Tracing Justification; Table 3: Relationship Between Security Environment And Security Objectives - Ricoh Gestetner MP 4001 Manual

Table 3: Relationship between security environment and security objectives

Security objectives
O.AUDIT
O.I&A
O.DOC_ACC
O.MANAGE
O.MEM.PROTECT
O.NET.PROTECT
O.GENUINE
O.LINE_PROTECT
OE.ADMIN
OE.SUPERVISOR
OE.NETWORK
4.3.2

Tracing Justification

The following are the rationale for each security objectives being appropriate to satisfy " 3.1 Threats", "3.2
Organisational Security Policies" and "3.3 Assumptions".
A.ADMIN
As specified by A.ADMIN, administrators shall have sufficient knowledge to operate the TOE securely in
the roles assigned to them and instruct general users to operate the TOE securely also. Additionally,
administrators are unlikely to abuse their permissions.
As specified by OE.ADMIN, the responsible manager of the MFP shall select trusted persons as
administrators and instruct them on their administrator roles. Once instructed, administrators then shall
instruct general users, familiarising them with the compliance rules for secure TOE operation as defined in
the administrator guidance for the TOE. Therefore, A.ADMIN is upheld.
A.SUPERVISOR
As specified by A.SUPERVISOR, supervisor shall have sufficient knowledge to operate the TOE securely in
the roles assigned to him/her, and be unlikely to abuse his/her permissions.
As specified by OE.SUPERVISOR, the responsible manager of the MFP shall select a trusted person as a
supervisor and instruct him/her on the role of supervisor. Therefore, A.SUPERVISOR is upheld.
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
TOE
security
Environment
v
v
(Assumptions for administrator)
(Assumptions for supervisor)
v v
v v v
v
v
v
Page 30 of 81
v v v
v
v
v
v