Specifications
Samsung MFP Security Kit Type_B V1.5 Security Target
38
Copyright
2010 Samsung Electronics Co., Ltd., All rights reserved
3.2 Organizational Security Policy
This section describes the organizational security policies that the TOE or
operational environment should follow.
P.HIPAA_OPT
In order to keep track of security-relevant actions according to HIPAA
policy, the TOE should precisely leave the job history on record and safely
maintain their related security events, and properly go over the recorded
data.
P.SAFE_MANAGEMENT
The TOE should provide a safe management tool on the Web or local user
interface so that only an authorized administrator can manage the TOE in
a secure manner.
3.3 Assumption
The operational environment of the TOE should be managed according to
the security assurance requirements about distribution, function, and
guidance for user/system administrator. The following specification is an
assumption of the environment where the TOE will be installed, which
describes the physical, personnel, procedural, connective, and functional
aspects.
A. PHYSICAL_SECURITY
The TOE is protected from unauthorized physical counterfeit/camouflage
in the office environment.
A.TRUSTED_ADMINISTRATOR
The authorized system administrator of the TOE has no malice, has
received education about the TOE administrative functions, and should
perform proper actions according to the proposed manual provided with
the TOE. The local administrator should change the PIN at least once
every 40 days.
A.TRUSTED_NETWORK
The network connected to the TOE should install a firewall system
between the internal and external network to block attacks from outside.
A.TIME_STAMP