P2600 - Hardcopy Device and System Security Obsolete Documents

This page contains links to various other or obsolete technical documents under development within the P2600 Working Group.

Other documents

ITU Security Recommendations
IETF Security RFCs
Roles, Vulnerabilities and Exploits - brainstorming results
Encryption Certification Considerations
System Considerations

Obsolete documents

Obsolete Clauses now included in Compete Draft

Clauses: (NOTE: individual clauses are no longer current. Refer to Complete Draft, above)
Clause 1: Overview	DOC	PDF	18a	3/03/06
Clause 2: Normative References	DOC	PDF	18a	3/22/06
Clause 3: Definitions	DOC	PDF	19b	5/12/06
Clause 4: Introduction to Hardcopy Devices	DOC	PDF	18a	3/03/06
Clause 5: Security Environments	DOC	PDF	18b	4/04/06
Clause 6: Hardcopy Device Assets	DOC	PDF	18a	3/03/06
Clause 7: Hardcopy Device Threats	DOC	PDF	18a	3/07/06
Clause 8: Mitigation Techniques	DOC	PDF	17c	3/03/06
Clause 9: Best Practices	DOC	PDF	18b	4/04/06
Clause 7 annexes:
Threat Methodology (now incorporated in clause 7)	DOC	PDF	22a	8/23/06
Asset Valuation Methodology	-	-	-	-
Clause 9 annex:
Security Methodologies (now incorporated in clause 7)	DOC	PDF	16a	1/16/06
Informative References (no longer current. Refer to Complete Draft, above)	DOC	PDF	18a	3/22/06
*PP appendixes:*
Appendix A: References	DOC	PDF	24a	12/05/06
Appendix B: Glossary	DOC	PDF	22a	08/23/06
Appendix C: Acronyms	DOC	PDF	21a	07/14/06
Appendix D: General Environmental Characterization	DOC	PDF	17b	05/15/06
Old proposals:
Proposed addition to Clause 4 that adds discussion of Operational Environment E for Production Systems	DOC	n/a	1.0	11/21/07
Proposed addition to Clause 9 that adds HCD and IT security objectives for Operational Environment E	DOC	n/a	1.0	11/21/07

The following organization of the document was used prior to the May 2005 meeting.

Draft of Standard (separate sections to facilitate editing)
- Section 1: Introductory Material, Security Environments (4/27/05)
- Section 2: Vulnerabilities, Threats and Exploits (4/6/05)
- Section 3: Directives and Best Practices - now includes mitigation recommendations (4/12/05)
- Section 4: Protection Profiles
  - High Security (6/9/2005)
  - Enterprise (4/7/05)
  - SOHO (4/7/05)
  - Public
Draft of Standard (combined sections in one document)
- D1 Rev 1, includes Intro, Threats, Practices, HS-PP, and Ent-PP (5/10/05)
  - Figures for D1 Rev 1 (5/13/05)

The following was the original idea on organizing the standard. After some work, it was decided by the group to abandon this concept and move to the one shown above. This information is preserved for historical reasons.

Draft of Standard based on NISTIR 6462 Guidance
- Front Matter and Introduction
- TOE Description
- Security Environment
  - Assumptions
  - Organizational Policies
  - Roles/Vulnerabilities/Exploits Table
    (Organizes RVE document by Vulnerability)
- Security Objectives
- Functional Security Requirements
- Assurance Requirements
- Appendixes
  - TOE Functional Requirements Details
  - TOE Assurance Requirements Details
  - IT Environment Functional Requirements