Organisational Security Policies; Assumptions - Ricoh Aficio MP C305 Series Manual

3.2

Organisational Security Policies

The following organisational security policies are taken:
P.USER.AUTHORIZATION
P.SOFTWARE.VERIFICATION
P.AUDIT.LOGGING
P.INTERFACE.MANAGEMENT
P.STORAGE.ENCRYPTION
P.RCGATE.COMM.PROTECT
3.3

Assumptions

The assumptions related to this TOE usage environment are identified and described.
A.ACCESS.MANAGED
A.USER.TRAINING
Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
User identification and authentication
Only users with operation permission of the TOE shall be authorised to use the TOE.
Software verification
Procedures shall exist to self-verify executable code in the TSF.
Management of audit log records
The TOE shall create and maintain a log of TOE use and security-relevant events. The
audit log shall be protected from unauthorised disclosure or alteration, and shall be
reviewed by authorised persons.
Management of external interfaces
To prevent unauthorised use of the external interfaces of the TOE, operation of those
interfaces shall be controlled by the TOE and its IT environment.
Encryption of storage devices
The data stored on the HDD inside the TOE shall be encrypted.
Protection of communication with RC Gate
As for communication with RC Gate, the TOE shall protect the communication data
between itself and RC Gate.
Access management
According to the guidance document, the TOE is placed in a restricted or monitored
area that provides protection from physical access by unauthorised persons.
User training
The responsible manager of MFP trains users according to the guidance document and
users are aware of the security policies and procedures of their organisation and are
competent to follow those policies and procedures.
Page 35 of 91