Ricoh Aficio MP 8001 Manual page 60

FDP_ACC.1 and FDP_ADF.1 allow the general user to perform operations on document data. The
operations that are permitted follow the operation permissions specified in the document data for each
general user ID in the document data ACL.
O.MANAGE Security management
Following are the rationale behind the functional requirements corresponding to O.MANAGE in Table 23,
and these requirements are included to fulfil the O.MANAGE specification.
1. Management of security attributes.
To fulfil O.MANAGE, management of security attributes shall be permitted to specified users only,
and a default value shall be specified for the document data ACL, which is a security attribute. For
this, FMT_MSA.1 allows:
- the user administrator to query, newly create, and change general user IDs;
- general users to query general user IDs;
- administrators to query and change their own administrator IDs;
- a supervisor to query administrator IDs;
- administrators to query, add, and delete administrator roles assigned to themselves;
- a supervisor to query and change supervisor ID;
- the file administrator, document file owners, and general users with full control operation
permission for the document data to query and modify its document data ACL; and
- the user administrator and general users with full control operation permission for the document
data to query and modify the default ACLs of document data.
FMT_MSA.3 specifies the default value of the document data ACL for storage of new document
data.
2. Management and protection of TSF data.
To fulfil O.MANAGE, access to TSF data shall be limited to specified users. For this, FMT_MTD.1
allows:
- the machine administrator to query and specify the Number of Attempts before Lockout, specify the
setting of the Lockout release timer, specify a Lockout time, specify a Lockout Flag for supervisor,
specify the date and time of the system clock, specify the service mode lock setting, newly create and
query HDD cryptographic keys, and query and delete audit logs.
FMT_MTD.1 also allows:
- authorised TOE users to query the date and time of the system clock and the service mode lock
setting;
- the user administrator to query and specify the Minimum Password Length, Password Complexity
Setting, and a Lockout Flag for general users;
- the user administrator and applicable general users to specify the authentication information of
general users, and newly create, delete, and change S/MIME user information;
- the user administrator and general users to query S/MIME user information and destination details
when sending data to folders;
- a supervisor to query and specify the Lockout Flag for administrators, and specify supervisor
authentication information; and
- a supervisor and applicable administrators to change administrator authentication information.
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
Page 59 of 82