Manualshelf

Operating instructions

ManualsBrandsRicoh ManualsComputer equipmentLD533CG
31323334353637383940
CRP-C0266-01
32
IPSec, S/MIME), execute supplemental tests to ensure these functions always work
effectively.
<Sampling Testing>
To take these viewpoints into account and to test the Security Functions and interfaces, 192
items were identified for sampling testing of the developer testing.
- Testing will be enforced for the following behaviours, which are essential to verify correct
operations of the Security Functions.
> Every possible combination of Access Control Function related to stored documents.
> Every possible combination of authorised users and authorised Security Management
Function operations.
> Every possible combination of authentication failure conditions.
> Performance of all functions related to verification of software validity.
> Checking functions for password strength.
> The Lockout and Lockout Release functions following password authentication failure.
> The encryption functions on stored documents.
> The Self-Test Function for encryption at TOE initialisation.
>The Network Communication Protection Function.
- Testing covered the verification of audit log completeness and verification of the audit log
records obtained.
- Testing covered all possible TOE interfaces (operation panel, Web interfaces, etc.)
b. Independent Testing Outline
Outline of the independent testing that the evaluator executed is as follows.
< Independent testing approach >
For (Viewpoint 1) of the independent testing, testing was executed using the same
approaches as used in the developer testing. For example:
- Use of different combinations of operating interfaces when developer testing involved
testing of competing operations on the same document.
- Use of different combinations of operating interfaces and roles when developer testing
involved access control testing.
For (Viewpoint 2) of the independent testing, testing was executed using an environment and
under settings that made SSL, IPSec, and S/MIME inactive. This ensured the TOE did not
perform any communications not encrypted by SSL, IPSec, or S/MIME. For SSL and IPSec,
packet capture software was used to check the content of communications. For S/MIME, the
evaluator verified on the client computer that e-mail could not be sent from MFP.
Testing sampled from the developer testing was performed using the same approaches as
those used in the developer testing.