Ricoh C400DN Security Target - Page 78

Security Assurance Requirements Rationale

Get Ricoh C400DN - Aficio SP Color Laser Printer PDF manuals and user guides
UPC - 026649029516
View all Ricoh C400DN manuals
Add to My Manuals
Save this manual to your list of manuals

Page 78 highlights

Page 77 of 91 6.3.4 Security Assurance Requirements Rationale This TOE is the MFP, which is a commercially available product. The MFP is assumed that it will be used in a general office and this TOE does not assume the attackers with Enhanced-Basic or higher level of attack potential. Architectural design (ADV_TDS.2) is adequate to show the validity of commercially available products. A high attack potential is required for the attacks that circumvent or tamper with the TSF, which is not covered in this evaluation. The vulnerability analysis (AVA_VAN.2) is therefore adequate for general needs. However, protection of the secrecy of relevant information is required to make security attacks more difficult, and it is important to ensure a secure development environment. Development security (ALC_DVS.1) is therefore important also. In order to securely operate the TOE continuously, it is important to appropriately remediate the flaw discovered after the start of TOE operation according to flow reporting procedure (ALC_FLR.2). Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is appropriate for this TOE. Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
Page 77 of
91
Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
6.3.4
Security Assurance Requirements Rationale
This TOE is the MFP, which is a commercially available product. The MFP is assumed that it will be used in
a general office and this TOE does not assume the attackers with Enhanced-Basic or higher level of attack
potential.
Architectural design (ADV_TDS.2) is adequate to show the validity of commercially available products. A
high attack potential is required for the attacks that circumvent or tamper with the TSF, which is not covered
in this evaluation. The vulnerability analysis (AVA_VAN.2) is therefore adequate for general needs.
However, protection of the secrecy of relevant information is required to make security attacks more difficult,
and it is important to ensure a secure development environment. Development security (ALC_DVS.1) is
therefore important also.
In order to securely operate the TOE continuously, it is important to appropriately remediate the flaw
discovered after the start of TOE operation according to flow reporting procedure (ALC_FLR.2).
Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is
appropriate for this TOE.