted administrators)
The responsible manager of the MFP shall select trusted persons as administrators and
instructs them on their administrator roles. Once instructed, administrators then shall
instruct general users, familiarising them with the compliance rules for secure TOE
operation as defined in the administrator guidance for the TOE.
OE.SUPERVISOR
(Trusted supervisor)
The responsible manager of the MFP shall select a trusted person as a supervisor and
instructs him/her on the role of supervisor.
OE.NETWORK
(Network environment for TOE connection)
If the internal network, to which the TOE is connected, is connected to an external
network such as the Internet, the organisation that manages operation of the internal
network shall close any unnecessary ports between the external and internal networks
(e.g. by employing a firewall)
4.3
Security Objectives Rationale
This section describes the rationale of the security objectives.
If all security objectives are fulfilled as explained in the following, the security problems defined in "3
Security Problem Definitions" are solved: all threats are countered, all organisational security policies
enforced, and all assumptions upheld.
4.3.1
Tracing
This section describes the correspondence between the previously described "3.1 Threats", "3.2
Organisational Security Policies" and "3.3 Assumptions", and either "4.1 Security Objectives for TOE" or
"4.2 Security Objectives of Operational Environment" with Table 4. The "v" in the table indicates that each
of the elements of the TOE Security Environment is satisfied by security objectives.
Table 4 demonstrates that each security objective corresponds to at least one threat, organisational security
policy, or assumption. As indicated by the shaded region in Table 4, assumptions are not upheld by TOE
security objectives.