Page 40 of
93
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
O.USER.AUTHORIZED
User identification and authentication
The TOE shall require identification and authentication of users and shall ensure that
users are authorised in accordance with security policies before allowing them to use the
TOE.
O.INTERFACE.MANAGED
Management of external interfaces by TOE
The TOE shall manage the operation of external interfaces in accordance with the
security policies.
O.SOFTWARE.VERIFIED Software
verification
The TOE shall provide procedures to self-verify executable code in the TSF.
O.AUDIT.LOGGED
Management of audit log records
The TOE shall create and maintain a log of TOE use and security-relevant events in the
MFP and prevent its unauthorised disclosure or alteration.
O.STORAGE.ENCRYPTED Encryption of storage devices
The TOE shall ensure that the data is encrypted first and then stored on the HDD.
O.RCGATE.COMM.PROTECT
Protection of communication with RC Gate
The TOE shall conceal the communication data on the communication path between
itself and RC Gate, and detect any tampering with those communication data.
4.2
Security Objectives of Operational Environment
This section describes the security objectives of the operational environment.
4.2.1 IT
Environment
OE.AUDIT_STORAGE.PROTECTED
Audit log protection in trusted IT products
If audit logs are exported to a trusted IT product, the responsible manager of MFP shall
ensure that those logs are protected from unauthorised access, deletion and
modifications.
OE.AUDIT_ACCESS.AUTHORIZED
Audit log access control in trusted IT products
If audit logs are exported to a trusted IT product, the responsible manager of MFP shall
ensure that those logs can be accessed in order to detect potential security violations,
and only by authorised persons.
