Field of the Invention
The present invention relates to an information processing apparatus that processes information relating to a security policy, an information processing method, and a storage medium storing a program.
Description of the Related Art
In recent years, in usage of a digitized document, the possibility of a problem of leakage of the electronic document occurring is increasing. It is desirable for a server device or a personal computer (PC) connected to a network for an office or the like to operate in accordance with an information security policy determined for each office. An information security policy is a basic strategy relating to information security for a company overall, and consolidates the strategy for using information and preventing an intrusion from the outside and information leakage.
As devices connected to a network for an office or the like, there are peripheral apparatuses such as multifunction peripherals, in addition to PCs and server devices. As functions of a multifunction peripheral in recent years, there are those that have functions of storing image data in the multifunction peripheral and providing a file service to a PC, in addition to transmitting or printing an image. Complying with an information security policy similarly to a server device is also required for such a multifunction peripheral.
When a security policy is set, specific setting values relating to the security policy are fixed values, and writing by editing or the like is restricted. In such a case, information for restricting writing is saved internally. In accordance with such information for restricting writing, even if a user tries to edit a setting value for which writing is restricted by the security policy, a writing operation is prohibited.
An image forming apparatus for which ROM capacity is high, such as a sophisticated image forming apparatus, saves the information for restricting writing in the ROM. At a time of activation, the information for restricting writing is read from the ROM, and it is determined whether writing is restricted for a specific setting value. However, in an image forming apparatus such as a low-price model, because ROM capacity is not sufficient, there is a need to reduce as much as possible information that is saved in the ROM. In addition, if information for restricting writing is saved in the ROM, the ROM capacity will be pressed. To solve such a problem, an apparatus needing a security policy at activation time actively obtains the security policy from a management apparatus at activation time. Using an obtained security policy to perform access control (writing control) has been proposed (Japanese Patent Laid-Open No. 2004-94401).
However, in the method of Japanese Patent Laid-Open No. 2004-94401, even if it becomes possible to reduce data saved in the ROM, access to a management server at activation time becomes necessary each time. For example, a management server becomes necessary for a low-price model image forming apparatus, and extra cost is incurred.