Ricoh Aficio MP C2800 Security Target - Page 64

Page 64 of 80 recorded when any kind of auditable event occurs. Expanded audit information is data recorded for the generation of auditable events that require additional information for audit. Table 25 shows the audit information for each auditable event. If there is insufficient space in the audit log files to append new audit log files, older audit logs (identifiable by their time and date details) are overwritten with newer audit logs. Table 25: Auditable events and auditable information Auditable events Starting Audit Function (*1) Ending Audit Function (*1) Login Starting Lockout Releasing Lockout (*2) Lockout release at TOE startup HDD encryption key generation Successful storage of document data Successful reading of document data (*3) Successful deletion of document data Receiving fax Changing user password (including new creation and deletion) Deletion of administrator role Addition of administrator role Changing document data ACL Changing date and time of system clock Communication with trusted IT product Communication with remote user Deletion of entire audit log Audit logs Basic audit information - Date/time of event - Types of event (auditable events in this table) - Subject identity (*4) - Outcome Expanded audit information Locked out user Locked out user who is to be released Release methods (auto Lockout release/manual Lockout release) - - ID of object document data ID of object document data ID of object document data - The ID of the user in the event of new creation/changing/deletion of another user's authentication details - - ID of object document data - Communication IP address - -: No applicable expanded audit information Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.