Ricoh Aficio MP C3001 Security Target - Page 80

FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTA_SSL.3 FTP_ITC.1 FIA_UID.1 None None None None FIA_UID.1 None None None None None None None None None Page 79 of 93 The following explains the rationale for acceptability in all cases where a dependency is not satisfied: Rationale for Removing Dependencies on FCS_CKM.4 Once the MFP administrator generates the cryptographic key that is used for the HDD encryption of this TOE at the start of TOE operation, the cryptographic key will be continuously used for the HDD and will not be deleted. Therefore, cryptographic key destruction by the standard method is unnecessary. 6.3.4 Security Assurance Requirements Rationale This TOE is software for the MFP, which is a commercially available product. The MFP is assumed that it will be used in a general office and this TOE does not assume the attackers with the possibility of moderate or greater level attacks. Architectural design (ADV_TDS.2) is adequate to show the validity of commercially available products. A high attack potential is required for the attacks that circumvent or tamper with the TSF, which is not covered in this evaluation. The vulnerability analysis (AVA_VAN.2) is therefore adequate for general needs. However, protection of the secrecy of relevant information is required to make security attacks more difficult, and it is important to ensure a secure development environment. Development security (ALC_DVS.1) is therefore important also. In order to securely operate the TOE continuously, it is important to appropriately remediate the flaw discovered after the start of TOE operation according to flow reporting procedure (ALC_FLR.2). Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is appropriate for this TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.