Ricoh Aficio MP C2800 Manual page 30

A.NETWORK
As specified by A.NETWORK, when the network that the TOE is connected to (the internal network) is
connected to an external network such as the Internet, the internal network shall be p rotected from
unauthorised communications originating from the external network.
As specified by OE.NETWORK, if the internal network, to which the TOE is connected, is connected to an
external network such as the Internet, the organisation managing operati o n of the internal network shall close
any unnecessary ports between the external and internal networks. Therefore, A.NETWORK is upheld.
T.ILLEGAL_USE (Malicious usage of the TOE)
To counter this threat, the TOE performs identification and authentication of users with O.I&A prior to their
use of the TOE Security Functions, and allows the successfully authenticated user to use the functions for
which the user has the operation permission. In addition, the TOE records the performance of O.I&A as audit
logs by O.AUDIT, and provides only the Machine administrator with the function to read the audit logs so
that the machine administrator detects afterwards whether or not there was security intrusion of O.I&A.
Therefore, the TOE can counter T.ILLEGAL_USE.
T.UNAUTH_ACCESS
To counter this threat, the TOE allows the authorised users identified by O.I&A to access to document data
according to the operation permission on document data that are assigned to the au thorised users' roles and
the authorised users by O.DOC_ACC. For example, if the authorised user is the general user, the TOE allows
the general user to perform operations on document data according to the operation permissions. If the
authorised user is a file administrator, the TOE allows the file administrator to delete the document data
stored in the D-BOX.
Therefore, the TOE can counter T.UNAUTH_ACCESS.
T.ABUSE_SEC_MNG
To counter this threat, the TOE allows onl y users who have successfully authenticated with O.I&A to use the
TOE Security Functions. The TOE also restricts management of the Security Functions to specified users
only, and control of TSF data, and security attributes by O.MANAGE. In addition, O.I&A and O.MANAGE
events are recorded in audit logs by O.AUDIT, and the function for reading audit logs is available to the
machine administrator only, so that the machine administrator can later identify whether or not security
intrusion events involving O.I&A and O.MANAGE occurred.
Therefore, the TOE can counter T.ABUSE_SEC_MNG.
T.SALVAGE
To counter this threat, the TOE converts the format of document data by O.MEM.PROTECT, making the
document data difficult to read and decode if the HDD is installed in a device other than the TOE. In addition,
the performance of O.MEM.PROTECT is recorded in audit logs by O.AUDIT, and the function for reading
audit logs is available to the machine administrator only, so that the machine administrator can later identify
whether or not O.MEM.PROTECT was performed successfully.
Therefore, the TOE can counter T.SALVAGE.
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
(Assumptions for network connections)
(Access violation of protected assets stored in the TOE)
(Abuse of Security Management Functions)
(Salvaging memory)
Page 30 of 80