Ricoh Aficio MP C2800 Security Target - Page 57

Page 57 of 80 FDP_ACC.1 and FDP_ADF.1 allow the general user to perform operations on document data. The operations that are permitted follow the operation permissions specified in the document data for each general user ID in the document data ACL. O. MANAGE Security management Following are the rationale behind the functional requirements corresponding to O.MANAGE inTable 22, and these requirements are included to fulfil the O.MANAGE specification. a ) Management of security attributes. To fulfil O.MANAGE, management of security attributes shall be permitted to specified users only, and a default value shall be specified for the document data ACL, which is a security attribute. For this, FMT_MSA.1 allows: - the user administrator to query, newly create, and change general user IDs; - general users to query general user IDs; - administrators to query and change their own administrator IDs; - supervisor to query administrator IDs; - administrators to query, add, and delete administrator roles assigned to themselves; - supervisor to query and change supervisor ID; - the file administrator, document file owners, and general users with full control operation permission for the document data to query and modify its document data ACL; and - the user administrator and general users with full control operation permission for the document data to query and modify the default ACLs of document data. FMT_MSA.3 specifies the default value of the document data ACL forstorage of new document data. b) Management and protection of TSF data. To fulfil O.MANAGE, access to TSF data shall be limited to specified users. For this, FMT_MTD.1 allows: - the machine administrator to query and specify the Number of Attempts before Lockout, specify the setting of the Lockout release timer, specify a Lockout time, specify a Lockout Flag for supervisor, specify the date and time of the system clock, specify the service mode lock setting, newly create and query HDD cryptographic keys, andquery and delete audit logs. FMT_MTD.1 also allows: - authorised TOE users to query the date and time of the system clock and the service mode lock setting; - the user administrator to query and specify the Minimum Password Length, complexity setting, anda Lockout Flag for general users; - the user administrator and applicable general users to specify the authentication information of general users, and newly create, delete, and change S/MIME user information; - the user administrator and general users to query S/MIME user information and destination details when sending data to folders; - supervisor to query and specify the Lockout Flag for administrators, and specify supervisor authentication information; and - supervisor and applicable administrators to change administrator authentication information. c ) Specify Management Functions. To fulfil O.MANAGE, the Security Management Functions for the implemented TSF shall be Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.