Ricoh Aficio MP 3350B Security Target - Page 64

satisfied with FIA_UAU.2 and FMR_SMR.1.

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 64 highlights

Page 64 of 83 In this TOE, HDD encryption keys are stored in the area that cannot be accessed from outside Ic Hdd. In addition, after the Administrators generate encryption keys at the start of the TOE operation, deletion of encryption keys are not performed but only the change to overwrite the new encryption keys is performed. Therefore, the functional requirements for encryption key destructions using standard measures are not required. Rationale for removing the dependencies for FIA_UAU.1 Since this TOE employs FIA_UAU.2, which is hierarchical to FIA_UAU.1, the dependency on FIA_UAU.1 is satisfied with FIA_AFL.1 and FIA_UAU.7. Rationale for removing the dependencies for FIA_UID.1 Since this TOE employs FIA_UID.2, which is hierarchical to FIA_UID.1, the dependency on FIA_UID.1 is satisfied with FIA_UAU.2 and FMR_SMR.1. 6.3.4 Security Assurance Requirements Rationale This TOE is a commercially available product. It is assumed that the TOE is used in general offices, and that the attackers have the basic attack potential for this TOE. Architectural design (ADV_TDS.2) is adequate to show the validity of commercially available products. A high attack potential is required for attacks that circumvent or tamper the TSF, which is not covered by this evaluation. Therefore, the vulnerability analysis (AVA_VAN.2) is adequate for general needs. On the other hand, it is required to protect the secrecy of relevant information to make the attacks more difficult and it is important to ensure a secure environment for the development environment. Therefore, the development security (ALC_DVS.1) is important. Therefore, considering the term and cost for the evaluation, the evaluation assurance level of EAL3 is appropriate for this TOE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 64 of 83
In this TOE, HDD encryption keys are stored in the area that cannot be accessed from outside Ic Hdd. In
addition, after the Administrators generate encryption keys at the start of the TOE operation, deletion of
encryption keys are not performed but only the change to overwrite the new encryption keys is performed.
Therefore, the functional requirements for encryption key destructions using standard measures are not
required.
Rationale for removing the dependencies for FIA_UAU.1
Since this TOE employs FIA_UAU.2, which is hierarchical to FIA_UAU.1, the dependency on FIA_UAU.1
is satisfied with FIA_AFL.1 and FIA_UAU.7.
Rationale for removing the dependencies for FIA_UID.1
Since this TOE employs FIA_UID.2, which is hierarchical to FIA_UID.1, the dependency on FIA_UID.1 is
satisfied with FIA_UAU.2 and FMR_SMR.1.
6.3.4
Security Assurance Requirements Rationale
This TOE is a commercially available product. It is assumed that the TOE is used in general offices, and that
the attackers have the basic attack potential for this TOE.
Architectural design (ADV_TDS.2) is adequate to show the validity of commercially available products. A
high attack potential is required for attacks that circumvent or tamper the TSF, which is not covered by this
evaluation. Therefore, the vulnerability analysis (AVA_VAN.2) is adequate for general needs.
On the other hand, it is required to protect the secrecy of relevant information to make the attacks more
difficult and it is important to ensure a secure environment for the development environment. Therefore, the
development security (ALC_DVS.1) is important.
Therefore, considering the term and cost for the evaluation, the evaluation assurance level of EAL3 is
appropriate for this TOE.
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.