Ricoh Aficio MP 2550B Security Target - Page 30

Page 30 of 83 4 Security Objectives This chapter describes the Security Objectives for TOE, Security Objectives for Operational Environment and Security Objectives Rationale. 4.1 Security Objectives for TOE This chapter describes the security objectives for the TOE. O.AUDIT (Audit) The TOE shall record the security-function-relevant events as audit logs, and provide only the Machine Administrator with the function to read the audit logs so that the Machine Administrator can detect whether or not there was security intrusion. O.I&A (Identification and Authentication for Users) The TOE shall perform identification and authentication of users prior to their use of the TOE security functions, and allow the successfully authenticated user to use the functions for which the user has the operation permission. O. DOC_ACC (Access Control to Protected Assets) For General Users, the TOE shall ensure the access to Document Data according to the operation permission for Document Data. The TOE shall also allow the File Administrator to delete Document Data stored in D-BOX. O. MANAGE (Security Management) The TOE shall allow only specific users the TOE can maintain the security to manage the security functions behaviour, TSF data, and security attributes. O.MEM.PROTECT (Prevention of Data Disclosure Stored in Memory) The TOE shall make the format of Document Data stored on HDD difficult to decode. O. NET.PROTECT (Protection of Network Communication Data) The TOE shall protect Document Data and Print Data on communication paths from interceptions, and detect tampering. O.GENUINE (Protection of Integrity of MFP Control Software) The TOE shall provide the function to verify the integrity of MFP Control Software, which is installed in FlashROM, with the TOE users. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.