Re: [2600] General Comments for FoPP-A

Thread Links	Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Thread Links

Date Links

Thread Prev

An updated FoPP draft 29a will be published later today :-).

Regarding comment #1, I'll need to take a close look at that, and I won't have time to address it in 29a. But I think it's a good comment, and let's discuss it in Toronto.

Regarding comment #2, the salient feature of NVS is that the data persists after power has been removed, even if such data was intended to be temporary. And if the nonvolatile storage device is not "practicably removable", then the NVS PP is not needed, so it is possible to have persistent data storage (for example, configuration data stored in NVRAM ) in a product that does not require the NVS PP. I hope that I have reduced some of the confusion about temporary versus persistent and volatile versus nonvolatile in 29a. But we shall see... Anyhow, I won't take action on this comment yet. Let's look at 29a and talk about it in Toronto.

Thank you for the review/comments.

Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435

New address:
10460 Bubb Road
Cupertino, CA 95014-4150

From: nchen@OKIDATA.COM [mailto:nchen@OKIDATA.COM]
Sent: Tuesday, August 14, 2007 12:02 PM
To: STDS-2600@listserv.ieee.org
Subject: [2600] General Comments for FoPP-A

Hi Brian,

I haven't seen any update to the last P2600.1 draft yet. So my comments for FoPP-A below are based on the last draft (v28b).

1. In the Access Control SFP table for each PP –

It is not clear whether the identification, authentication, and authorization are required for the document originators, delegates, or administrators before any actions/operations on the TOE or only for the subsequent operations specified in the access control table.
Recommendation: add clarification for actions intended to control.

2. In the PP Application note of the description of the Major security features of the PRT, SCN, CPY, FAX, DSR, and SMI TOEs, there is a note for evaluator that says that “For evaluation purposes, it should be assumed that nonvolatile storage (“and shared-medium interfaces” – for all TOEs other than SMI) is not present in the TOE”. However, several types of persistently stored data are listed as the assets in each of the aforementioned TOEs, which conflicts with the above statement in the application note. Also it is not true that these persistly stored data are the assets for the TOEs that do not have any persistent storage.

Recommendation: move all persistently stored assets, threats, and objectives from PRT, SCN, CPY, FAX, DSR, SMI PPs to NVS PP and change the threats/objectives/assets in the NVS PP to counter these threats for persistent assets removed from the other PPs. In the last meeting we also have discovered that any persistently stored assets – including temporarily persisted assets from PRT/SCN/CPY/FAX/DSR job processing should be considered for “data salvage” threat in NVS PP. I think moving all persistently stored assets/threats/objectives into NVS is a much cleaner separation of functions among these TOEs.

I hope to discuss these issues in the next meeting to see the consensus of the group.

Thanks,
-Nancy
-------------------------------------------------------------------------------------------------------------------------------
Principal Engineer
Solutions and Technology
GMC, Oki Data
2000 Bishops Gate Blvd.
Mt. Laurel, NJ 08054
Phone: (856)222-7006
email: nchen@okidata.com