|
Action Item # |
Entry date |
Original Due date |
Planned date of completion |
Actual date of completion |
Assignee
[ -> others to
do the same] |
Clause |
Section |
Action |
Status
A=abandoned
C=complete
H=on hold
P=partial |
Disposition |
|
396 |
8/21/2007 |
11/15/2007 |
10/9/2009 |
10/26/2009 |
Smithson |
all |
|
send AI reminders (recurring AI) |
C |
|
|
507 |
4/30/2009 |
|
|
|
Smithson/Nevo |
PP-A |
|
Get a copy of the final atsec evaluation report without
confidential markings |
P |
request sent to atsec, no response received |
|
518 |
6/22/2009 |
|
|
9/30/2009 |
Smithson |
PP-B/C/D |
|
update PPs with revised scope/purpose from revised PARs |
C |
|
|
519 |
7/31/2009 |
|
|
9/29/2009 |
Smithson |
PP-B |
|
check with atsec on current status of BSI validation |
C |
estimated completion: end of October (2009 :-) |
|
521 |
7/31/2009 |
|
|
|
Sukert |
Guide |
|
draft something about the USB interface/drive comment from NIAP |
|
|
|
523 |
9/11/2009 |
10/9/2009 |
|
|
Smithson |
Guide |
|
resolve September guide comment #105 by asking for clarification
from Helmut and propose a resolution with Carmen and Alan |
P |
email sent to Helmut |
|
524 |
9/11/2009 |
10/9/2009 |
|
10/17/2009 |
Sukert |
Guide |
|
work out September guide comment #109 with Smithson |
C |
|
|
525 |
9/11/2009 |
10/11/2009 |
|
10/2/2009 |
Wright |
|
|
draft a new PAR for 2600.1 revision to use NIAP "tailored
assurance requirements" and set up a WG email vote (submit to
RevCom by 10/19) |
C |
|
|
526 |
9/30/2009 |
10/3/2009 |
|
9/30/2009 |
Smithson |
PP-B/C/D |
|
prepare find docs and diffs for WG vote, recirculation RevCom |
C |
|
|
527 |
9/30/2009 |
10/5/2009 |
|
10/2/2009 |
Wright |
PP-B/C/D |
|
arranged for WG vote by mail and recirculation |
C |
|
|
528 |
9/30/2009 |
10/18/2009 |
|
10/18/2009 |
Wright |
PP-B/C/D |
|
submit to RevCom for December 7-9 approval |
C |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
COMPLETED ITEMS APPEAR BELOW: |
|
1 |
5/19/2005 |
7/11/2005 |
8/1/2005 |
8/4/2005 |
Smithson |
|
|
post details for September meeting at Ricoh |
C |
|
|
2 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
1/4/2006 |
Wright |
2, annex |
|
update bibliography |
C |
|
|
3 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
10/11/2005 |
Sukert |
3, annex |
|
add terms from section 2 |
C |
draft in 2005-10 |
|
4 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
8/4/2005 |
Smithson |
5 |
|
reference mitigation techniques in section 3 rather than using
ones from NIST document |
C |
|
|
5 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
8/5/2005 |
Smithson |
6 |
|
define assets (from section 3) |
C |
|
|
6 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
10/11/2005 |
Sukert |
3, annex |
|
add acronyms from old sections 2 and 4 |
C |
draft in 2005-10 |
|
7 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
8/4/2005 |
Smithson |
5 |
|
add explanatory text about choosing security env based on asset
value rather than topology or name of env |
C |
|
|
8 |
4/12/2005 |
5/19/2005 |
|
9/15/2005 |
Haapanen |
7 |
|
decide if we want to include security env columns in final doc |
A |
restructuring of the presentation of threats removed this
column. |
|
9 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
|
Haapanen |
8 |
|
complete missing sections |
C |
|
|
10 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
8/5/2005 |
Smithson |
8, 6 |
|
move asset section from section 3 to section 1 |
C |
|
|
11 |
4/12/2005 |
5/19/2005 |
9/1/2005 |
|
Haapanen |
8 |
|
finish actual recommendations, align with clause 7 threats |
C |
aligned; recommendations largely complete |
|
12 |
5/19/2005 |
7/11/2005 |
9/16/2005 |
2/23/2006 |
Smithson |
new PP annex |
|
paste NIAP robustness level text into a new annex (see NIAP
instruction #5); ensure that our definitions and theirs are
consistent |
C |
consistency issues to be discussed at March 06 meeting |
|
13 |
5/19/2005 |
7/11/2005 |
|
6/12/2006 |
Smithson |
PPs |
|
consider NIAP instruction #3, modifying their text to suit our
target environment (for NIAP environments) |
C |
I suggest that we insert this block of text as a new section 3.1
in each PP (choosing the appropriate robustness for each PP).
See email discussion. |
|
14 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
4/26/2006 |
Smithson-> Nevo |
PP |
|
add ALC_FLR2 and AVA_MSU.1 per NIAP instruction #4 |
A |
subsumed by AI#68 |
|
15 |
5/19/2005 |
7/11/2005 |
|
|
Smithson -> Nevo |
PP |
|
reconcile NIAP's and our PP outline and naming; NIAP 6.2 would
be new |
A |
Dependent on new CEM for CC V3 |
|
16 |
5/19/2005 |
7/11/2005 |
|
|
Smithson |
PP |
|
make an alternate cover page for NIAP use only (per instruction
#6) |
C |
whoever writes the US Gov't version will create the appropriate
cover page |
|
17 |
5/19/2005 |
7/11/2005 |
|
7/12/2005 |
Smithson |
PP |
|
consider name/content changes to our Assumptions, per NIAP
instruction #7 (example: A.PHYSICAL instead of A.LOCATION);
maybe add A.NO_GENERAL_PURPOSE |
C |
superceded by AI#60 |
|
18 |
5/19/2005 |
7/11/2005 |
|
7/12/2005 |
open |
PP |
|
look at NIAP threats (per instruction #8) and consider using
their suggested text; also make sure our threats are appropriate
according to their criteria (no threats "that the TOE cannot
recognize") |
C |
superceded by AI#60 |
|
19 |
5/19/2005 |
7/11/2005 |
|
7/12/2005 |
Ohta |
PP |
|
go through all of NIAP instruction #9 (threats, policies,
objectives, and requirements) and determine implications for our
PP |
C |
superceded by AI#60 |
|
20 |
5/19/2005 |
7/11/2005 |
|
9/15/2005 |
Cybuck, Ohta |
PP |
|
determine what to do about NIAP instruction #10 (regarding IT
requirements); see Toronto minutes page 7; may require asking
NIAP and/or one or more PP evaluators |
C |
Cybuck reported that NIAP will look at our PP; use CC Version
3.0 |
|
21 |
5/19/2005 |
7/11/2005 |
|
9/15/2005 |
Ohta |
PP |
|
go through all of NIAP instruction #12 (rationale) and determine
implications for our PP |
C |
Use CC Version 3.0 |
|
22 |
5/19/2005 |
7/11/2005 |
|
9/15/2005 |
Cybuck, Ohta |
PP |
|
look at NIAP conventions (instruction #13) to see which NIAP
refinements are required; if there are some, we will then need
to determine if NIAP refinements can be interpreted by
evaluators outside of the US |
C |
Use CC Version 3.0 |
|
23 |
5/19/2005 |
7/11/2005 |
|
10/24/2005 |
Smithson -> Sukert |
PP |
|
consider what it means to define a "user" in general, per NIAP
instruction #14 |
C |
used definition of user from CC V3 |
|
24 |
5/19/2005 |
7/11/2005 |
|
12/13/2005 |
Smithson |
PP |
|
per NIAP instruction #15, specify "demonstrable" degree of
compliance (and define it) in the PP intro |
C |
Now goes into "Conformance Claims" in CC V3 - High is strict,
others demonstrable |
|
25 |
5/19/2005 |
7/11/2005 |
9/15/2005 |
9/15/2005 |
Cybuck, Ohta |
PP |
|
ask evaluators if FAU_GEN.1-NIAP-0407 (an explicit SFR, not a
refinement) is acceptable outside of US (per instruction #16);
also NIAP interpretations of FAU_SEL (#17). FAU_STG (#18), and
FDP-ACF (#22) |
C |
Use CC Version 3.0 |
|
26 |
5/19/2005 |
7/11/2005 |
9/15/2005 |
9/15/2005 |
Cybuck |
PP |
|
per NIAP instruction #21, ask DAPS and/or NIAP about the FIPS
140-2 requirement |
C |
Use CC Version 3.0 |
|
27 |
5/19/2005 |
7/11/2005 |
|
9/15/2005 |
Ohta |
PP |
|
look at FDP_IFF (NIAP instruction #23) and FIA_AFL (#24) and
modify PP as appropriate |
C |
Use CC Version 3.0 |
|
28 |
5/19/2005 |
7/11/2005 |
|
9/15/2005 |
open |
PP |
|
determine how we can address the "US Government PP" requirement
to follow their PP development process that is described in an
additional document |
C |
Use CC Version 3.0 |
|
29 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
8/25/2005 |
Smithson |
all |
|
reorganize document per agreement detailed in meeting slides |
C |
|
|
30 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
9/15/2005 |
Ohta -> Nevo, Aubry |
PP |
|
update Figure 1 with TIF file from Smithson (Toronto comment #2) |
C |
|
|
31 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
9/15/2005 |
Ohta -> Nevo, Aubry |
PP |
|
consistency of table 10 and 11 (see Toronto comment #3) |
C |
|
|
32 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
9/15/2005 |
Ohta -> Nevo, Aubry |
PP |
|
consistency of table 11 and 12 (see Toronto comment #4) |
C |
|
|
33 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
12/13/2005 |
Ohta -> Nevo, Aubry |
PP |
|
add to table 12 how FTA_SSL helps O.I&A (Toronto comment #5) |
C |
Ohta and Nevo complete
Not sure if this is needed for SOHO |
|
34 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
8/4/2005 |
Smithson |
5 |
|
change definition of HS env to exclude gov't classified
environments (Toronto comment #7) |
C |
|
|
35 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
9/15/2005 |
Ohta -> Nevo, Aubry |
PP |
|
change T.UD.IMP.* to T.UD.ALTER.* and change definition (Toronto
comment #10) |
C |
Not relevant for SOHO |
|
36 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
8/4/2005 |
Smithson |
5 |
1.3.5 |
clarify security issues in custom env (Toronto comment #11) |
C |
|
|
37 |
5/19/2005 |
7/11/2005 |
7/11/2005 |
7/4/2005 |
Yami |
8 |
3.3.2.3.1 |
draft a table of recommended algorithms and key sizes |
C |
|
|
38 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
9/15/2005 |
Ohta -> Nevo, Aubry |
PP |
|
change user and administrator "password" to "authentication
data" throughout (Toronto comment #13) |
C |
|
|
39 |
5/19/2005 |
7/11/2005 |
7/11/2005 |
7/1/2005 |
Ohta -> Nevo |
PP |
|
add role of Auditor and apply where necessary (in HS and
Enterprise only) (Toronto comments #14 - #16) |
C |
Complete |
|
40 |
5/19/2005 |
7/11/2005 |
7/11/2005 |
7/1/2005 |
Ohta -> Nevo |
PP |
|
elaborate on 4.5.1.3 subsections (Toronto comment #18) |
C |
|
|
41 |
5/19/2005 |
7/11/2005 |
7/11/2005 |
9/15/2005 |
Ohta -> Nevo |
PP |
|
various comments regarding crypto keys (Toronto comment #19) |
C |
Ohta and Nevo complete |
|
42 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
8/4/2005 |
Smithson |
5 |
|
add text saying that there can be other Custom envs but they are
not further discussed (Toronto comment #20) |
C |
|
|
43 |
5/19/2005 |
7/11/2005 |
|
9/15/2005 |
Haapanen, Thraster |
7,8 |
|
reconcile threat likelihood/risk/whatever between these two
clauses (Toronto comment #21) |
C |
awaiting threat analysis completion; restructuring of document
eliminates duplicate information getting out of sync. |
|
44 |
5/19/2005 |
7/11/2005 |
|
|
Haapanen |
8 |
|
make sure threat descriptions in clause 8 match the text in
clause 7 (Toronto comment #22) |
C |
|
|
45 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
9/15/2005 |
Ohta -> Nevo, Aubry |
PP |
|
threat description text changes (Toronto comments #23, #24, #25) |
C |
|
|
46 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
9/15/2005 |
Ohta -> Nevo, Aubry, Haapanen, Thrasher |
7, 8, PP |
|
change threat description of EA.PROXY and EA.DOS (Toronto
comment #27) |
C |
Not relevant for SOHO |
|
47 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
12/13/2005 |
Ohta -> Nevo, Aubry |
PP |
|
threat description changes (Toronto comments #28 and #29) |
C |
Ohta and Nevo complete |
|
48 |
5/19/2005 |
7/11/2005 |
9/1/2005 |
9/15/2005 |
Ohta -> Nevo, Aubry |
PP |
|
add intersection between T.TSF.SW and O.I&A (Toronto comment
#31) |
C |
Not relevant for SOHO |
|
49 |
5/20/2005 |
7/11/2005 |
9/1/2005 |
|
Cybuck |
5 |
|
change Enterprise to asset value = M and give new examples (see
Toronto minutes pg 16-17) |
C |
examples need to be written |
|
50 |
5/20/2005 |
7/11/2005 |
7/11/2005 |
6/21/2005 |
Smithson, w/Aubry |
- |
|
give directions and guidelines for performing risk assessment
and re-run with new Enterprise definition (and more
participants), see Toronto minutes pg. 18-19 and meeting slides
("Other") |
C |
insufficient response to collate meaningful results |
|
51 |
5/20/2005 |
|
|
5/24/2005 |
Wright |
- |
|
publish email comments database/resolutions |
C |
|
|
52 |
5/20/2005 |
7/11/2005 |
|
9/15/2005 |
Wright |
PP |
|
find out from IEEE editors if PPs can be standalone documents
referenced by the P2600 standard, or must they be incorporated
in a single P2600 document |
C |
Leave PPs in P2600 (at least for now) |
|
53 |
7/11/2005 |
9/1/2005 |
|
9/15/2005 |
Cybuck |
PP |
|
if we have a US Govt PP, can another agency certify it, and will
the US Govt accept that product certification? |
C |
Per Peter's work with NIAP, under CC V3, yes. |
|
54 |
7/11/2005 |
9/1/2005 |
|
8/1/2005 |
Smithson |
1 |
|
need to get original text back into scope and purpose, can have
more but not change original (from PAR) |
C |
|
|
55 |
7/11/2005 |
9/1/2005 |
|
8/2/2005 |
Smithson |
4 |
|
1.4.2 use of the standard FOR EACH ROLE |
C |
|
|
56 |
7/11/2005 |
7/12/2005 |
|
7/12/2005 |
Sukert |
HS PP |
|
review threat analysis output and propose common sense
resolution to "yellow" items with rationale for their
inclusion/exclusion |
C |
|
|
57 |
7/11/2005 |
7/12/2005 |
|
7/12/2005 |
Freas |
Ent PP |
|
review threat analysis output and propose common sense
resolution to "yellow" items with rationale for their
inclusion/exclusion |
C |
|
|
58 |
7/11/2005 |
7/12/2005 |
|
7/12/2005 |
Chen |
SOHO PP |
|
review threat analysis output and propose common sense
resolution to "yellow" items with rationale for their
inclusion/exclusion |
C |
|
|
59 |
7/11/2005 |
7/12/2005 |
|
7/12/2005 |
Happanen |
Public PP |
|
review threat analysis output and propose common sense
resolution to "yellow" items with rationale for their
inclusion/exclusion |
C |
|
|
60 |
7/12/2005 |
9/1/2005 |
|
9/15/2005 |
PP team |
PPs |
|
CIM instructions 7, 8, 9 (supercedes AI#17,18,19) |
C |
Dealt with under conversion to CC V3. |
|
61 |
7/12/2005 |
9/1/2005 |
|
|
|
|
|
define/distinguish device settings and security settings |
A |
Subsumed by #64 |
|
62 |
7/12/2005 |
9/1/2005 |
|
7/14/2005 |
Wright |
- |
|
combine and publish threat/environment results |
C |
|
|
63 |
7/11/2005 |
9/1/2005 |
|
8/1/2005 |
Smithson |
4 |
x.4.3 |
add more specificity about different classes of users of the
standard, i.e. manufacturers, end users, IT people |
C |
|
|
64 |
7/11/2005 |
9/1/2005 |
|
9/28/2005 |
Yami |
all |
|
propose complete descriptions of and distinctions between
"security settings" and "device settings" |
C |
|
|
65 |
7/11/2005 |
9/1/2005 |
|
9/15/2005 |
Smithson -> Nevo, Aubry |
PP |
|
rewrite T.DOS objective so that it does not prohibit reboot as a
recovery from attack |
C |
Nevo complete, Smithson:Complete
Not relevant for SOHO |
|
66 |
7/11/2005 |
9/1/2005 |
|
9/15/2005 |
Smithson -> Nevo, Aubry |
PP |
|
change T.DOS.PRT description to say "sending a print file that
causes the system processor to enter a continuous printing or
program loop" |
C |
Nevo complete, Smithson:Complete
Not relevant for SOHO |
|
67 |
7/12/2005 |
9/1/2005 |
|
|
Nevo |
PP-B |
|
O.RESILIENT definition should be made consistent across the PPs
-- Because of a DoS attack, assets are not compromised. Need to
add that assets are not compromised to the definition of
O.Resilient |
C |
HVA done
Pub done
SOHO n/a |
|
68 |
9/15/2005 |
10/13/2005 |
|
10/20/2006 |
Smithson, Nevo, Aubry |
PP |
|
Convert PPs to CC Version 3 plus
non-offensive CIM recommendations -
open
Add ALC_FLR.2 to Public PP and then to other PPs (old AI#124) -
in C & D, not A or B
add ALC_FLR.2 and AVA_MSU.1 per NIAP instruction #4 (old AI#14)
- AVA_MSU - not in CCV3 |
C |
Converted but with no NIAP/CIM requirements; proposal to be
discussed in Lexington-23 |
|
69 |
9/15/2005 |
10/24/2005 |
|
10/24/2005 |
Thrasher |
PP |
|
at the next CS1 meeting, ask when CC V3 is going to be an
international standard |
C |
Expected 2007 time frame before it completes the International
Standards Process |
|
70 |
9/15/2005 |
9/23/2005 |
|
9/23/2005 |
Smithson |
all |
|
revise and publish "final" threat analysis output |
C |
|
|
71 |
9/16/2005 |
10/13/2005 |
|
10/24/2005 |
Thrasher |
7 |
|
review revised risk levels for each threat and change clause 7
as needed |
C |
|
|
72 |
9/16/2005 |
10/13/2005 |
|
3/15/2006 |
Smithson, Nevo, Aubry |
PPs |
|
review revised threat inclusions and PPs as needed |
C |
|
|
73 |
9/15/2005 |
10/13/2005 |
|
10/24/2005 |
Smithson |
HS PP |
7.2.1 |
Add to this paragraph how FTA_SSL.3 helps achieve O.I&A.
Justification: Completeness and consistency between Table 12 and
corresponding text. (from comments database #5) |
C |
redundant with AI#33 |
|
74 |
9/15/2005 |
10/13/2005 |
|
12/13/2005 |
Smithson |
HS PP |
|
Change the definition of the HS environment in section 1 to
exclude government classified environments. We could consider
Adding "Commercial" in front of "High Security." (from comments
database #7) |
C |
We don't explicitly include govt classified environments in the
PP. |
|
75 |
9/15/2005 |
10/6/2005 |
|
2/8/2006 |
Smithson |
7 |
|
write up threat analysis methodology, then include in clause 7
or an annex thereof |
C |
Turn bullet list of process into text and make an annex. |
|
76 |
9/15/2005 |
10/13/2005 |
|
3/15/2006 |
Volkoff, Smithson, Nevo, Aubry |
6, PPs |
|
redefine "external environment" in clause 6 and PPs: "external
environment consists of other IT equipment that is
interconnected or interoperates with the HCD" |
C |
clause 6 done
"external environment" does not appear in any PPs |
|
77 |
9/16/2005 |
10/24/2005 |
|
12/13/2005 |
Cybuck |
all |
|
get feedback from NIAP on our security environment naming
proposal: High Value Asset Environment, General Enterprise
Environment, Public Environment, and SOHO Environment |
C |
There is some confusuon about "HIGH" because it might be
confused with EAL level 5 or 6 but we don't have a better term. |
|
78 |
9/16/2005 |
9/19/2005 |
|
9/16/2005 |
Smithson |
SOHO |
|
inform Carmen Aubry of the decision to move to CC V3 |
C |
|
|
79 |
9/16/2005 |
10/24/2005 |
|
10/24/2005 |
Volkoff |
- |
|
gather December meeting hotel/meeting info |
C |
|
|
80 |
9/16/2005 |
10/24/2005 |
|
10/24/2005 |
Cybuck,Sukert,Thrasher |
PPs |
|
discuss PP evaluation needs with labs |
C |
CSC: $25-50K, COACT: ~$25K (CCV3-ok), SAIC: ~15K |
|
81 |
10/24/2005 |
12/13/2005 |
|
2/1/2006 |
Smithson |
PPs |
|
Try to set up a meeting with NIAP/NIST/NSA about the philosophy
of our PPs (who from group?) |
C |
Cybuck invited them to March meeting; they have accepted |
|
82 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Wright |
|
|
Difference between informative references and Bibliography?? |
C |
We only needed a "References" section and a "Bibliography" |
|
83 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Sukert |
|
|
Table 2, Clause 3: Add SAR, change to US English, Add needed
acronyms. |
C |
|
|
84 |
10/25/2005 |
12/13/2005 |
|
1/13/2006 |
Sukert |
Clause 8 |
|
Provide text and references for recommendations to manufacturers
for methodologies and processes for the development of secure
HCDs |
C |
new annex |
|
85 |
10/25/2005 |
12/13/2005 |
|
3/2/2006 |
Smithson |
HVA PP |
|
Ask NIAP to define how they are going to deal with encryption as
they did in the CIM for CCv2.2 |
C |
Answered in March Meeting |
|
86 |
10/25/2005 |
12/13/2005 |
|
3/2/2006 |
Smithson |
HVA PP |
|
If we specify FIA_UAU.1, does that allow third-party
authentication? .2 REQUIRES third-party but does .1 prohibit
third party? |
C |
NIAP provided information on how to do this at the March
meeting. |
|
87 |
10/25/2005 |
12/13/2005 |
2/22/2007 |
5/31/2007 |
Smithson/Nevo |
6 |
|
write up asset value methodology |
A |
no longer needed |
|
88 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Smithson |
annexes |
|
Is another annex "additional references" needed? Find out. |
C |
No |
|
89 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Thrasher |
7 |
|
add Network threat to T.RESOURCE.COPY |
C |
|
|
90 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Smithson, Nevo, Aubry, Chen/ Sukert |
PPs |
|
add Network threat to T.RESOURCE.COPY |
C |
|
|
91 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Sukert |
3 |
|
put OCTAVE (acronym and registered TM) in clause 3 |
C |
|
|
92 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Thrasher |
7 |
|
threat detail tables: change "see" to "observe", define these
table entries at beginning of section, and change "end users" to
"users" |
C |
|
|
93 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Thrasher |
7 |
|
re-sync short threat descriptions in with short descriptions in
detail tables |
C |
|
|
94 |
10/24/2005 |
12/13/2005 |
|
12/13/2005 |
Thrasher |
7 |
|
re-sync symptoms between some items in threat detail tables |
C |
|
|
95 |
10/25/2005 |
12/13/2005 |
|
1/13/2006 |
Smithson |
PPs |
|
do we need security objectives for IT and non-IT in CCv3? |
C |
answer: we need SOs for the TOE, the development environment,
and the operational environment. SOs for the TOE and DevEnv
address threats and OSPs, SOs for the OpEnv address Threats,
OSPs, and Assumptions. Therefore if we have assumptions we must
have SOs for the OpEnv. OpEnv includes both non-IT and IT
(external to the TOE). |
|
96 |
12/13/2005 |
1/16/2006 |
|
1/7/2006 |
Sukert |
Clause 3 |
|
Define Media |