Ricoh Aficio MP 8001 Manual page 59

d) Reliable record of time of event
To fulfil O.AUDIT , a reliable record of the times when events occurred should be available, as this
will help identify security breaches.
For this, FPT_STM.1 provides a trusted time stamp.
O.I&A User identification and authentication
Following are the rationale behind the functional requirements corresponding to O.I&A in Table 23, and
these requirements are included to fulfil the O.I&A specification.
a) Identify and authenticate users before they use the TOE.
To fulfil O.I&A, user identification and authentication shall be performed prior to allowing user
access to the TOE Security Functions.
For this, FIA_UID.2 identifies users prior to their use of TOE Security Functions, and FIA_UAU.2
authenticates identified users.
b) Allow successfully identified and authenticated users to use the TOE.
To fulfil O.I&A, users who authenticate successfully before they use any TOE Security Functions
shall be allowed use of the functions they have permission for.
For this, FIA_ATD.1 and FIA_USB.1 bind successfully identified and authenticated users with
relevant subjects. Association and maintenance of the subjects with security attributes is also
performed by FIA_ATD.1 and FIA_USB.1.
c) Complicate decoding of passwords.
To fulfil O.I&A, passwords for user authentication shall be protected from others while they are being
entered, and must not be easily guessable.
For this, FIA_UAU.7 prevents passwords being viewed by displaying masking characters (*: asterisks
or ?: bullets) in place of each password character entered in the authentication feedback area.
FIA_SOS.1 accepts only passwords that satisfy the Minimum Password Length and password
character combination specified by the user administrator, and it enables only passwords that are not
easily guessable. FIA_AFL.1 also reduces the possibility of users guessing passwords by locking out
users when their number of authentication attempts reaches the number specified by the machine
administrator. The authentication attempts include user authentication attempts from the Operation
Panel, the Web browser of a client computer, or a client computer when printing or faxing.
O.DOC_ACC Control of access to protected assets
Following are the rationale behind the functional requirements corresponding to O.DOC_ACC in Table 23,
and these requirements are included to fulfil the O.DOC_ACC specification.
a) Specify access control to document data and perform operations.
To fulfil O.DOC_ACC, each user shall be allowed to perform operations on document data according
to the operation permissions for document data set for each type of subject associated with the users
and each security attribute associated with the subject.
For this, FDP_ACC.1 and FDP_ACF.1 allow the administrator to delete document data if the
administrator's role associated with the administrator process is the file administrator. For general
users, FDP_ACC.1 and FDP_ACF.1 allow storage of document data, and when the general user IDs
associated with general user processes are registered in the document data ACL of a document,
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
Page 58 of 82