Home > Ricoh > All in One Printer > Ricoh Mp C3001 Instruction Manual

Ricoh Mp C3001 Instruction Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Ricoh Mp C3001 Instruction Manual. The Ricoh manuals for All in One Printer are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 41

    Page 41 Page 40 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. O.USER.AUTHORIZED User identification and authentication The TOE shall require identification and authentication of users and shall ensure that users are authorised in accordance with security policies before allowing them to use the TOE. O.INTERFACE.MANAGED Management of external interfaces by TOE The TOE shall manage the operation of external interfaces in accordance with the security policies. O.SOFTWARE.VERIFIED... 
        Page 40 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
O.USER.AUTHORIZED  User identification and authentication 
The TOE shall require identification and authentication of users and shall ensure that 
users are authorised in accordance with security policies before allowing them to use the 
TOE. 
O.INTERFACE.MANAGED   Management of external interfaces by TOE 
The TOE shall manage the operation of external interfaces in accordance with the 
security policies. 
O.SOFTWARE.VERIFIED...

    Page 42

    Page 42 Page 41 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. OE.INTERFACE.MANAGED Management of external interfaces in IT environment The IT environment shall take a countermeasure for the prevention of unmanaged access to TOE external interfaces. 4.2.2 Non-IT Environment OE.PHYSICAL.MANAGED Physical management According to the guidance document, the TOE shall be placed in a secure or monitored area that provides protection from physical access to the TOE by unauthorised... 
        Page 41 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
OE.INTERFACE.MANAGED    Management of external interfaces in IT environment 
The IT environment shall take a countermeasure for the prevention of unmanaged 
access to TOE external interfaces. 
4.2.2 Non-IT Environment 
OE.PHYSICAL.MANAGED Physical management 
According to the guidance document, the TOE shall be placed in a secure or monitored 
area that provides protection from physical access to the TOE by unauthorised...

    Page 43

    Page 43 Page 42 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 4.3 Security Objectives Rationale This section describes the rationale for security objectives. The security objectives are for upholding the assumptions, countering the threats, and enforcing the organisational security policies that are defined. 4.3.1 Correspondence Table of Security Objectives Table 11 describes the correspondence between the assumptions, threats and organisational security policies, and each... 
        Page 42 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
4.3  Security Objectives Rationale 
This section describes the rationale for security objectives. The security objectives are for upholding the 
assumptions, countering the threats, and enforcing the organisational security policies that are defined. 
4.3.1  Correspondence Table of Security Objectives 
Table 11 describes the correspondence between the assumptions, threats and organisational security policies, 
and each...

    Page 44

    Page 44 Page 43 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 4.3.2 Security Objectives Descriptions The following describes the rationale for each security objective being appropriate to satisfy the threats, assumptions and organisational security policies. T.DOC.DIS T.DOC.DIS is countered by O.DOC.NO_DIS, O.USER.AUTHORIZED and OE.USER.AUTHORIZED. By OE.USER.AUTHORIZED, the responsible manager of MFP gives the authority to use the TOE to users who follow the security policies... 
        Page 43 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
4.3.2  Security Objectives Descriptions 
The following describes the rationale for each security objective being appropriate to satisfy the threats, 
assumptions and organisational security policies. 
T.DOC.DIS 
T.DOC.DIS is countered by O.DOC.NO_DIS, O.USER.AUTHORIZED and OE.USER.AUTHORIZED. 
By OE.USER.AUTHORIZED, the responsible manager of MFP gives the authority to use the TOE to users 
who follow the security policies...

    Page 45

    Page 45 Page 44 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. data from unauthorised alteration by persons without a login user name, or by persons with a login user name but without an access permission to the TSF protected data. T.PROT.ALT is countered by these objectives. T.CONF.DIS T.CONF.DIS is countered by O.CONF.NO_DIS, O.USER.AUTHORIZED and OE.USER.AUTHORIZED. By OE.USER.AUTHORIZED, the responsible manager of MFP gives the authority to use the TOE to users who follow the... 
        Page 44 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
data from unauthorised alteration by persons without a login user name, or by persons with a login user name 
but without an access permission to the TSF protected data. 
T.PROT.ALT is countered by these objectives. 
T.CONF.DIS 
T.CONF.DIS is countered by O.CONF.NO_DIS, O.USER.AUTHORIZED and OE.USER.AUTHORIZED. 
By OE.USER.AUTHORIZED, the responsible manager of MFP gives the authority to use the TOE to users 
who follow the...

    Page 46

    Page 46 Page 45 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. P. AUDIT.LOGGING P.AUDIT.LOGGING is enforced by O.AUDIT.LOGGED, OE.AUDIT.REVIEWED, OE.AUDIT_STORAGE.PROTECTED and OE.AUDIT_ACCESS.AUTHORIZED. By O.AUDIT.LOGGED, the TOE creates and maintains a log of TOE use and security-relevant events in the MFP and prevents its unauthorised disclosure or alteration. By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at appropriate intervals for security... 
        Page 45 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
P. AUDIT.LOGGING 
P.AUDIT.LOGGING is enforced by O.AUDIT.LOGGED, OE.AUDIT.REVIEWED, 
OE.AUDIT_STORAGE.PROTECTED and OE.AUDIT_ACCESS.AUTHORIZED. 
By O.AUDIT.LOGGED, the TOE creates and maintains a log of TOE use and security-relevant events in the 
MFP and prevents its unauthorised disclosure or alteration.   
By OE.AUDIT.REVIEWED, the responsible manager of MFP reviews audit logs at appropriate intervals for 
security...

    Page 47

    Page 47 Page 46 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. By OE.ADMIN.TRAINED, the responsible manager of MFP ensures that the administrators are aware of the security policies and procedures of their organisation. For this, the administrators have the training, competence, and time to follow the guidance documents, and correctly configure and operate the TOE in accordance with those policies and procedures. A.ADMIN.TRAINING is upheld by this objective. A.ADMIN.TRUST... 
        Page 46 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
By OE.ADMIN.TRAINED, the responsible manager of MFP ensures that the administrators are aware of the 
security policies and procedures of their organisation. For this, the administrators have the training, 
competence, and time to follow the guidance documents, and correctly configure and operate the TOE in 
accordance with those policies and procedures. 
A.ADMIN.TRAINING is upheld by this objective. 
A.ADMIN.TRUST...

    Page 48

    Page 48 Page 47 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 5 Extended Components Definition This section describes Extended Components Definition. 5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP) Family behaviour This family defines requirements for the TSF to restrict direct forwarding of information from one external interface to another external interface. Many products receive information on specific external interfaces and are intended to... 
        Page 47 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
5  Extended Components Definition 
This section describes Extended Components Definition. 
5.1  Restricted forwarding of data to external interfaces (FPT_FDI_EXP) 
Family behaviour 
This family defines requirements for the TSF to restrict direct forwarding of information from one external 
interface to another external interface. 
 
Many products receive information on specific external interfaces and are intended to...

    Page 49

    Page 49 Page 48 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. are firewall systems but also other systems that require a specific work flow for the incoming data before it can be transferred. Direct forwarding of such data (i.e., without processing the data first) between different external interfaces is therefore a function that—if allowed at all—can only be allowed by an authorized role. It has been viewed as useful to have this functionality as a single component that allows... 
        Page 48 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
are firewall systems but also other systems that require a specific work flow for the incoming data before it 
can be transferred. Direct forwarding of such data (i.e., without processing the data first) between different 
external interfaces is therefore a function that—if allowed at all—can only be allowed by an authorized role. 
 
It has been viewed as useful to have this functionality as a single component that allows...

    Page 50

    Page 50 Page 49 of 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 6 Security Requirements This section describes Security Functional Requirements, Security Assurance Requirements and Security Requirements Rationale. 6.1 Security Functional Requirements This section describes the TOE security functional requirements for fulfilling the security objectives defined in section 4.1. The security functional requirements are quoted from the requirement defined in the CC Part2. The security... 
        Page 49 of 93 
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. 
6 Security Requirements 
This section describes Security Functional Requirements, Security Assurance Requirements and Security 
Requirements Rationale. 
6.1  Security Functional Requirements 
This section describes the TOE security functional requirements for fulfilling the security objectives defined 
in section 4.1. The security functional requirements are quoted from the requirement defined in the CC Part2. 
The security...
    Start reading Ricoh Mp C3001 Instruction Manual

    Related Manuals for Ricoh Mp C3001 Instruction Manual

    All Ricoh manuals