Non-It Environment - Ricoh Aficio MP 7001 SP Manual

4.2.2

Non-IT Environment

OE.PHYSICAL.MANAGED Physical management
OE.USER.AUTHORIZED
OE.USER.TRAINED
OE.ADMIN.TRAINED
OE.ADMIN.TRUSTED
OE.AUDIT.REVIEWED
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
appropriately configure the firewall according to the guidance document, and prevent
the attacks to the LAN from the Internet. Also, the responsible manager of MFP shall
instruct the MFP administrators to close the unused LAN ports and disable the USB use
at the time of installation according to the guidance document.
According to the guidance document, the TOE shall be placed in a secure or monitored
area that provides protection from physical access to the TOE by unauthorised persons.
Assignment of user authority
The responsible manager of MFP shall grant login user name, login password and user
role (supervisor, MFP administrator or normal user) to persons who follow the security
policies and procedures of their organisation to be authorised to use the TOE.
User training
The responsible manager of MFP shall train users according to the guidance document
and ensure that users are aware of the security policies and procedures of their
organisation and have the competence to follow those policies and procedures.
Administrator training
The responsible manager of MFP shall ensure that administrators are aware of the
security policies and procedures of their organisation; have the training, competence,
and time to follow the guidance document; and correctly configure and operate the TOE
according to those policies and procedures.
Trusted administrator
The responsible manager of MFP shall select administrators who will not use their
privileged access rights for malicious purposes according to the guidance document.
Log audit
The responsible manager of MFP shall ensure that audit logs are reviewed at appropriate
intervals according to the guidance document for detecting security violations or
unusual patterns of activity.
Page 36 of 87