Don Wright Director of Standards Lexmark International don@lexmark.com P2600 Hardcopy Device and System Security May 2006 Working Group Meeting Don Wright Director of Standards Lexmark International don@lexmark.com 2/17/2019
Agenda Items Tuesday/Wednesday, May 23-24 Welcome & Introductions Update and Approve Agenda Review and approve April Minutes IEEE Patent Policy Review 2006 Meeting Schedule Update on TCG Update on INCITS CS1 Working Group Review of Action Items from April Meeting Topics from e-mail 2/17/2019
Agenda Items Tuesday/Wednesday, May 23-24 Merged Document Review Document Review of PPs B (Enterprise) PP D (SoHo) PP C (Public) PP A (High) PP Other items Schedule Next meeting details Summarize and record action items 2/17/2019
Minutes from April Meeting Minutes were published shortly after the meeting. They are available at: http://grouper.ieee.org/groups/2600/minutes/P2600-minutes-Apr2006.pdf Any corrections or changes? 2/17/2019
Instructions for the WG Chair At Each Meeting, the Working Group Chair shall: Show slides #1 and #2 of this presentation Advise the WG membership that: The IEEE’s patent policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE-SA Standards Board Bylaws; Early disclosure of patents which may be essential for the use of standards under development is encouraged; Disclosures made of such patents may not be exhaustive of all patents that may be essential for the use of standards under development, and that neither the IEEE, the WG, nor the WG Chairman ensure the accuracy or completeness of any disclosure or whether any disclosure is of a patent that, in fact, may be essential for the use of standards under development. Instruct the WG Secretary to record in the minutes of the relevant WG meeting: That the foregoing advice was provided and the two slides were shown; That an opportunity was provided for WG members to identify or disclose patents that the WG member believes may be essential for the use of that standard; Any responses that were given, specifically the patents and patent applications that were identified (if any) and by whom. 2/17/2019 (Not necessary to be shown) Approved by IEEE-SA Standards Board – March 2003 (Revised March 2005)
IEEE-SA Standards Board Bylaws on Patents in Standards IEEE standards may include the known use of essential patents and patent applications provided the IEEE receives assurance from the patent holder or applicant with respect to patents whose infringement is, or in the case of patent applications, potential future infringement the applicant asserts will be, unavoidable in a compliant implementation of either mandatory or optional portions of the standard [essential patents]. This assurance shall be provided without coercion. The patent holder or applicant should provide this assurance as soon as reasonably feasible in the standards development process. This assurance shall be provided no later than the approval of the standard (or reaffirmation when a patent or patent application becomes known after initial approval of the standard). This assurance shall be either: a) A general disclaimer to the effect that the patentee will not enforce any of its present or future patent(s) whose use would be required to implement either mandatory or optional portions of the proposed IEEE standard against any person or entity complying with the standard; or b) A statement that a license for such implementation will be made available without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination. This assurance is irrevocable once submitted and accepted and shall apply, at a minimum, from the date of the standard's approval to the date of the standard's withdrawal. New text in red! Even newer text in blue! 2/17/2019 Slide #1 Approved by IEEE-SA Standards Board – March 2003 (Revised February 2006)
Inappropriate Topics for IEEE WG Meetings Don’t discuss the validity/essentiality of patents/patent claims Don’t discuss the cost of specific patent use Don’t discuss licensing terms or conditions Don’t discuss product pricing, territorial restrictions, or market share Don’t discuss ongoing litigation or threatened litigation Don’t be silent if inappropriate topics are discussed… do formally object. If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at patcom@ieee.org or visit http://standards.ieee.org/board/pat/index.html This slide set is available at http://standards.ieee.org/board/pat/pat-slideset.ppt 2/17/2019 Slide #2 Approved by IEEE-SA Standards Board – March 2003 (Revised March 2005)
Officers Chair: Don Wright, Lexmark Vice Chair: Lee Farrell, Canon Secretary: Brian Smithson, Ricoh Editors: Non-PP clauses: Jerry Thrasher, Lexmark PP clauses: Brian Smithson, Ricoh 2/17/2019
2006 Meeting Schedule June 19-20, Camas WA @ Sharp July 26-27 Rochester, NY @ Xerox September 6-7 Boulder, CO @ IBM Potential schedule change to Sept 19-20 October 23-24, Lexington KY @ Lexmark December 11-12, Orange County @ Canon 2/17/2019
Schedule Schedule Clauses 1-9, Informative Annex Protection Profiles Ready for merging May & June meeting reviews Protection Profiles Waiting for April decision on extent of change to CCV3 draft Simple changes: July draft of CCV3 into the PPs by Sept? PPs reviewed and iterate 1 or 2 times Complex changes: who knows? Complete draft out of December meeting 2/17/2019
Schedule Schedule January 2007 February March Form IEEE ballot body Engage with CC Eval Labs February Start Balloting Start Evaluation of PPs March April -- (Will need group meeting) Reconcile comments from IEEE and Eval Labs May – June - July Recirculations September RevCom / Standards Board Approval 2/17/2019
Trusted Computing Group Update 2/17/2019
INCITS CS1 : Cyber-Security Update 2/17/2019
Group General Action Items from April Update web site with June meeting details – done Create Merged Document of Clause 1-9 – done Convert all sections to new PP names – done Convert PP-A to CIM Medium @ EAL 3 – (carry-over) For PP-D: User authentication for printing – protecting the user document data – done Take out the UD threats Don’t include user authentication for print Add back in threats to HCD’s integrity (“proxy”, “sw.update”) Harmonize Subject/Object implementation – ?? (carry-over) Company funding of Evaluations: DAPS: $10 – 20K Lexmark: $5K (possibly more) Ricoh, HP – not immediately rejected Canon, Sharp, Oki, Oce – wants to better understand the benefits of paying versus not paying 2/17/2019
Action Items from Previous Meetings Any update on CCV3 plans from NIAP? CCV3 version will happen in July Part 2 will be based on CCv2.3 but modified Subject/Object may or may not be included “SEP and RVM will be removed and FCS may be incorporated into other functional requirements” PP-D EAL1/LAPP: review, and consider if threats/assumptions should be included in that PP – ok, threats will be in PP-D Review entries in P2600-action-items excel spreadsheet 2/17/2019
Issues raised on e-mail NIAP Policy Letter #13 – Sukert Clarify this in the PP TOE Description Threat Actors – add to clause 7 (definitions, within each threat, summary table) Plain English SFRs – use standard SFR language, use application notes to provide additional clarity. Definitions – include both definitions with the “CIM” definition as an alternate Term P2600 Definition CIM Definition availability A condition in which authorized users have access to information, functionality and associated assets when required. See also: asset; authorized user. Timely, reliable access to IT resources. confidentiality A condition in which information is accessible only to those authorized to have access. A security policy pertaining to disclosure of data. integrity A condition in which data has not been changed or destroyed in an unauthorized way. A security policy pertaining to the corruption of data and to the corruption of security functional mechanisms. non-repudiation The prevention of false denial of involvement in sending or receiving information. A security policy pertaining to providing one or more of the following: · To the sender of data, proof of delivery to the intended recipient, · To the recipient of data, proof of identity of the user who sent the data. 2/17/2019
Document Section Status Editors Assigned: Clauses 1-9 & non-PP Annexes: Jerry Thrasher Clause 1 & 4 – Don W. Clause 2 & Informative References – Don W. Clause 3 (definitions) -- Alan Sukert Clause 5 (environments) – Peter C. Clause 6 (assets) – Brian V. Clause 7 (threats) – Jerry T. Clause 8 (Mitigation) – Tom H. Clause 9 (Best Practices) – Don W. Protection Profiles: Brian Smithson PP-A -- Ron Nevo PP-B -- Brian Smithson PP-C -- Nancy Chen PP-D -- Carmen Aubry 2/17/2019
Document Review Drafts needing most review Others? Merged Draft PP-D (partially done… need full review of 4.1 & 4.2) Others? 2/17/2019
Document Review – Merged Draft Clause 1 Clause 2 Clause 3 Clause 4 Clause 5 Clause 6 Clause 7 Clause 8 Clause 9 Annexes 2/17/2019
Document Review: PP-D Review Draft number 18b Now Protection Profile D, EAL1 2/17/2019
Document Review: PP-A Review Draft number 18b Now Protection Profile A, EAL 3 2/17/2019
Document Review: PP-B Review Draft number 18c Now Protection Profile B, EAL 2 2/17/2019
Document Review: PP-C Review Draft number 18b Now Protection Profile C, EAL 2 2/17/2019
Next Meeting Details June 19-20 Sharp Labs of America 5750 NW Pacific Rim Blvd Camas, WA 98607 Directions: http://www.sharplabs.com/pdx.html 2/17/2019
Next Meeting Details 2/17/2019
Action Items for June Presentation from the PP team on mandating of encryption in PP-A and PP-B. (AI #198) Discussion on whether the document should be a standard (document focused on shalls) or a recommended practice (document focused on shoulds) 2/17/2019
Backup Slides 2/17/2019
Mailing List and Web Site Listserv run by the IEEE An archive is available on the web site Subscribe via a note to: listserv@listserv.ieee.org containing the line: subscribe stds-2600 Only subscribers may send e-mail to the mailing list. No Change 2/17/2019