Presentation is loading. Please wait.

Presentation is loading. Please wait.

1Copyright © 2013 The Printer Working Group. All rights reserved. MFP Technical Community Vendor F2F 1 Agenda Notes from ICCC Recap of the F2F meeting.

Published byPatrick Wright Modified over 10 years ago

Similar presentations

Presentation on theme: "1Copyright © 2013 The Printer Working Group. All rights reserved. MFP Technical Community Vendor F2F 1 Agenda Notes from ICCC Recap of the F2F meeting."— Presentation transcript:

1 1Copyright © 2013 The Printer Working Group. All rights reserved. MFP Technical Community Vendor F2F 1 Agenda Notes from ICCC Recap of the F2F meeting in Orlando Discussion of currently open issues and proposed resolutions https://ccusersforum.teamlab.com/products/projects/messages.aspx?prjID=239468#sortBy=comments&sortOrd er=descending&text=[issue] https://ccusersforum.teamlab.com/products/projects/messages.aspx?prjID=239468#sortBy=comments&sortOrd er=descending&text=[issue Updates from NIAP and IPA (if any) Plans and schedules Open discussion

2 Copyright © 2013 The Printer Working Group. All rights reserved. Notes from ICCC (1) The theme was Collaboration Major news items CNSSP #11 published (before ICCC) India elevated to certificate authorizing scheme All CCRA members agree in principle to new CC Recognition Arrangement 2

3 Copyright © 2013 The Printer Working Group. All rights reserved. Notes from ICCC (2) The CC Users Forum had a very strong presence before and during ICCC Next CCUF-CCDB workshop ~ Istanbul, ~ March 17 2014 Next ICCC was not announced at this ICCC It will be somewhere in India, late September as usual My guess is that ICCC 2015 will be in Australia 3

4 Copyright © 2013 The Printer Working Group. All rights reserved. Notes from ICCC (3) Some interesting presentations Dag Ströman (CCMC chair and head of the SE scheme) reported on the new CC pilot project creating a USB PP. It has been going on for a long time, and no TC created yet. T-Systems presented How to Create a Slim and Comprehensive PP, a process that looked similar to how we did the IEEE 2600-series PPs (except that it clusters SFRs around TOE security functions). 4

5 Copyright © 2013 The Printer Working Group. All rights reserved. Notes from ICCC (4) More interesting presentations IPA presented Vulnerability-Centric Assurance Activities for MFP PP as a candidate cPP, which foretells how IPA might write assurance activities in the new MFP PP. IPA also published a major update to their MFP Vulnerabilities research paper, this time in English too! In Japanese: https://www.ipa.go.jp/security/jisec/apdx/documents/201 30312report.pdf https://www.ipa.go.jp/security/jisec/apdx/documents/201 30312report.pdf In English: http://www.ipa.go.jp/security/jisec/apdx/documents/2013 0312report_E.pdf http://www.ipa.go.jp/security/jisec/apdx/documents/2013 0312report_E.pdf 5

6 Copyright © 2013 The Printer Working Group. All rights reserved. Notes from ICCC (5) Yet more interesting presentations Exact Conformance was explained by Jim Arnold (but it may or may not match NIAPs official but undocumented definition). Its Just a Printer – Lessons Learned over 10 Years of CC Evaluations by Xerox and CSC, brilliantly presented by Alan Sukert and Lachlan Turner, about how they reduced evaluation cost by 40%. Presentations are published on the web site: http://www.fbcinc.com/e/iccc/agenda.aspx http://www.fbcinc.com/e/iccc/agenda.aspx Photos and videos will be posted, sometime? 6

7 Copyright © 2013 The Printer Working Group. All rights reserved. Notes from ICCC (6) CNSSP #11 was published before ICCC I set up a Q&A session with NIAP at the CCUF-CCDB workshop on the Friday before ICCC Janine Pedersen answered questions that were submitted in advance and additional questions from the audience NIAP asked me to not publish a transcript because they want to make an official fact sheet They are working on a fact sheet Its pretty good 7

8 Copyright © 2013 The Printer Working Group. All rights reserved. Recap of Orlando F2F A full day meeting 17 in-person attendees, 4 people by telecon 7 different vendors from 4 countries 3 different labs, 3 different CC schemes, 3 different consultancies, and 2 others Not much administrative progress IPA and NIAP people were busy with CCRA meetings We addressed 34 technical comments Proposed resolutions for 25 issues Identified steps for further study on the other 9 issues Made vague plans for periodic telecons, F2F meetings 8

9 Copyright © 2013 The Printer Working Group. All rights reserved. Lots of comments were resolved Some were implemented in draft 0.6.3 Some were rejected For details, refer to the 2013-09-09 MFP TC F2F summary, posted on Teamlab https://ccusersforum.teamlab.com/products/files/doc editor.aspx?action=view&fileid=3223222 https://ccusersforum.teamlab.com/products/files/doc editor.aspx?action=view&fileid=3223222 9

10 Copyright © 2013 The Printer Working Group. All rights reserved. Currently open issues (1) User authorization is defined too narrowly Suggest that 3.1.1 is too narrow. Need to also include access to data. Note that Para 91 says exactly that, but only about faxes. Proposal: remove the second half of Note that the TOE can receive a PSTN fax without any User authorization, but the received Document is subject to access controls. 10

11 Copyright © 2013 The Printer Working Group. All rights reserved. Currently open issues (2) Discussion on I&A&A failure including external authentication There was interesting discussion about external I&A&A and what happens when it fails. Same thing for external audit storage. (should there be something like FIA_AFL and FAU_STG.4 for those cases?) TC F2F action item: look at Enterprise Security Management for how they handle this. Maybe it is just put in the audit log. None of the NDPP or ESM PPs address this (see https://ccusersforum.teamlab.com/products/projects/message s.aspx?prjID=239468&id=260161 for details) https://ccusersforum.teamlab.com/products/projects/message s.aspx?prjID=239468&id=260161 Proposal: don't worry about specifying how to handle failure of either external authentication services or external audit storage services. 11

12 Copyright © 2013 The Printer Working Group. All rights reserved. Currently open issues (3) Addition to the table 1, i.e. auditable events (4) For Modification to the group… what additional info should be collected? TC F2F action item: Look at Enterprise Security Management to see what they do. NDPP and ESM either dont even audit the event or (in one case) doesnt collect additional information. Details: https://ccusersforum.teamlab.com/products/projects/message s.aspx?prjID=239468&id=260163#comments https://ccusersforum.teamlab.com/products/projects/message s.aspx?prjID=239468&id=260163#comments Proposal: don't collect any additional information in the MFP PP. 12

13 Copyright © 2013 The Printer Working Group. All rights reserved. Currently open issues (4) Term non-fax data for information flow control SFR In FDP_IFF.1 the term non-fax data was confusing to all. Need a new term, or make an ECD. (¶173 and elsewhere) TC F2F action item: One proposal is to use D.USER.DOC and D.USER.JOB as the attributes: In FDP_IFF.1.5 say anything other than that is denied In FDP_IFF.1.2, FDP_IFF.1.3, FDP_IFF.1.4, express the rules for allowing it (left up to the ST author) The other proposal is to create an Extended Component. The TC needs to discuss / decide. 13

14 Copyright © 2013 The Printer Working Group. All rights reserved. Currently open issues (5) Addition to the table 1, i.e. auditable events (1 & 2) 1. Add Job submission with additional info type and identifier 2. Add to Job completion the additional info identifier and completion status TC F2F action item: vendors need to see if this is a standard practice in existing logs. The security-relevant purpose of this was not clear. Also, we need an answer about adding audit events beyond the PP requirements – does that violate exact compliance? 14

15 Copyright © 2013 The Printer Working Group. All rights reserved. Currently open issues (6) Audit log specification proposed by PWG PWG has created an audit log spec. We should look at that for potentially important events to log. Also look at the NDPP log requirements. (Table 1) TC F2F recommendation: We are not looking for additional audit requirements for certification purposes (nor format requirements for interoperability). Instead, we should look at the Enterprise Security Management PPs (including draft updates) and NDPP (including errata) for crypto, communications, and log requirements. It was noted that the audit requirements from NIAP and IPA may change over time, so we will need to re-check. 15

16 Copyright © 2013 The Printer Working Group. All rights reserved. Currently open issues (7) Not sure that these OSPs are necessary [very lengthy comment from Mario about OSPs] 16

17 Copyright © 2013 The Printer Working Group. All rights reserved. Updates from NIAP and IPA Nothing! 17

18 Copyright © 2013 The Printer Working Group. All rights reserved. Plans and Schedules NIAP updated their PP development schedule page and they show the MFP PP completion in Q4 2014 18

19 Copyright © 2013 The Printer Working Group. All rights reserved. Open Discussion 19

Download ppt "1Copyright © 2013 The Printer Working Group. All rights reserved. MFP Technical Community Vendor F2F 1 Agenda Notes from ICCC Recap of the F2F meeting."

Similar presentations

Printer Working Group Face-to-Face Meeting December 8, 2010

Printer Working Group Face-to-Face Meeting December 8, 2010
BeKnown How-to: Company Profiles & Jobs App for Timeline.

BeKnown How-to: Company Profiles & Jobs App for Timeline.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.

1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Post-Processing Workflow Sanjay Jain Co-Chair, Radiology Planning.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Post-Processing Workflow Sanjay Jain Co-Chair, Radiology Planning.
Doc.: IEEE 802.19-05/0006r0 Submission March 2005 Steve Shellhammer, Intel CorporationSlide 1 What is a CA document? Notice: This document has been prepared.

Doc.: IEEE /0006r0 Submission March 2005 Steve Shellhammer, Intel CorporationSlide 1 What is a CA document? Notice: This document has been prepared.
My AmeriCorps AmeriCorps National Programs Member Recruitment Presentation developed for the Corporation for National and Community Service by the eGrants.

My AmeriCorps AmeriCorps National Programs Member Recruitment Presentation developed for the Corporation for National and Community Service by the eGrants.
1 Balloting/Handling Negative Votes September 11, 2006 ASTM Training Session Bob Morgan Brynn Iwanowski.

1 Balloting/Handling Negative Votes September 11, 2006 ASTM Training Session Bob Morgan Brynn Iwanowski.
1 Balloting/Handling Negative Votes September 22 nd and 24 th, 2009 ASTM Virtual Training Session Christine DeJong Joe Koury.

1 Balloting/Handling Negative Votes September 22 nd and 24 th, 2009 ASTM Virtual Training Session Christine DeJong Joe Koury.
Task Group Chairman and Technical Contact Responsibilities ASTM International Officers Training Workshop September 2012 Scott Orthey and Steve Mawn 1.

Task Group Chairman and Technical Contact Responsibilities ASTM International Officers Training Workshop September 2012 Scott Orthey and Steve Mawn 1.
OLAC Process and OLAC Protocol: A Guided Tour Gary F. Simons SIL International ___________________________ OLAC Workshop 10 Dec 2002, Philadelphia.

OLAC Process and OLAC Protocol: A Guided Tour Gary F. Simons SIL International ___________________________ OLAC Workshop 10 Dec 2002, Philadelphia.
© 2006 Open Grid Forum OGF19 Federated Identity Rule-based data management Wed 11:00 AM Mountain Laurel Thurs 11:00 AM Bellflower.

© 2006 Open Grid Forum OGF19 Federated Identity Rule-based data management Wed 11:00 AM Mountain Laurel Thurs 11:00 AM Bellflower.
© 2006 Open Grid Forum INFOD-WG Status and Plans OGF21, Seattle, WA, USA

© 2006 Open Grid Forum INFOD-WG Status and Plans OGF21, Seattle, WA, USA
1 Copyright © 2012 The Printer Working Group. All rights reserved. IPP Working Group Session August 7, 2012 Redmond, WA PWG F2F Meeting.

1 Copyright © 2012 The Printer Working Group. All rights reserved. IPP Working Group Session August 7, 2012 Redmond, WA PWG F2F Meeting.
1Copyright © 2012, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group August 6, 2012 Redmond, WA PWG F2F Meeting Joe.

1Copyright © 2012, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group August 6, 2012 Redmond, WA PWG F2F Meeting Joe.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group August 4, 2010 Bagsværd, Denmark- PWG F2F Meeting.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group August 4, 2010 Bagsværd, Denmark- PWG F2F Meeting.
1Copyright © 2008, Printer Working Group. All rights reserved. Imaging Device Security (IDS) Working Group Camas, WA - PWG F2F Meeting August 13, 2008.

1Copyright © 2008, Printer Working Group. All rights reserved. Imaging Device Security (IDS) Working Group Camas, WA - PWG F2F Meeting August 13, 2008.
1 Copyright © 2009, Printer Working Group. All rights reserved. IPP Working Group Session 9 December 2009 Austin, TX - PWG F2F Meeting.

1 Copyright © 2009, Printer Working Group. All rights reserved. IPP Working Group Session 9 December 2009 Austin, TX - PWG F2F Meeting.
1 Copyright © 2009, Printer Working Group. All rights reserved. 1 IPP Working Group Session 14 October 2009 Cupertino, CA - PWG F2F Meeting.

1 Copyright © 2009, Printer Working Group. All rights reserved. 1 IPP Working Group Session 14 October 2009 Cupertino, CA - PWG F2F Meeting.
1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group February 2, 2011 Wailea-Makena, HI PWG F2F Meeting.

1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group February 2, 2011 Wailea-Makena, HI PWG F2F Meeting.
1 Copyright © 2010, Printer Working Group. All rights reserved. IPP Working Group Session 10 February 2010 Scottsdale, AZ - PWG F2F Meeting.

1 Copyright © 2010, Printer Working Group. All rights reserved. IPP Working Group Session 10 February 2010 Scottsdale, AZ - PWG F2F Meeting.

Similar presentations

Ads by Google