[2600] Assets/threats/assumptions/policies/objectives/SFRs ("ATAPOS"?) for environments A, B, C, D
I have posted the lists of assets, threats, assumptions, policies,
objectives, and SFRs, for each of the four environments. I haven't closely
reviewed this for sanity, but I think it corresponds to the "informal
security requirements" that we decided on in meeting 27 (see
http://grouper.ieee.org/groups/2600/presentations/WashingtonDC2007/isr-27b
.xls). I also haven't broken it out by TOE for each environment. I will
leave that to the reader's imagination :-).
Here are the lists, and a summary of diffs between the environments:
PP-A:
http://grouper.ieee.org/groups/2600/presentations/Toronto2007/P2600master-
29a.xls
The whole enchilada.
PP-B:
http://grouper.ieee.org/groups/2600/presentations/Toronto2007/P2600masterB
-29a.xls
In PP-B (relative to PP-A): The requirements for protection of User Data
in transit (doc and func) is removed. However, the same set of SFRs
remains, because protection is still required for TSF Data in transit
remains.
PP-C:
http://grouper.ieee.org/groups/2600/presentations/Toronto2007/P2600masterC
-29a.xls
In PP-C (relative to PP-B): All requirements for protection of User Data
atRest (doc and func) are removed, except for protection of deleted
Document data against salvage threats. This means that the User Data class
is reduced to a single asset: D.DOC.isDeleted (no other DOC assets, and no
FUNC assets at all).
The policy for user authentication and assumption for user training are
removed, but administrator policies/assumptions remain.
Therefore, we lose the following SFRs: FCS_COP, FCS_CKM, FDP_ACC, FDP_ACF,
FMT_MSA.2.
We also (by group decision) lose our extra SAR, ALC_FLR.1.
PP-D:
http://grouper.ieee.org/groups/2600/presentations/Toronto2007/P2600masterD
-29a.xls
In PP-D (relative to PP-C): The requirement for protection of deleted User
Document Data against salvage threats is dropped. This means that the
entire User Data asset class is removed.
The policies for software verification and auditing are also removed.
We lose a boatload of SFRs because of the removal of audit requirements.
Even though there are audit recommendations associated with SFRs that are
still present in this environment, there is no "main" requirement for
FAU_GEN, and so there is no way to follow those recommendations.
From, audit we lose the whole FAU class (_GEN, _SAR, and _STG) and
FPT_STM. From software verification, we lose FPT_ATM and FPT_TST. From
data salvage, we lose FDP_RIP.1.
By the way, for those who are keeping score at home, I made a formatting
change to P2600master-29a and uploaded the new version in place of the one
that was posted and announced yesterday. The change was to re-order the
User Document Data columns so that "D.DOC.atRest" included only ".inJob",
".onServer", and ".toOutput". There was also a minor error in the
placement of NVS in cells in those columns, which was also corrected. It
didn't seem worth changing the rev level for this document since at
present I'm the only one who is using this data.
Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435
New address:
10460 Bubb Road
Cupertino, CA 95014-4150