Specifications
Samsung MFP Security Kit Type_B V1.5 Security Target
21
Copyright
2010 Samsung Electronics Co., Ltd., All rights reserved
Figure 3: Logical Scope of the TOE
Data Access Control (TSF_DAC)
The TOE prevents unauthorized use of the user-created data, which is
called preserved file; the user-created data is divided into two categories,
Public and Secured. When a user stores a document as Public, all users
can access and use the file. A file stored as Secured can only be accessed
by the user who stored the file. When storing a file as Secured, the user
must set a PIN required to access the file. Then the file can only be
accessed by entering the PIN on the LUI.
Security Audit (TSF_FAU)
Only authorized web administrators can download, analyze, and track the
security audit log through the WebUI. The audit log provides a job
owner’s identification, event number, date, time, ID, description, and data
to ensure credibility of the audit log. The TOE generates audit logs that
track events/actions (e.g., print/scan/fax job submission) to users (based
on network login). The audit logs are available to the TOE system
administrators and can be exported for viewing and analysis. SSL must be
configured in order for the system administrator to download the audit
logs; the downloaded audit logs are in comma separated format so that
they can be imported into an application such as Microsoft Excel™.