Assurance requirement rationale – Konica Minolta BIZHUB 920 User Manual

assumed. And it assumes to be operated under the adequate security condition in terms of the

physical and human. Therefore, in “5.3. Security Strength”, the security strength claims

SOF-Basic that can adequately resist for attacking from the threat agent with the attack capability

of low level.

The following shows the operational measures to make this TOE operate in safety.

- The TOE shall be installed in the area where only the product-related person can operate.

- The administrator shall set the environment that the data will not disclose from the internal

network.

- The administrator shall execute for the general user the instruction and enlightenment to

maintain a secure condition of the TOE.

- The responsible person shall appoint and manage a person who does not carry out an illegal

act as an administrator.

- The responsible person or administrator shall close the maintenance contract with the CE. It

shall be specified a statement that the CE will not carry out an illegal act.

Therefore, the following person is specified as the threat agent.

Attack

capability : Low

level

As above mentioned, SOF-Basic is proper and consistent as the minimum function strength to

security objectives policies because the adequate resistance is taken for the threat agent with the

above mentioned attack capacity.

8.2.5. Assurance Requirement Rationale

This TOE is a product of commercial use, and requests the specifications of function and external

interface for the TOE, result of developer test, analysis of developer for obvious vulnerability, and

analysis of function strength in order to resist the threat with attack capability of low level.

Therefore, the level of evaluation assurance is proper for EAL3.

Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved