Ricoh Aficio MP C2800 Security Target - Page 19

Page 19 of 80 Audit Function This function is for checking the operational status of the TOE, and for recording events in the audit log, which is necessary for the detection of security breaches. Only the machine administrator is able to read and delete the recorded audit logs. The machine administrator can read the audit logs using the Web Service Function, and delete the audit logs using both the Operation Panel and the Web Service Function. Identification and Authentication Function T his function is for those who attempt to use the TOE from the Operation Panel or a client computer. It prompts the users to enter their user IDs and authentication details for user identification and authentication. However, when printing or faxing from aclient computer, this function sends the user's ID and authentication details to the TOE after the users enters their user ID and authentication details from printer or fax drivers, which are outside the TOE. The TOE then attempts to identify and authenticate the user with the received user ID and authentication information. The Identification and Authentication Function includes the following: - Account Lockout: If the number of consecutive unsuccessful attempts with the same particular user ID reaches the specified Number of Attempts before Lockout, this function temporarily prevents further login attempts from this user ID. - Authentication Feedback Area Protection: When a user enters their password, this function masks the password with protection charactersas it appears in the authentication feedback area, in order to prevent the password being viewed by others. - Password Quality Maintenance: This forces users to register passwords that satisfy both the Minimum Password Length and Password Complexity Settni g, which the user administrator sets in advance. Although this TOE has other Identification and Authentication Functions, this evaluation does not cover the functions other than those listed above. Document Data Access Control Function This function restricts operations on document data stored in the D-BOX to specified users only. Operations on document data includereading and deleting. Each of these operations is as follows: Reading document data: Read document data stored in the D-BOX. Deleting documentdata: Delete document data stored in the D -BOX. The TOE allows specified users, (file administrators, and general users) to perform operations on document data. File administrators are allowed to delete any document data. General users are allowed to perform only operations that are authorised by the permissions to process document data. The operation permissions in document data include read-only, edit, edit/delete, and full control. For editing permission, the same operation on document data is permitted as the read-only permission, and changing the Print Settings is also permitted. Table 2 shows the relationship between the operation authorised by the permissions to process document data and the operations possible on the document data. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.