Don Wright Director of Standards Lexmark International don@lexmark.com P2600 Hardcopy Device and System Security October 2006 Working Group Meeting Don Wright Director of Standards Lexmark International don@lexmark.com 11/19/2018
Agenda Items Monday/Tuesday, October 23-24 Welcome & Introductions Update and Approve Agenda Review and approve September Minutes IEEE Patent Policy Review 2006 Meeting Schedule 2007 Meeting Schedule Update on TCG Update on INCITS CS1 Working Group Update on ICCC Update on CC Vendors Forum Review of Action Items from September Meeting Draft Commenting Tool 11/19/2018
Agenda Items Monday/Tuesday, October 23-24 Topics from e-mail PP Certification in the US re:NIAP budget (Sukert) Production Printing (Sukert/Lewis) Managed Services (Sukert) JBMIA (Smithson) Compliance Clause (Nevo) Basic Robustness CIM Mapping (Chen) Document Review of PPs & PP Annexes CC V3.1 Proposal (Smithson) PP Restructuring (Petrie) Merged Document Review Other items Next meeting details Summarize and record action items 11/19/2018
Minutes from September Meeting Minutes were published shortly after the meeting. They are available at: http://grouper.ieee.org/groups/2600/minutes/P2600-minutes-Sept2006.pdf Any corrections or changes? 11/19/2018
Instructions for the WG Chair At Each Meeting, the Working Group Chair shall: Show slides #1 and #2 of this presentation Advise the WG membership that: The IEEE’s patent policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE-SA Standards Board Bylaws; Early disclosure of patents which may be essential for the use of standards under development is encouraged; Disclosures made of such patents may not be exhaustive of all patents that may be essential for the use of standards under development, and that neither the IEEE, the WG, nor the WG Chairman ensure the accuracy or completeness of any disclosure or whether any disclosure is of a patent that, in fact, may be essential for the use of standards under development. Instruct the WG Secretary to record in the minutes of the relevant WG meeting: That the foregoing advice was provided and the two slides were shown; That an opportunity was provided for WG members to identify or disclose patents that the WG member believes may be essential for the use of that standard; Any responses that were given, specifically the patents and patent applications that were identified (if any) and by whom. 11/19/2018 (Not necessary to be shown) Approved by IEEE-SA Standards Board – March 2003 (Revised March 2005)
IEEE-SA Standards Board Bylaws on Patents in Standards IEEE standards may include the known use of essential patents and patent applications provided the IEEE receives assurance from the patent holder or applicant with respect to patents whose infringement is, or in the case of patent applications, potential future infringement the applicant asserts will be, unavoidable in a compliant implementation of either mandatory or optional portions of the standard [essential patents]. This assurance shall be provided without coercion. The patent holder or applicant should provide this assurance as soon as reasonably feasible in the standards development process. This assurance shall be provided no later than the approval of the standard (or reaffirmation when a patent or patent application becomes known after initial approval of the standard). This assurance shall be either: a) A general disclaimer to the effect that the patentee will not enforce any of its present or future patent(s) whose use would be required to implement either mandatory or optional portions of the proposed IEEE standard against any person or entity complying with the standard; or b) A statement that a license for such implementation will be made available without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination. This assurance is irrevocable once submitted and accepted and shall apply, at a minimum, from the date of the standard's approval to the date of the standard's withdrawal. 11/19/2018 Slide #1 Approved by IEEE-SA Standards Board – March 2003 (Revised February 2006)
Inappropriate Topics for IEEE WG Meetings Don’t discuss the validity/essentiality of patents/patent claims Don’t discuss the cost of specific patent use Don’t discuss licensing terms or conditions Don’t discuss product pricing, territorial restrictions, or market share Don’t discuss ongoing litigation or threatened litigation Don’t be silent if inappropriate topics are discussed… do formally object. If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at patcom@ieee.org or visit http://standards.ieee.org/board/pat/index.html This slide set is available at http://standards.ieee.org/board/pat/pat-slideset.ppt 11/19/2018 Slide #2 Approved by IEEE-SA Standards Board – March 2003 (Revised March 2005)
Officers No Change Chair: Don Wright, Lexmark Vice Chair: Lee Farrell, Canon Secretary: Brian Smithson, Ricoh Main Editors: Non-PP clauses: Jerry Thrasher, Lexmark PP clauses: Brian Smithson, Ricoh No Change 11/19/2018
2006 Meeting Schedule Dec. 11-12, El Segundo, CA @ Peerless 2381 Rosecrans Ave. El Segundo, CA 90245 11/19/2018
2007 Meeting Schedule Feb 22-23 (Thur/Fri), Maui April 24-25 May 30-31 With PWG (Mon/Tues) With TCG (Wed) April 24-25 Suggest east coast US (possibility: Piscataway or Mahwah (Sharp)) May 30-31 Handle comments from 1st re-circulation (if needed) Location: July 11-12 Handle comments from 2nd re-circulation (if needed) Location open (HP Cupertino?) 11/19/2018
Trusted Computing Group Update 11/19/2018
INCITS CS1 : Cyber-Security Update 11/19/2018
ICCC Update Thrasher/Smithson 11/19/2018
CC Vendors Forum Update Thrasher/Sukert 11/19/2018
Group General Action Items from Sept. Update web site with future meeting details – complete Convert PP-A to CIM Medium @ EAL 3 – (due in July) – awaiting CCV3 drafts Harmonize Subject/Object implementation – (waiting for CCV3, part 2) 11/19/2018
Action Items from Previous Meetings Benefits for paying for the PP evaluation (ideas) Company name/logo and acknowledgement of some kind on the PP cover sheets and/or on the PP certificate. Copyright license to freely use PP content. Joint press release or other PR activities with IEEE. Some kind of elevated acknowledgment (logos vs. no logo or whatever) on the P2600 standard. A discount from the eval lab for product evals based on P2600 PPs. A lab might like that to generate business. Only those contributing dollars have input into the selection of the eval lab, which PP’s get evaluated and the schedule/order of the PPs. Review entries in P2600-action-items excel spreadsheet Commenting Tool 11/19/2018
Issues raised on e-mail PP Certification in the US re:NIAP budget (Sukert) Canada? CSC may work with Canada or Australia SAIC – Peter will contact Coact – Thrasher will contact BAH (Booz Allen) - Peter Other countries (Australia, UK, etc.)? Eventual scheme should support English? Evaluation should support CIM (Basic & Medium)? Production Printing (Sukert) Encryption is an issue due to the print speed and the size of the job Is PP-B (Enterprise) or D (SoHo) applicable? Should the text of PP-D be rewritten to include production printing? probably not Should a “PP-PP” be created? some differences with PP-D Maybe EAL-2 instead of EAL-1 11/19/2018
Issues raised on e-mail Managed Services (Sukert) Is there confidential information that the management company will have access to? Is the management company tunneling through the firewall to manage the devices? Is there special security needed for the usage counters? Do the threats cover this case adequately? Would this apply to all profiles or is this really for PP-B and below? Action: Consider managed services threats during CCV3.1 PP discussions 11/19/2018
Issues raised on e-mail JBMIA (Smithson) Kick off meeting was held on Oct 16 Most Japanese HCD manufacturers present They don’t expect to create new documents but rather to channel their concerns to the P2600 group. Action: Get the PPs up to date FASTER! 11/19/2018
Issues raised on e-mail Compliance Clause (Nevo) Take objectives (O.*, OE.* and A.* (for IT environment)) from each PP and make them the compliance clause. Compliance would be by environment – 4 compliance sections (e.g., 10.1.1 HCD Compliance in Operational Environment A, 10.2.1 IT Compliance in Operational Environment A) From each objective, point to examples in clause 8 (only as examples!) 11/19/2018
Issues raised on e-mail Basic Robustness CIM Mapping (Chen) How will the mapping change based on the CIM for CCv3.1? Should we worry about CIM compliance if NIAP isn’t going to certify because of their budget problems? Shouldn’t we get a head start and do similar mapping for PP-A and PP-B? Should CIM items be in the PP simply as AppNotes for the ST writers? Action: Create the PP-A and PP-B mappings for the existing CIM now (PP-A: Sukert, PP-B: Nevo) 11/19/2018
P2600 Restructuring Proposal Main document Retain existing clause 1-9 as P2600 Potentially add compliance clause as 10 Protection Profiles become separate standards PP-A P2600.1 PP-B P2600.2 PP-C P2600.3 PP-D P2600.4 Additional PPs can be added asynchronously 11/19/2018
P2600 Restructuring Proposal Implications Will need P2600.x PARs Can ballot P2600 without having the PPs complete Will have to tweak wording in main document and PPs to align with this restructuring Each PP will be standalone but all will share the text for clauses such as glossary, bibliography, common annexes, etc. 11/19/2018
P2600 Restructuring Proposal Do we split P2600 clause 1-9 (or 10) from the PPs? “Go with it” Do we create a family PP rather than 4 (or more) distinct ones? Open issue 11/19/2018
Document Section Status No Change Editors Assigned: Clauses 1-9 & non-PP Annexes: Jerry Thrasher Protection Profiles: Brian Smithson PP-A -- Brian Smithson PP-B -- Ron Nevo PP-C -- Nancy Chen, Alan Sukert PP-D -- Carmen Aubry 11/19/2018
Document Review Drafts needing most review Merged Draft Review Comments Received (Reviewed) Any issues with the changes made in 22b? (none identified) Protection Profiles A Restructuring discussion (Smithson) B C (version 23a) D PP Annexes 11/19/2018
Document Review: PP-A Review Draft Discussion on CC V3.1 version (Smithson) SFR Worksheet SFR text SAR Worksheet SAR text Users/Subjects/Interfaces/Operations/Objects Do we need a PP Editors meeting before December? 11/19/2018
Document Review: PP-B Review Draft 11/19/2018
Document Review: PP-C Review Draft number 23a 11/19/2018
Document Review: PP-D Review Draft 11/19/2018
Next Meeting Details December 11-12 Peerless Systems Corporation 2381 Rosecrans Ave. El Segundo, CA 90245 Nearby Hotels: Manhattan Beach Marriott, 1400 Parkview Avenue, Manhattan Beach, CA 90266 Residence Inn Los Angeles LAX/El Segundo, 2135 East El Segundo Blvd, El Segundo , CA 90245 Courtyard Los Angeles LAX/El Segundo, 2000 East Mariposa Avenue, El Segundo , CA 90245 The Westin Los Angeles Airport, 5400 West Century Boulevard, Los Angeles, California 90045 Four Points by Sheraton LAX, 9750 Airport Boulevard, Los Angeles, California 90045 … and many, many more 11/19/2018
Next Meeting Location Map 11/19/2018
Future Meetings Note well: El Segundo – expect 2 full days: 9AM – 6PM 11/19/2018
Back-up Charts BACK-UP CHARTS 11/19/2018
Other Work Items Which PPs to get evaluated? PP-A and PP-B highly likely to be evaluated PP-C on the bubble PP-D least likely to be evaluated 11/19/2018
Schedule Schedule Clauses 1-9, Informative Annex Protection Profiles Ready for merging May & June meeting reviews Protection Profiles Still Waiting for July draft of CCV3 into the PPs by Sept? PPs reviewed and iterate 1 or 2 times Complex changes: who knows? Complete draft out of December meeting 11/19/2018
Schedule Schedule January 2007 February March Form IEEE ballot body Engage with CC Eval Labs February Start Balloting Start Evaluation of PPs March April -- (Will need group meeting) Reconcile comments from IEEE and Eval Labs May – June - July Recirculations September RevCom / Standards Board Approval 11/19/2018
Mailing List and Web Site Listserv run by the IEEE An archive is available on the web site Subscribe via a note to: listserv@listserv.ieee.org containing the line: subscribe stds-2600 Only subscribers may send e-mail to the mailing list. No Change 11/19/2018