Specifications
CRP-C0239-01
13
1.5.5 Threat
This TOE assumes such threats presented in Table 1-2 and provides functions for
countermeasure to them.
Table 1-2 Assumed Threats
Identifier Threat
T.ILLEGAL_USE Attackers may read or delete the Document Data
by gaining unauthorized access to the TOE from
the TOE external interfaces (Operation Panel,
Network Interface, USB Interface or SD CARD
interface).
T.UNAUTH_ACCESS Authorized TOE users may go beyond the bounds
of the authorized usage and access to Document
Data from the TOE external interfaces (Operation
Panel, Network Interface or USB Interface) that
are provided to the authorized TOE users.
T.ABUSE_SEC_MNG Persons who are not authorized to use Security
Management Function may abuse the Security
Management Function.
T.SALVAGE Attackers may take HDD out of the TOE and
disclose Document Data.
T.TRANSIT Attackers may illegally obtain, leak, or tamper
Document Data and Print Data that are sent or
received by the TOE via the Internal Networks.
T.FAX_LINE Attackers may gain unauthorized access to the
TOE from telephone lines.
1.5.6 Organisational Security Policy
Organisational security policy required in use of the TOE is presented in Table 1-3.
Table 1-3 Organisational Security Policy
Identifier Organisational Security Policy
P.SOFTWARE Measures are provided for verifying the integrity
of MFP Control Software, which is installed in
FlashROM in the TOE.
*Note: The "integrity" means that the software is
provided by RICOH with the regular
method and is the correct version.
1.5.7 Configuration Requirements
The TOE is connected to the following external environment as Figure 1-2 shows. The
entire following external environment is not required but it depends on how to use the
TOE.
- Client PC connected to the TOE via a USB Port
- Client PC connected to the TOE via Ethernet
- SMTP Server connected to the TOE via Ethernet
- FTP Server connected to the TOE via Ethernet
(An FTP Server has to support the IPSec communication)