Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [2600] P2600 Commnts

To: STDS-2600@xxxxxxxxxxxxxxxxx
Subject: Re: [2600] P2600 Commnts
From: Brian Smithson <Brian.Smithson@xxxxxxxxxxxxx>
Date: Thu, 9 Aug 2007 10:23:47 -0700
List-Help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-2600>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO STDS-2600>
List-Owner: <mailto:STDS-2600-request@LISTSERV.IEEE.ORG>
List-Subscribe: <mailto:STDS-2600-subscribe-request@LISTSERV.IEEE.ORG>
List-Unsubscribe: <mailto:STDS-2600-unsubscribe-request@LISTSERV.IEEE.ORG>
Reply-To: Brian.Smithson@xxxxxxxxxxxxx

I think that Ueda-san's Comments file contained only one comment, but it
is an important one which I thought was worth highlighting so that P2600
member companies can consider it in advance of the Toronto meeting.

Ueda-san says:

"PP-A 4.Protection Profile references(APE_INT) [list item 'b']. I believe
this sentence says that all the function of the HCD should be conformed to
this PP. For example, HCD which have Copy,Scan,Print,Fax  function can not
declare conforming to this PP if it has conformed only P2600.1-PRT because
this HCD has other functions. I agree this is important rule, but I also
believe that user should define security requirement by himself and not by
this document,or in other word user should have the right to choose the
security function of his requirement. For example if the user says that he
does not need P2600.1-FAX about the HCD which has FAX function, this HCD
should not have P2600.1-FAX in it's ST. There is the way that user turn
off the FAX related function of the HCD, but it turns out to force user to
take risk for that if that HCD can guarantee conforming to CC only in the
case that all the security function of the HCD is on. ~So I would like to
propose to change the word to "In other words, this Family of Protection
Profiles can be used to create a security target or protection profile
only for a target of evaluation that performs at least one of the
functions that define hardcopy devices (print, scan, copy, or fax), and
conforms to every Protection Profile whose Usage statement describes a
function that is present in its target of evaluation. HOWEVER, IT CAN BE
CHANGED BY THE SPECIFIC USER REQUIREMENT."


Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435

New address:
10460 Bubb Road
Cupertino, CA 95014-4150 

> -----Original Message-----
> From: ueda.shigeru@CANON.CO.JP [mailto:ueda.shigeru@CANON.CO.JP] 
> Sent: Wednesday, August 08, 2007 11:51 PM
> To: STDS-2600@listserv.ieee.org
> Subject: [2600] P2600 Commnts
> 
> Hi Don
> 
> Attached is my comment for P2600.1-28b
> 
> Regards.
> 
> Shigeru Ueda Canon
> 
>

Follow-Ups:
- Re: [2600] P2600 Commnts
  - From: Aubry, Carmen

Prev by Date: Re: [2600] ALC_FLR
Next by Date: [2600] ALC_FLR
Prev by thread: [2600] P2600 Commnts
Next by thread: Re: [2600] P2600 Commnts
Index(es):
- Date
- Thread