Ricoh Aficio MP 8001 Manual page 33

A.NETWORK
As specified by A.NETWORK, when the network that the TOE is connected to (the internal network) is
connected to an external network such as the Internet, the internal network shall be protected from
unauthorised communications originating from the external network.
As specified by OE.NETWORK, if the internal network, to which the TOE is connected, is connected to an
external network such as the Internet, the organisation managing operation of the inte rnal network shall
close any unnecessary ports between the external and internal networks. Therefore, A.NETWORK is
upheld.
T.ILLEGAL_USE (Malicious usage of the TOE)
To counter this threat, the TOE performs identification and authentication of users with O.I&A prior to
their use of the TOE Security Functions, and allows the successfully authenticated user to use the functions
for which the user has the operation permission. In addition, the TOE records the performance of O.I&A as
audit logs by O.AUDIT, and provides only the machine administrator with the function to read the audit
logs so that the machine administrator detects afterwards whether or not there was security intrusion of
O.I&A.
Therefore, the TOE can counter T.ILLEGAL_USE.
T.UNAUTH_ACCESS
To counter this threat, the TOE allows the authorised users identified by O.I&A to access to document data
according to the operation permission on document data that are assigned to the authorised users' roles and
the authorised users by O.DOC_ACC. For example, if the authorised user is the general user, the TOE
allows the general user to perform operations on document data according to the operation permissions. If
the authorised user is a file administrator, the TOE allows the file administrator to delete the document data
stored in the D-BOX.
Therefore, the TOE can counter T.UNAUTH_ACCESS.
T.ABUSE_SEC_MNG
To counter this threat, the TOE allows only users who have successfully authenticated with O.I&A to use
the TOE Security Functions. The TOE also restricts management of the Security Functions to specified
users only, and control of TSF data, and security attributes by O.MANAGE. In addition, O.I&A and
O.MANAGE events are recorded in audit logs by O.AUDIT, and the function for reading audit logs is
available to the machine administrator only, so that the machine administrator can later identify whether or
not security intrusion events involving O.I&A and O.MANAGE occurred.
Therefore, the TOE can counter T.ABUSE_SEC_MNG.
T.SALVAGE
To counter this threat, the TOE converts the format of document data by O.MEM.PROTECT, making the
document data difficult to read and decode if the HDD is installed i n a device other than the TOE. In
addition, the performance of O.MEM.PROTECT is recorded in audit logs by O.AUDIT, and the function
for reading audit logs is available to the machine administrator only, so that the machine administrator can
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
(Assumptions for network connections)
(Access violation of protected assets stored in the TOE)
(Abuse of Security Management Functions)
(Salvaging memory)
Page 32 of 82