Re: [2600] P2600 Commnts
I'm not sure if Ueda-san concern is 1) or 2):
1) The user buys an HCD P2600 certified for print, scan and fax and decides to deactivate FAX related security requirements. Are the print and scan functionalities still P2600 print and scan certified?
To answer this question, the reasoning is different depending on what kind of function deactivation you have in mind.
A) When thinking at the FAX, my first thought was that the HCD should not loose the P2600 and CC certification for the other functions (print and scan).
The functions are evaluated separately. If the user decides to deactivate FAX related security functions, the others (print, scan) are still in an P2600 and CC certified mode. We have included the completion rule (rule b in Protection Profile references chapter) in order to be sure that the HCD contains all the security requirements for all the functions in a given environment but the user takes the ultimate decision on what is appropriate for him. The product shouldn't loose the P2600 PPs certification for this.
Then I have realized that the FAX function has security requirements in FAX and SMI PPs. Consequently SMI PP will also be impacted, is the SMI still P2600 compliant in that case?
B) When looking at the other functions, thinks get more complicated. If deactivating security requirements related to print functionality then PRT, DSR, NVS and SMI PPs might be impacted. Is the product still compliant to DSR, NVS and SMI for the scan functionality? Mind that there is no notion of scan or print in DSR, NVS and SMI PPs.
2) In order to fulfill a specific user request, a vendor builds a product compliant to the P2600 requirements for print and scan but with different requirements for FAX. Can the vendor claim compliance to P2600 PPs for print and scan and have something (different or even nothing) for FAX?
Once again, we should carefully consider the fact that a function might imply security requirements spread along several other PPs before answering this question.
In any case, introducing the phrase "HOWEVER, IT CAN BE CHANGED BY THE SPECIFIC USER REQUIREMENT" constitutes a loophole that might allow avoiding security requirements because it is not clear WHETHER
- the user (or the vendor that builds the product) can change the security requirements for a given function and still be P2600 certified for that function
OR
- the user only deactivates the security requirements corresponding to a given function and he is still P2600 certified for the others.
Best regards,
_________________________________________________________
Carmen AUBRY,
GSNA, CISSP
Oce Print Logic Technologies S.A. -R&D -http://www.oce.com
Phone: +33 (0)1 48 98 80 22 - Fax: +33 (0)1 48 98 54 50
1, rue Jean Lemoine - BP 113 - 94015 Créteil Cedex - FRANCE
_________________________________________________________
-----Original Message-----
From: Brian Smithson [mailto:Brian.Smithson@RICOH-USA.COM]
Sent: Thursday, August 09, 2007 7:24 PM
To: STDS-2600@listserv.ieee.org
Subject: Re: [2600] P2600 Commnts
I think that Ueda-san's Comments file contained only one comment, but it is an important one which I thought was worth highlighting so that P2600 member companies can consider it in advance of the Toronto meeting.
Ueda-san says:
"PP-A 4.Protection Profile references(APE_INT) [list item 'b']. I believe this sentence says that all the function of the HCD should be conformed to this PP. For example, HCD which have Copy,Scan,Print,Fax function can not declare conforming to this PP if it has conformed only P2600.1-PRT because this HCD has other functions. I agree this is important rule, but I also believe that user should define security requirement by himself and not by this document,or in other word user should have the right to choose the security function of his requirement. For example if the user says that he does not need P2600.1-FAX about the HCD which has FAX function, this HCD should not have P2600.1-FAX in it's ST. There is the way that user turn off the FAX related function of the HCD, but it turns out to force user to take risk for that if that HCD can guarantee conforming to CC only in the case that all the security function of the HCD is on. ~So I would like to propose to change the word !
to "In other words, this Family of Protection Profiles can be used to create a security target or protection profile only for a target of evaluation that performs at least one of the functions that define hardcopy devices (print, scan, copy, or fax), and conforms to every Protection Profile whose Usage statement describes a function that is present in its target of evaluation. HOWEVER, IT CAN BE CHANGED BY THE SPECIFIC USER REQUIREMENT."
Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies Ricoh Americas Corporation
(408)346-4435
New address:
10460 Bubb Road
Cupertino, CA 95014-4150
> -----Original Message-----
> From: ueda.shigeru@CANON.CO.JP [mailto:ueda.shigeru@CANON.CO.JP]
> Sent: Wednesday, August 08, 2007 11:51 PM
> To: STDS-2600@listserv.ieee.org
> Subject: [2600] P2600 Commnts
>
> Hi Don
>
> Attached is my comment for P2600.1-28b
>
> Regards.
>
> Shigeru Ueda Canon
>
>
This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law.
If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message.
Thank you for your co-operation.