Ricoh Aficio MP 5002 Security Target - Page 79

FIA_USB.1 FPT_FDI_EXP.1 FMT_MSA.1(a) FMT_MSA.1(b) FMT_MSA.3(a) FMT_MSA.3(b) FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_STM.1 FPT_TST.1 FTA_SSL.3 FTP_ITC.1 FIA_ATD.1 FMT_SMF.1 FMT_SMR.1 [FDP_ACC.1(a) or FDP_IFC.1] FMT_SMR.1 FMT_SMF.1 [FDP_ACC.1(b) or FDP_IFC.1] FMT_SMR.1 FMT_SMF.1 FMT_MSA.1(a) FMT_SMR.1 FMT_MSA.1(b) FMT_SMR.1 FMT_SMR.1 FMT_SMF.1 None FIA_UID.1 None None None None FIA_ATD.1 FMT_SMF.1 FMT_SMR.1 FDP_ACC.1(a) FMT_SMR.1 FMT_SMF.1 FDP_ACC.1(b) FMT_SMR.1 FMT_SMF.1 FMT_MSA.1(a) FMT_SMR.1 FMT_MSA.1(b) FMT_SMR.1 FMT_SMR.1 FMT_SMF.1 None FIA_UID.1 None None None None None None None None None None None None None None None None None Page 78 of 93 The following explains the rationale for acceptability in all cases where a dependency is not satisfied: Rationale for Removing Dependencies on FCS_CKM.4 Once the MFP administrator generates the cryptographic key that is used for the HDD encryption of this TOE at the start of TOE operation, the cryptographic key will be continuously used for the HDD and will not be deleted. Therefore, cryptographic key destruction by the standard method is unnecessary. 6.3.4 Security Assurance Requirements Rationale This TOE is the MFP, which is a commercially available product. The MFP is assumed that it will be used in a general office and this TOE does not assume the attackers with Enhanced-Basic or higher level of attack potential. Architectural design (ADV_TDS.2) is adequate to show the validity of commercially available products. A high attack potential is required for the attacks that circumvent or tamper with the TSF, which is not covered in this evaluation. The vulnerability analysis (AVA_VAN.2) is therefore adequate for general needs. However, protection of the secrecy of relevant information is required to make security attacks more difficult, and it is important to ensure a secure development environment. Development security (ALC_DVS.1) is therefore important also. Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.