Security Assurance Requirements Rationale - Ricoh Aficio MP 2852SP Manual

FMT_SMR.1
FPT_STM.1
FPT_TST.1
FTA_SSL.3
FTP_ITC.1
The following explains the rationale for acceptability in all cases where a dependency is not satisfied:
Rationale for Removing Dependencies on FCS_CKM.4
Once the MFP administrator generates the cryptographic key that is used for the HDD encryption of this
TOE at the start of TOE operation, the cryptographic key will be continuously used for the HDD and will not
be deleted. Therefore, cryptographic key destruction by the standard method is unnecessary.
6.3.4

Security Assurance Requirements Rationale

This TOE is the MFP, which is a commercially available product. The MFP is assumed that it will be used in
a general office and this TOE does not assume the attackers with Enhanced-Basic or higher level of attack
potential.
Architectural design (ADV_TDS.2) is adequate to show the validity of commercially available products. A
high attack potential is required for the attacks that circumvent or tamper with the TSF, which is not covered
in this evaluation. The vulnerability analysis (AVA_VAN.2) is therefore adequate for general needs.
However, protection of the secrecy of relevant information is required to make security attacks more difficult,
and it is important to ensure a secure development environment. Development security (ALC_DVS.1) is
therefore important also.
In order to securely operate the TOE continuously, it is important to appropriately remediate the flaw
discovered after the start of TOE operation according to flow reporting procedure (ALC_FLR.2).
Based on the terms and costs of the evaluation, the evaluation assurance level of EAL3+ALC_FLR.2 is
appropriate for this TOE.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
FIA_UID.1
None
None
None
None
FIA_UID.1 None
None None
None None
None None
None None
Page 77 of 91