Security Objectives for the Non-
This section describes the security objectives that must be fulfilled by non-IT
methods in the non-IT environment of the TOE.
Table 18: Security objectives for the non-IT environment
Rationale for Security
This section demonstrates that each threat, organizational security policy,
and assumption are mitigated by at least one security objective for the TOE,
and that those security objectives counter the threats, enforce the policies,
and uphold the assumptions.
Xerox Multi-Function Device Security Target
The TOE shall be placed in a secure or monitored area that
provides protection from unmanaged physical access to the
The TOE Owner shall grant permission to Users to be
authorized to use the TOE according to the security policies
and procedures of their organization.
The TOE Owner shall ensure that Users are aware of the
security policies and procedures of their organization, and
have the training and competence to follow those policies and
The TOE Owner shall ensure that TOE Administrators are
aware of the security policies and procedures of their
organization, have the training, competence, and time to
follow the manufacturer's guidance and documentation, and
correctly configure and operate the TOE in accordance with
those policies and procedures.
The TOE Owner shall establish trust that TOE Administrators
will not use their privileged access rights for malicious
The TOE Owner shall ensure that audit logs are reviewed at
appropriate intervals for security violations or unusual
patterns of activity.
2013 Xerox Corporation. All rights reserved.