1. Don Wright Director of Standards Lexmark International don@lexmark.com
P2600 Hardcopy Device and System Security September 2008 Working Group Meeting
Don Wright
Director of Standards
Lexmark International
9/22/2018

2. Opening Agenda Items Self Introductions Approval of the Agenda
9/22/2018

3. Agenda Items Tuesday/Wednesday, September 9-10 Welcome & Introductions
Update and Approve Agenda
Review and approve August Minutes
IEEE Patent Policy Review
2008 Meeting Schedule
Update on TCG (Volkoff)
Update on INCITS CS1 Working Group (Thrasher)
Update of CC Vendor's Forum (Sukert)
Review of Action Items from August Meeting
PP Evaluation ad hoc status (Nevo)
9/22/2018

4. Agenda Items Tuesday/Wednesday, September 9-10
Protection Profiles version 38 versus version 37
Comments
Sponsor ballot Comments
PP-A
PP-B
PP-C
PP-D
Issues raised on
Guide to P2600 PPs ad hoc status (Sukert)
Production Printing Profile (Sukert)
9/22/2018

5. Agenda Items Tuesday/Wednesday, September 9-10 Schedule Review
Other items
Posting and Comment deadlines for the October Meeting
Next meeting details
9/22/2018

6. Minutes from August Meeting
Minutes were published shortly after the meeting.
They are available at:
Any additions, deletions or corrections to the August minutes?
9/22/2018

7. Instructions for the WG Chair
The IEEE-SA strongly recommends that at each WG meeting the chair or a designee:
Show slides #1 through #4 of this presentation
Advise the WG attendees that:
The IEEE’s patent policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE-SA Standards Board Bylaws;
Early identification of patent claims which may be essential for the use of standards under development is strongly encouraged;
There may be Essential Patent Claims of which the IEEE is not aware. Additionally, neither the IEEE, the WG, nor the WG chair can ensure the accuracy or completeness of any assurance or whether any such assurance is, in fact, of a Patent Claim that is essential for the use of the standard under development.
Instruct the WG Secretary to record in the minutes of the relevant WG meeting:
That the foregoing information was provided and that slides 1 through 4 (and this slide 0, if applicable) were shown;
That the chair or designee provided an opportunity for participants to identify patent claim(s)/patent application claim(s) and/or the holder of patent claim(s)/patent application claim(s) of which the participant is personally aware and that may be essential for the use of that standard
Any responses that were given, specifically the patent claim(s)/patent application claim(s) and/or the holder of the patent claim(s)/patent application claim(s) that were identified (if any) and by whom.
The WG Chair shall ensure that a request is made to any identified holders of potential essential patent claim(s) to complete and submit a Letter of Assurance.
It is recommended that the WG chair review the guidance in IEEE-SA Standards Board Operations Manual and in FAQs 12 and 12a on inclusion of potential Essential Patent Claims by incorporation or by reference.
Note: WG includes Working Groups, Task Groups, and other standards-developing committees with a PAR approved by the IEEE-SA Standards Board.
9/22/2018
(Optional to be shown)

8. Participants, Patents, and Duty to Inform
All participants in this meeting have certain obligations under the IEEE-SA Patent Policy. Participants:
“Shall inform the IEEE (or cause the IEEE to be informed)” of the identity of each “holder of any potential Essential Patent Claims of which they are personally aware” if the claims are owned or controlled by the participant or the entity the participant is from, employed by, or otherwise represents
“Personal awareness” means that the participant “is personally aware that the holder may have a potential Essential Patent Claim,” even if the participant is not personally aware of the specific patents or patent claims
“Should inform the IEEE (or cause the IEEE to be informed)” of the identity of “any other holders of such potential Essential Patent Claims” (that is, third parties that are not affiliated with the participant, with the participant’s employer, or with anyone else that the participant is from or otherwise represents)
The above does not apply if the patent claim is already the subject of an Accepted Letter of Assurance that applies to the proposed standard(s) under consideration by this group
(Quoted text excerpted from IEEE-SA Standards Board Bylaws subclause 6.2)
Early identification of holders of potential Essential Patent Claims is strongly encouraged
No duty to perform a patent search
9/22/2018
Slide #1

9. Patent Related Links
All participants should be familiar with their obligations under the IEEE-SA Policies & Procedures for standards development. Patent Policy is stated in these sources:
IEEE-SA Standards Boards Bylaws
IEEE-SA Standards Board Operations Manual
Material about the patent policy is available at
If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at or visit
This slide set is available at
9/22/2018
Slide #2

10. Call for Potentially Essential Patents
If anyone in this meeting is personally aware of the holder of any patent claims that are potentially essential to implementation of the proposed standard(s) under consideration by this group and that are not already the subject of an Accepted Letter of Assurance:
Either speak up now or
Provide the chair of this group with the identity of the holder(s) of any and all such claims as soon as possible or
Cause an LOA to be submitted
9/22/2018
Slide #3

11. Other Guidelines for IEEE WG Meetings
All IEEE-SA standards meetings shall be conducted in compliance with all applicable laws, including antitrust and competition laws.
Don’t discuss the interpretation, validity, or essentiality of patents/patent claims.
Don’t discuss specific license rates, terms, or conditions.
Relative costs, including licensing costs of essential patent claims, of different technical approaches may be discussed in standards development meetings.
Technical considerations remain primary focus
Don’t discuss or engage in the fixing of product prices, allocation of customers, or division of sales markets.
Don’t discuss the status or substance of ongoing or threatened litigation.
Don’t be silent if inappropriate topics are discussed … do formally object.
See IEEE-SA Standards Board Operations Manual, clause and “Promoting Competition and Innovation: What You Need to Know about the IEEE Standards Association's Antitrust and Competition Policy” for more details.
9/22/2018
Slide #4

12. 2008 Meeting Schedule October 24: Lexington, KY @ Lexmark (with PWG)
December 11-12: Plantation, Equitrac
9/22/2018

13. Trusted Computing Group
Update
9/22/2018

14. INCITS CS1 : Cyber-Security
Update
Thrasher
9/22/2018

15. CS1 topics that might be of interest to P2600
CS1 Project -- Small Organization Baseline Information Security Handbook
(project is still in process at INCITS)
Presentation of the NIST proposal for a new project in CS1 – The Policy Machine
(no further update, likely to be next discussed at 1st meeting of next year, still discussing how to proceed)
The new CS1 Project -- Small Organization Baseline Information Security Handbook has been forwarded to the INCITS Secretariat however the draft announcement to describe the project and invite new members to participate is still in process.
The Ad-hoc meetings to discuss the next steps of the Policy Machine are still being held. However, as suspected, the actual work will likely be a family of standards instead of just one standard. NIST is still working on how to progress this project, they will either bring it forward to the CS1 group for an ballot in Q408 or at the first F2F meeting in 2009.
9/22/2018

16. Common Criteria V3.1
ISO/IEC :2008 Information technology -- Security techniques -- Evaluation criteria for IT security – Part 2: Security functional components
published
ISO/IEC :2008 Information technology -- Security techniques -- Evaluation criteria for IT security – Part 3: Security assurance components
ISO/IEC
(still working through the last steps in ISO process)
ISO/IEC DTR 15446: Information technology – Security techniques -- Guide for the production of Protection Profiles and Security Targets
(CS1 voted to approve without comment)
Parts 2 and 3 of have been published and are available from ISO.
Part 1 (FDIS) was approved by CS1 at the August F2F meeting and is continuing to progress through the ISO process.
The update to has been approved to go to TR.
9/22/2018

17. CS1 topics (mentioned last time) that might be of interest to P2600
ISO/IEC 1st CD , Information technology -- Security techniques -- Network security -- Part 1: Guidelines for network security
Voted to disapprove with comments
ISO/IEC 3rd WD ( ) -- Information technology -- Security techniques -- Network security -- Part 2: Guidelines for the design and implementation of network security
WD sent for review, CS1 provided comments on the draft
ISO/IEC 2nd WD Information technology -- Security techniques - Network security Part 3: Reference network scenarios Risks, design techniques and control issues
WD send for review, CS1 provided comments on the draft
The first CD of was out for vote to progress to the next stage. The CS1 group voted to disapprove with comments but the Delegates have the approval to change the vote if all the comments are address and there are no other issues that arise at the meeting. (after the next round of draft, may plan to provide a general summary of the contents)
Both parts 2 and 3 are in very early working draft stages with many changes requested by the CS1 group. The group discussed for quite a while if, even if the changes were integrated, a first CD could then be issued. Part of the group was very adamant to see the updated WD before agreeing to allow either to progress to CD. (still way too early to tell exactly where these drafts will land)
9/22/2018

18. CC Vendors Forum
Update
Sukert/Thrasher
9/22/2018

19. Action Items from Previous Meetings
Review entries in P2600-action-items excel spreadsheet
Pre-meeting Spreadsheet
9/22/2018

20. Old Business
PP Evaluation ad hoc (Nevo)
9/22/2018

21. Protection Profiles
Protection Profiles Comments: version 37 versus version 38
Comments
9/22/2018

22. Protection Profiles Sponsor Ballot Comments PP-A PP-B PP-C PP-D
9/22/2018

23. Issues raised on e-mail
None
9/22/2018

24. PP Guide Ad Hoc Team Current Status: Plan PP Guide Version 38a posted
Now includes drafts of Sections and 5.2.2
Plan
Post PP Guide Version 39a for Oct P2600 Meeting by Oct 10th
Goal is to have drafts for all of Section 5 plus as many additional sections as are available
Initial PP Guide ready for final review and approval at the Dec P2600 Meeting
9/22/2018

25. Production Printing Protection Profile
Production Printing Profile Status
Any change in status?
9/22/2018

26. Project Schedule
9/22/2018

27. Other Items 2009 Meeting Plan? Others? Should we confirm February?
Waikoloa – Hawaii
February 19-20
Others?
9/22/2018

28. October Meeting Deadlines
All PPs are under change control
All comments must be in the tool
The editor may not make changes EXCEPT based on submitted and accepted comments.
Posting of Documents: October 10, 2008
Posting of Comments: October 17, 2008
9/22/2018

29. Next Meeting Details Lexmark 740 W New Circle Rd Lexington, Ky 40511
October 24, 2008
Lexmark 740 W New Circle Rd Lexington, Ky 40511
Building 082
No hotel block
9/22/2018

30. Lexington Hotels 9/22/2018 HOTEL NAME HOTEL ADDRESS CITY STATE PHONE
CURR
Lexmark RATE PER NIGHT
Four Points By Sheraton Lexington
1938 Stanton Way
Lexington KY
USD 75
Lexington Downtown Hotel & Conference Center (formally the Radisson Plaza)**
369 West Vine Street 84
Hyatt Regency Lexington
401 West High Street 89
Homewood Suites by Hilton® / Hamburg Place
2033 Bryant Road  
Residence Inn Lexington North
1080 Newtown Pike 93
Residence Inn Lexington South / Hamburg Place
2688 Pink Pigeon Parkway
100
Marriott Griffin Gate Resort
1800 Newtown Pike
113
Embassy Suites Lexington
1801 Newtown Pike
105
9/22/2018

31. Next Meeting Location Map
9/22/2018

32. Next Meeting Location Map
9/22/2018

33. Thanks!
See you in Lexington!!
9/22/2018

34. Back-up Charts
BACK-UP CHARTS
9/22/2018

35. Existing Project Schedule
May Meeting (May 21-22)
Feedback from atsec
Recommendation on “family” versus “packages”
June Meeting (June in Longmont CO)
WG Comments on “packages” draft
Feedback from IPA from JBMIA meeting
Update on Production Printing Profile
Make a decision on getting a PAR for Production Printing Profile
Make a decision on the SCHEME(s) to be used
Create new sponsor ballot bodies (After June 28)
August Meeting (Aug 11 & Sharp in Portland OR
Revisit NIAP CIM comments
Deal with SCHEME comments
Deal with WG comments
Draft of Guide
Start Evaluation of PPs (post meeting)
Start .1, .2, .3, & .4 Sponsor Ballot (post meeting)
September Meeting (Sept 9 & 10 at Sharp in Washington DC)
Deal with any comments received from SCHEME/atsec
Work on Guide
October Meeting (Oct 24 at Lexmark in Lexington)
Process sponsor ballot comments on .1, .2, .3, .4
Discuss if PP’s still match Std 2600 – if not, process amendment PAR
December (Dec at Equitrac in Hollywood, FL) Meeting
Process Sponsor Ballot *recirculation” Comments
Finish Guide
9/22/2018

36. Mailing List and Web Site
Listserv run by the IEEE
An archive is available on the web site
Subscribe via a note to: containing the line: subscribe stds-2600
Only subscribers may send to the mailing list.
No Change
9/22/2018