Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[2600] (Another) Call for comments: which TSF Data items, if any, should we require to be protected from disclosure or alteration?

To: STDS-2600@xxxxxxxxxxxxxxxxx
Subject: [2600] (Another) Call for comments: which TSF Data items, if any, should we require to be protected from disclosure or alteration?
From: Brian Smithson <Brian.Smithson@xxxxxxxxxxxxx>
Date: Mon, 25 Jun 2007 18:10:01 -0700
List-Help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-2600>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO STDS-2600>
List-Owner: <mailto:STDS-2600-request@LISTSERV.IEEE.ORG>
List-Subscribe: <mailto:STDS-2600-subscribe-request@LISTSERV.IEEE.ORG>
List-Unsubscribe: <mailto:STDS-2600-unsubscribe-request@LISTSERV.IEEE.ORG>
Reply-To: Brian.Smithson@xxxxxxxxxxxxx

The current FoPP (28a) doesn't specify which HCD data must be included in
either D.PROT (protected from unauthorized alteration) or D.CONF
(protected from unauthorized disclosure). The definitions for these two
TSF Data categories suggest that it would be "security-relevant
configuration, credential, or log information", but they do not specify
which information is security-relevant and they do not specify which
should go in the PROT category and which should go in the CONF category.

We don't necessarily need to make these specific, but it might help
strengthen the security baseline of the FoPPs if are a little bit
specific. The danger of being too specific is that we might imply some
functionality, architecture, or implementation, which would then be
required of all HCDs. 

There is no spreadsheet associated with this one :-). But you can look at
the master spreadsheet P2600master28d.xls or you can look at table 3 in
the FoPP draft 28a.

Some of the kinds of data to consider are:

- network interface configuration
- network services configuration
- access control lists
- user IDs, names, and other identifying information
- user authentication data (e.g. hashed passwords)
- destination data, both for faxes (phone numbers, group IDs, etc.) and
for email or file servers (name/IP address, access credentials)
- device configuration and defaults

We don't need to make requirements of these even if some of them seem like
good ideas. If we require it, then the device must provide it, and the
evaluator must validate it. If we don't require it but a particular
product has it, then a good evaluator should make sure that it is
appropriately protected in the ST or will discover it in vulnerability
assessment.

MY REQUEST IS:

Please consider which, if any, data should be required to be protected
from either disclosure or alteration, and send me your comments. The lists
may be different for each environment, but they should be consistent for
all TOEs within a given environment. Keep in mind that if we require
anything for an operational environment, it will be required for all HCDs
in that environment.

Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435

Follow-Ups:
- Re: [2600] (Another) Call for comments: which TSF Data items, if any, should we require to be protected from disclosure or alteration?
  - From: Sameer Yami
- [2600] Comments on FPP-A 28a
  - From: Sameer Yami

Prev by Date: Re: [2600] Call for comments: minimum set of management functions for the FoPPs
Next by Date: [2600] Call for comments: minimum set of management functions for the FoPPs
Prev by thread: [2600] 2nd RSVP for IEEE P2600 meeting in Bellevue WA on July 11-12
Next by thread: [2600] Comments on FPP-A 28a
Index(es):
- Date
- Thread