[2600] Updated Protection Profiles
Title:
I've
updated all four Protection Profiles with the changes listed below. You can view
the profiles here:
Here are highlights of the changes:
- reconciled everything from cover page up to but
not including section 3.1.1 so that the words are exactly the same except
as needed to distinguish between the different operating
environments
- changed "chapter" references to
"section"
- removed figure and table references to "above" or
"below"
- removed TM from P2600 globally
- changed "must" to "shall" (in
objectives)
- changed "High Security" to "High Value
Asset"
- Changed all heading level typeface to Times New
Roman
- Section 1 outline was a little screwed up (blank
level 2 "TOE Description", moved and demoted to level 3)
- fixed bookmarks with leading line break (like
Figure 2)
- fixed some formatting issues (misuse of
styles)
- other miscellaneous things, too numerous to
mention, but you'll see when we review
Note that that the Public PP was already updated by
Nancy and Alan (as version 15a). I've posted 15b, which was based on 15a and has
change marks for all things changed since 14a.
This completes action items 102, 104, 105, 106
and 113.
In working through all four PPs, I notice a few
things that I couldn't resolve myself. We should discuss:
- In Ent PP, there is no Customer Engineer defined.
It is defined in HVA, SOHO, and Public.
- There is a note in the SOHO PP, Table 3, Access
Terminology, Maintenance Port, which doesn't appear in other PPs. Should
it?
- In the Forward, paragraph 3 refers to guidelines
established by NIST, but later in the document we refer to IEEE P2600 Clause
5. Should we refer to NIST and IEEE, and if so, should we make a more complete
reference to NIST?
Regards,
--
Brian Smithson
Project
Manager
PMP, SSCP, CISSP, CISA
Advanced Imaging and Network
Technologies
Ricoh
Corporation
(408)346-4435