Page 59 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
performed.
For this, FMT_SMF.1 specifies the required Security Management Functions for the Security Function
requirements.
d) Authorised use of Security Management Functions.
To fulfil O.MANAGE, authorised users shall be associated with the security management roles, and
operation permissions for the Security Management Functions shall be maintained, since the use of the
Security Management Functions depends on the authorised user roles.
FMT_SMR.1 associates authorised users with a general user, one of the four administrator roles (user
administrator, machine administrator, file administrator, or network administrator), or the supervisor
role, and maintains this association.
O.MEM.PROTECT Prevention of disclosure of data stored in memory
Following are the rationale behind the functional requirements corresponding to O.MEM.PROTECT in
Table 22, and these requirements are included to fulfil the O.MEM.PROTECT specification.
a) Generate the encryption keys and perform encryption operations adequately.
To fulfil O.MEM.PROTECT, the document data stored on the HDD shall be sufficiently encrypted to
make decoding difficult unless the document data is read with normal methods using the TOE.
For this, FCS_CKM.1 generates encryption keys at a key size of 256 bits with TRNG for the encryption
key generation algorithm (based on BSI-AIS31); and FCS_COP.1 encrypts document data when it is
stored on the HDD and decrypts it when it is read from the HDD using the encryption keys generated
with the AES encryption algorithm (which corresponds to FIPS197). Additionally, FTP_TST.1 tests at
the TOE start-up the validity of encryption keys and the performance of the Ic Hdd where encryption is
performed, and this prevents storage of unencrypted document data on the HDD.
O.NET.PROTECT Protection of network communication data
Following are the rationale behind the functional requirements corresponding to O.NET.PROTECT in Table
22, and these requirements are included to fulfil the O.NET.PROTECT specification.
a) Protect assets on communication path.
To fulfil O.NET.PROTECT, document data and print data on the communication path shall be
protected from leakage, and attempts at tampering with it shall also be detected.
For this, FTP_ITC.1 uses the IPSec protocol to protect data sent from the TOE to folders on FTP or
SMB servers, to protect document data on the network from leakage, and also to detect attempts at
tampering with document data.
FTP_TRP.1 also protects document data on networks from leakage and detects attempts at tampering
by use of a trusted path (described later) between the TOE and remote users. The mail service is
protected by S/MIME, which protects data sent by e-mail from the TOE to a client computer, protects
document data or print data on the network from leakage, and detects attempts at tampering.
The SSL protocol protects document data and print data that are is travelling through a web service,
print service, or fax service from a client computer from leakage and attempts at tampering.
To Next Page
Loading...
Need help?
General
