Ricoh Aficio MP 3350B Security Target - Page 32

Tracing Validity

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 32 highlights

Page 32 of 83 organisational security policies and assumptions. And the security objectives do not correspond to the assumptions (as the shaded region in Table 4 shows). Table 4: Relation between Security Environment and Security Objectives TOE Security Environment A.ADMIN A.SUPERVISOR A.NETWORK T.ILLEGAL_USE T.UNAUTH_ACCESS T.ABUSE_SEC_MNG T.SALVAGE T.TRANSIT T.FAX_LINE P.SOFTWARE Security Objectives O.AUDIT O.I&A O.DOC_ACC O.MANAGE O.MEM.PROTECT O.NET.PROTECT O.GENUINE O.LINE_PROTECT OE.ADMIN OE.SUPERVISOR OE.NETWORK X XXXX XXX X X X X X X X X X 4.3.2 Tracing Validity The following are the rationale for each security objective being appropriate to satisfy "3.1 Threats", "3.2 Organisational Security Policies" and "3.3 Assumptions". A.ADMIN (Administrators' Assumption) A.ADMIN presupposes that the Administrators have adequate knowledge to operate the TOE securely in the roles assigned to them, will guide General Users to operate the TOE securely. Additionally, Administrators will not carry out any malicious acts using Administrator permissions. By OE.ADMIN, the Responsible Manager for MFP selects trusted persons as Administrators, and provides them with the education programmes according to their Administrator Roles. The educated Administrators instruct General Users to be familiar with the compliance rules for secure operation for General Users, as explicitly stated in Administrator guidance for the TOE. Therefore, A.ADMIN is accomplished. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 32 of 83
organisational security policies and assumptions. And the security objectives do not correspond to the
assumptions (as the shaded region in Table 4 shows).
Table 4: Relation between Security Environment and Security Objectives
TOE Security
Environment
Security Objectives
A.ADMIN
A.SUPERVISOR
A.NETWORK
T.ILLEGAL_USE
T.UNAUTH_ACCESS
T.ABUSE_SEC_MNG
T.SALVAGE
T.TRANSIT
T.FAX_LINE
P.SOFTWARE
O.AUDIT
X
X
X
X
X
O.I&A
X
X
X
O.DOC_ACC
X
O.MANAGE
X
O.MEM.PROTECT
X
O.NET.PROTECT
X
O.GENUINE
X
O.LINE_PROTECT
X
OE.ADMIN
X
OE.SUPERVISOR
X
OE.NETWORK
X
4.3.2
Tracing Validity
The following are the rationale for each security objective being appropriate to satisfy "3.1 Threats", "3.2
Organisational Security Policies" and "3.3 Assumptions".
A.ADMIN
(Administrators' Assumption)
A.ADMIN presupposes that the Administrators have adequate knowledge to operate the TOE securely in the
roles assigned to them, will guide General Users to operate the TOE securely. Additionally, Administrators
will not carry out any malicious acts using Administrator permissions.
By OE.ADMIN, the Responsible Manager for MFP selects trusted persons as Administrators, and provides
them with the education programmes according to their Administrator Roles. The educated Administrators
instruct General Users to be familiar with the compliance rules for secure operation for General Users, as
explicitly stated in Administrator guidance for the TOE. Therefore, A.ADMIN is accomplished.
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.