Assurance requirement rationale – Konica Minolta BIZHUB 920 User Manual
Page 85
assumed. And it assumes to be operated under the adequate security condition in terms of the
physical and human. Therefore, in “5.3. Security Strength”, the security strength claims
SOF-Basic that can adequately resist for attacking from the threat agent with the attack capability
of low level.
The following shows the operational measures to make this TOE operate in safety.
- The TOE shall be installed in the area where only the product-related person can operate.
- The administrator shall set the environment that the data will not disclose from the internal
network.
- The administrator shall execute for the general user the instruction and enlightenment to
maintain a secure condition of the TOE.
- The responsible person shall appoint and manage a person who does not carry out an illegal
act as an administrator.
- The responsible person or administrator shall close the maintenance contract with the CE. It
shall be specified a statement that the CE will not carry out an illegal act.
Therefore, the following person is specified as the threat agent.
Attack
capability : Low
level
As above mentioned, SOF-Basic is proper and consistent as the minimum function strength to
security objectives policies because the adequate resistance is taken for the threat agent with the
above mentioned attack capacity.
8.2.5. Assurance Requirement Rationale
This TOE is a product of commercial use, and requests the specifications of function and external
interface for the TOE, result of developer test, analysis of developer for obvious vulnerability, and
analysis of function strength in order to resist the threat with attack capability of low level.
Therefore, the level of evaluation assurance is proper for EAL3.
Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved