Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.

Slides:



Advertisements
Similar presentations
Security Requirements
Advertisements

SBS Vendor Management™
ProCal Calibration Software
IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Westbrook Technologies from Document Management’s Role in HIPAA.
First Article Inspection Report
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
Effective Design of Trusted Information Systems Luděk Novák,
The Common Criteria for Information Technology Security Evaluation
Data Security The Best Data Security In The Industry.
IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, James R. Mensching, Gail Corbitt.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 12: Network Printing and Offline Files.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.
Lesson 18: Configuring Application Restriction Policies
Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Instructions and forms
Software Validation in Accredited Laboratories A Practical Guide Greg Gogates Fasor Inc. 26 Sept 2001 A copy of this paper will be maintained.
Smartcard Evaluation TM8104 – IT Security Evaluation Linda Ariani Gunawan.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
Tutorial 11 Installing, Updating, and Configuring Software
Week 9 Objectives Securing Files and Folders Protecting Shared Files and Folders by Using Shadow Copies Configuring Network Printing.
Evaluating Systems Information Assurance Fall 2010.
MEAP Applications.
Oilpalm.wildasia.org RSPO SCC Standard Group Certification (Part 3) RSPO LEAD AUDITOR SERIES SCCS M2c May 2013.
Chapter 6 of the Executive Guide manual Technology.
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Background. History TCSEC Issues non-standard inflexible not scalable.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
Module 5: Implementing Printing. Overview Introduction to Printing in the Windows Server 2003 Family Installing and Sharing Printers Managing Access to.
Stuff By Zach and Turtle To designate a default printer, choose Start > Control Panel > Printers and Faxes. Right-click the printer, and then.
CMSC : Common Criteria for Computer/IT Systems
SIGNAMAX CABLING SYSTEM. Signamax Cabling System The Signamax Cabling System Design Principles and Installation Practices are based on the requirements.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
14 March 2002Update on SDoC - USA1 Update on Supplier’s Declaration of Conformity – USA William Hurst Federal Communications Commission Office of Engineering.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
MFP Fleet control and Management Technical proposal for printing/scanning solution at.
The Functions of Operating Systems Network Operating Systems (NOS)
Not proprietary Threat Analysis Process Brian Smithson IEEE P2600 Working Group July 11-12, 2005 Cupertino, CA.
Introduction for the Implementation of Software Configuration Management I thought I knew it all !
The Common Criteria for Information Technology Security Evaluation
Business Document Platform
CJIS Security Policy Version 5.4, 10/06/2015
IEEE 2600 Protection Profile Group
8ICCC Update for IEEE P2600 Brian Smithson Ricoh Americas Corporation
Chapter 10: Supporting and Maintaining Desktop Applications
Systems Design Chapter 6.
Modular Object Scanning Technology (MOST)
Final Conference in Paris WP6 – Protection Profiles Specification
IEEE- P2600 PP Validation Suggested Process and Update
Software Validation in Accredited Laboratories
Business Document Platform
Proposed Alert Table Extension For Multi-Function Printers
IEEE- P2600 PP Guidelines Suggested Format and Content
Yesterday’s entertainment
Mapping TCSEC to Common Criteria
Presentation transcript:

Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo

Structure Comparison table TopicFamily of PPsPP with packages (PP?) Comments How many documents One document for all If IPA will not approve packages, will use PP How many basic PPs One mandatory common PP plus at least one of four hardcopy function PPs Select one of two mandatory basic PPs What included in the basic PP Common requirements for user I&A and administration, plus chosen hardcopy function (1) Network printer or (2) Network printer with copy and scan functions How many independent PPs/ packages 8 independent PPs (including the 4 hardcopy PPs) 4 independent packages (PPs?) Click for details Click for details

Structure Comparison table (continue) TopicFamily of PPsPP with packages (pps) Comme nts Configuration coverage Any combination of print, scan, copy, fax, doc server, doc server, HDD, SW install, network. Must have admin function. Printer or MFP; optional fax, HDD, SW install, local I/F. Must have network. No doc server. How to comply One mandatory common PP, plus at least one of four hardcopy function PPs and four independent PPs as needed One of two mandatory PPs, plus four dependent packages (pps) as needed Compliance statement Each PP is individually named, each name is specified for compliance One PP with specified name for compliance name. The name depended on the packages included Click for details

Structure Comparison table (continue) TopicFamily of PPsPP with packagesComments User (DAPS) Comments Prefer to have fewer PPs in order to show the differences and to compare between vendors NIAPAcceptable approach IPAOne document is acceptable if PPs are individually identified. No opinion yet on the FPP’s rules for use. Packages need to get IPA approval if not will use separate PPs ST must comply to everything that is described in a PP. Other schemes ?? CC laboratories ?? CC consultants? Packages are not evaluated, and do not need assets / threats / objectives; not sure how packages would be published / enforced

Family of PPs / Packages – What is included in the Common/Basic PP P COM, Protection Profile for Common Functions in Hardcopy Devices This Protection Profile shall be used for HCD products, and it includes common functions such as for configuring user identification/authorization, device options, data interfaces, security, or auditing. Plus at least one of these four: P PRT, Protection Profile for Print Functions in Hardcopy Devices P SCN, Protection Profile for Scan Functions in Hardcopy Devices P CPY, Protection Profile for Copy Functions in Hardcopy Device, P FAX, Protection Profile for Fax Functions in Hardcopy Devices Base HCD packages: Base Network Printer Package to include the following functions: Printing digital documents to paper form using a network interface Base Network MFD Package to include the following functions: Printing digital documents to paper form using a network interface Copying paper documents Scanning paper documents to digital form using a network interface The base packages are the same Go Back

Family of PPs / Packages – How many dependent PPs/ packages exist 8 independent optional PPs: P PRT, Protection Profile for Print Functions in Hardcopy Devices, Operational SCN, Protection Profile for Scan Functions in Hardcopy Devices, Operational P CPY, Protection Profile for Copy Functions in Hardcopy 76 Devices, Operational P FAX, Protection Profile for Fax Functions in Hardcopy Device, Operational P DSR, Protection Profile for Document Storage and Retrieval Functions in P NVS, Protection Profile for Nonvolatile Storage Functions in Hardcopy Devices, P SWI, Protection Profile for Software Installation Functions in Hardcopy Devices, P SMI, Protection Profile for Shared-medium Interface Functions in Hardcopy 4 dependent optional Packages: Nonvolatile Storage Package to include: Persistent storage and retrieval Non-Hardware Functional Update Package to include: Software / Firmware / Applet installation and upgrade Local Interface Package to include: User data and management data I/O through local interfaces (such as USB, Copy Control and others) Fax Package to include: Transmitting paper or digital documents to a facsimile device using a PSTN interface Receiving documents from a facsimile device and delivering them in paper or digital form using a PSTN interface Go Back

Family of PPs / Packages – How to comply Compliant Security Targets and other Protection Profiles shall claim at least Demonstrable Conformance with this family of Protection Profiles. Demonstrable conformance requires that the Security Target and other Protection Profiles be a suitable solution to the generic security problems described in this protection profile. Refer to Table 1 that describe the HCD packages that addressed by this Family of Protection Profiles. Certification Path Validation – The Base HCD Package is a dependency of the following other packages, i.e., when the following packages are included in a PP, Basic HCD package must also be included in the PP: Base HCD Package Either the Base Network Printer Package or Base Network MFD package Dependent packages of base HCD package including : Nonvolatile Storage package Non-Hardware Functional Upgrade package Local Interface package Fax package Naming of Protection Profile: If an ST claims Demonstrable Conformance to a base Package then the PP name that the ST claims conformance to “IEEE P Protection Profile with packages: Base Network Printer at EAL 3 with ALC_FLR 2 augmentation”. If an ST claim Demonstrable Conformance to a base package (e.g. Base Network Printer) and to one of the dependency functional packages (e.g. Nonvolatile Storage package) then the PP name that the ST claims conformance to is “IEEE P Protection Profile with packages: Base Network Printer, Nonvolatile Storage at EAL 3 with ALC_FLR 2 augmentation”. To claim conformance to any of the protection profiles that are contained in this Family of Protection Profiles, the conforming security target or protection profile shall comply with three rules: a) The Common Functions Rule: Security targets and other protection profiles shall claim at least Demonstrable Conformance with the following Protection Profile listed in Section 4.1 “PP References”: P COM. b) The Hardcopy Rule: Security targets and other protection profiles shall claim at least Demonstrable Conformance with one or more of the following Protection Profiles listed in Section 4.1 “PP References”: P PRT, P SCN, P CPY, or P FAX. c) The Complete TOE Rule: Security targets and other protection profiles shall claim at least Demonstrable Conformance with any and all Protection Profiles listed in Section 1 “PP References” whose target(s) of evaluation are representative of functions that are provided in the target of that security target or other protection profile. Demonstrable conformance requires that the security target and other protection profiles be a suitable solution to the generic security problems described in this Protection Profile. Go Back

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.