Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.

Published byDorothy Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo."— Presentation transcript:

1 Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo

2 Structure Comparison table TopicFamily of PPsPP with packages (PP?) Comments How many documents One document for all If IPA will not approve packages, will use PP How many basic PPs One mandatory common PP plus at least one of four hardcopy function PPs Select one of two mandatory basic PPs What included in the basic PP Common requirements for user I&A and administration, plus chosen hardcopy function (1) Network printer or (2) Network printer with copy and scan functions How many independent PPs/ packages 8 independent PPs (including the 4 hardcopy PPs) 4 independent packages (PPs?) Click for details Click for details

3 Structure Comparison table (continue) TopicFamily of PPsPP with packages (pps) Comme nts Configuration coverage Any combination of print, scan, copy, fax, doc server, doc server, HDD, SW install, network. Must have admin function. Printer or MFP; optional fax, HDD, SW install, local I/F. Must have network. No doc server. How to comply One mandatory common PP, plus at least one of four hardcopy function PPs and four independent PPs as needed One of two mandatory PPs, plus four dependent packages (pps) as needed Compliance statement Each PP is individually named, each name is specified for compliance One PP with specified name for compliance name. The name depended on the packages included Click for details

4 Structure Comparison table (continue) TopicFamily of PPsPP with packagesComments User (DAPS) Comments Prefer to have fewer PPs in order to show the differences and to compare between vendors NIAPAcceptable approach IPAOne document is acceptable if PPs are individually identified. No opinion yet on the FPP’s rules for use. Packages need to get IPA approval if not will use separate PPs ST must comply to everything that is described in a PP. Other schemes ?? CC laboratories ?? CC consultants? Packages are not evaluated, and do not need assets / threats / objectives; not sure how packages would be published / enforced

5 Family of PPs / Packages – What is included in the Common/Basic PP P2600.1-COM, Protection Profile for Common Functions in Hardcopy Devices This Protection Profile shall be used for HCD products, and it includes common functions such as for configuring user identification/authorization, device options, data interfaces, security, or auditing. Plus at least one of these four: P2600.1-PRT, Protection Profile for Print Functions in Hardcopy Devices P2600.1-SCN, Protection Profile for Scan Functions in Hardcopy Devices P2600.1-CPY, Protection Profile for Copy Functions in Hardcopy Device, P2600.1-FAX, Protection Profile for Fax Functions in Hardcopy Devices Base HCD packages: Base Network Printer Package to include the following functions: Printing digital documents to paper form using a network interface Base Network MFD Package to include the following functions: Printing digital documents to paper form using a network interface Copying paper documents Scanning paper documents to digital form using a network interface The base packages are the same Go Back

6 Family of PPs / Packages – How many dependent PPs/ packages exist 8 independent optional PPs: P2600.1-PRT, Protection Profile for Print Functions in Hardcopy Devices, Operational 2600.1-SCN, Protection Profile for Scan Functions in Hardcopy Devices, Operational P2600.1-CPY, Protection Profile for Copy Functions in Hardcopy 76 Devices, Operational P2600.1-FAX, Protection Profile for Fax Functions in Hardcopy Device, Operational P2600.1-DSR, Protection Profile for Document Storage and Retrieval Functions in P2600.1-NVS, Protection Profile for Nonvolatile Storage Functions in Hardcopy Devices, P2600.1-SWI, Protection Profile for Software Installation Functions in Hardcopy Devices, P2600.1-SMI, Protection Profile for Shared-medium Interface Functions in Hardcopy 4 dependent optional Packages: Nonvolatile Storage Package to include: Persistent storage and retrieval Non-Hardware Functional Update Package to include: Software / Firmware / Applet installation and upgrade Local Interface Package to include: User data and management data I/O through local interfaces (such as USB, Copy Control and others) Fax Package to include: Transmitting paper or digital documents to a facsimile device using a PSTN interface Receiving documents from a facsimile device and delivering them in paper or digital form using a PSTN interface Go Back

7 Family of PPs / Packages – How to comply Compliant Security Targets and other Protection Profiles shall claim at least Demonstrable Conformance with this family of Protection Profiles. Demonstrable conformance requires that the Security Target and other Protection Profiles be a suitable solution to the generic security problems described in this protection profile. Refer to Table 1 that describe the HCD packages that addressed by this Family of Protection Profiles. Certification Path Validation – The Base HCD Package is a dependency of the following other packages, i.e., when the following packages are included in a PP, Basic HCD package must also be included in the PP: Base HCD Package Either the Base Network Printer Package or Base Network MFD package Dependent packages of base HCD package including : Nonvolatile Storage package Non-Hardware Functional Upgrade package Local Interface package Fax package Naming of Protection Profile: If an ST claims Demonstrable Conformance to a base Package then the PP name that the ST claims conformance to “IEEE P2600.1 Protection Profile with packages: Base Network Printer at EAL 3 with ALC_FLR 2 augmentation”. If an ST claim Demonstrable Conformance to a base package (e.g. Base Network Printer) and to one of the dependency functional packages (e.g. Nonvolatile Storage package) then the PP name that the ST claims conformance to is “IEEE P2600.1 Protection Profile with packages: Base Network Printer, Nonvolatile Storage at EAL 3 with ALC_FLR 2 augmentation”. To claim conformance to any of the protection profiles that are contained in this Family of Protection Profiles, the conforming security target or protection profile shall comply with three rules: a) The Common Functions Rule: Security targets and other protection profiles shall claim at least Demonstrable Conformance with the following Protection Profile listed in Section 4.1 “PP References”: P2600.1-COM. b) The Hardcopy Rule: Security targets and other protection profiles shall claim at least Demonstrable Conformance with one or more of the following Protection Profiles listed in Section 4.1 “PP References”: P2600.1-PRT, P2600.1-SCN, P2600.1-CPY, or P2600.1-FAX. c) The Complete TOE Rule: Security targets and other protection profiles shall claim at least Demonstrable Conformance with any and all Protection Profiles listed in Section 1 “PP References” whose target(s) of evaluation are representative of functions that are provided in the target of that security target or other protection profile. Demonstrable conformance requires that the security target and other protection profiles be a suitable solution to the generic security problems described in this Protection Profile. Go Back

Download ppt "Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo."

Similar presentations

Security Requirements

Security Requirements
SBS Vendor Management™

SBS Vendor Management™
ProCal Calibration Software

ProCal Calibration Software
IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.

IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
First Article Inspection Report

First Article Inspection Report
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
Data Security The Best Data Security In The Industry.

Data Security The Best Data Security In The Industry.
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, 1998- James R. Mensching, Gail Corbitt.

 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, James R. Mensching, Gail Corbitt.

Similar presentations

Ads by Google