Conformance Claim Rationale; Consistency Claim With Toe Type In Pp; Consistency Claim With Security Problems And Security Objectives In Pp - Ricoh Aficio MP 2852SP Manual

2600.1-SMI conformant
2.4

Conformance Claim Rationale

2.4.1

Consistency Claim with TOE Type in PP

The targeted product type by the PP is the Hardcopy devices (hereafter, HCDs). The HCDs consist of the
scanner device and print device, and have the interface to connect telephone line. The HCDs combine these
devices and equip one or more functions of Copy Function, Scanner Function, Printer Function or Fax
Function. The Document Server Function is also available when installing the non-volatile memory medium,
such as hard disk drive, as additional equipments.
The MFP is the type of this TOE. The MFP has the devices the HCDs have, and equips the functions that
HCDs equip including the additional equipments. Therefore, this TOE type is consistent with the TOE type
in the PP.
2.4.2

Consistency Claim with Security Problems and Security Objectives in PP

Defining all security problems in the PP, P.STORAGE_ENCRYPTION and P.RCGATE.COMM.PROTECT
were augmented to the security problem definitions in chapter 3. Defining all security objectives in the PP,
O.STORAGE.ENCRYPTED and O.RCGATE.COMM.PROTECT were augmented to the security objectives
in chapter 4. Described below are the rationale for these augmented security problems and security objectives
that conform to the PP.
Although the PP is written in English, the security problem definitions in chapter 3 and security objectives in
chapter 4 are translated from English into Japanese. If the literal translation of the PP was thought to be
difficult for readers to understand the PP in Japanese, the translation was made comprehensible. This,
however, does not mean that its description deviates from the requirements of the PP conformance. Also, the
description is neither increased nor decreased.
Augmentation of P.STORAGE_ENCRYPTION and O.STORAGE.ENCRYPTED
P.STORAGE_ENCRYPTION and O.STORAGE.ENCRYPTED encrypt data on HDD and satisfy both other
organisational security policies in the PP and security objectives of the TOE. Therefore,
P.STORAGE_ENCRYPTION and O.STORAGE.ENCRYPTED were augmented but still conform to the PP.
Augmentation of P.RCGATE.COMM.PROTECT and O.RCGATE.COMM.PROTECT
P.RCGATE.COMM.PROTECT and O.RCGATE.COMM.PROTECT refer to security problems and security
objectives respectively, both of which are concerned with communications between the TOE and RC Gate.
These communications are not assumed in the PP, so that they are independent from the PP. Neither
transmission nor reception of the protected assets defined in the PP takes place in the communication
between the TOE and RC Gate. Also, the protected assets are not operated from the RC Gate. For these
reasons, these communications do not affect any security problems and security objectives defined in the PP.
Therefore, P.RCGATE.COMM.PROTECT and O.RCGATE.COMM.PROTECT were augmented, yet still
conform to the PP.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Page 30 of 91