Ricoh Aficio MP C3001 Security Target - Page 81

Page 80 of 93 7 TOE Summary Specification This section describes the TOE summary specification for each security function. The security functions are described for each corresponding security functional requirement. 7.1 Audit Function The Audit Function is to generate the audit log of TOE use and security-relevant events (hereafter, "audit events"). This function provides the recorded audit log in a legible fashion for users to audit (audit log review). The recorded audit log can be viewed and deleted only by the MFP administrator. FAU_GEN.1 and FAU_GEN.2 The TOE records the audit log items, shown in Table 35, on the HDD in the TOE when audit events shown in Table 34 occur. Audit log items include basic log items and expanded log items. Basic log items are recorded whenever audit logs are recorded, and expanded log items are recorded only when audit events occur and the audit log items shown in Table 35 are recorded. FPT_STM.1 The date (year/month/day) and time (hour/minute/second) the TOE records for the audit log are derived from the system clock of the TOE. FAU_SAR.1, FAU_SAR.2, and FAU_STG.1 The TOE displays the operation menu for audit logs to be read on a Web browser screen only when it is accessed by the MFP administrator. The TOE provides the audit logs in a text format when the MFP administrator instructs the TOE to read the audit logs. FAU_STG.4 The TOE writes the newest audit log over the oldest audit log when there is insufficient space in the audit log files to append the newest audit log. Table 34 : List of Audit Events Audit Events Start-up of the Audit Function (*1) Shutdown of the Audit Function (*1) Success and failure of login operations (*2) Success and failure of login operations from RC Gate communication interface Table 30 Record of Management Function Date settings (year/month/day), time settings (hour/minute) Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.