| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
Don / Brian –
In response to Action #483, for discussion at the Dec Meeting is a draft of the SAR Rationale that would go into P2600.1:
This PP has been developed for hardcopy devices incorporating security features for environments where a relatively high level of document security, operational accountability and information assurance are required. The TOE environment will be exposed to only a low level of risk because it is assumed that the TOE is placed in a secure or monitored area that provides protection from unmanaged physical access. Agents cannot physically access any volatile or nonvolatile storage on the TOE without disassembling the TOE, and in those cases where nonvolatile storage is designed to be removable the confidentiality and integrity of stored data is protected. Agents also have no means of infiltrating the TOE with code to effect a change. As such, the Evaluation Assurance Level 3 is appropriate.
That Assurance Level is augmented with ALC_FLR.2, Flaw reporting procedures. ALC_FLR.2 ensures that instructions and procedures for the reporting and remediation of identified security flaws are in place and their inclusion is expected by the consumers of this TOE.
I think this should be adequate. Let me know what you think.