IEEE- P2600 PP Guidelines Suggested Format and Content

Slides:

Advertisements

Similar presentations

CSE594 Fall 2009 Jennifer Wong Oct. 14, 2009

Advertisements

IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, peter Cybuck.

IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Farrell Lee October 2007.

IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.

IEEE- P2600 PP Guidelines Suggested Format and Content Members: Alan Sukert Ron Nevo, Brian Smithson, Nancy Chen, Farrell Lee, Sameer Yami, Tom Haapanen,

Page 1 National Defense Industrial Association (NDIA) Program Management Systems Committee (PMSC). NDIA Earned Value Management Systems Intent Guide Overview.

WEBQUEST Let’s Begin TITLE AUTHOR:. Let’s continue Return Home Introduction Task Process Conclusion Evaluation Teacher Page Credits This document should.

Design Plans CSCI102 - Systems ITCS905 - Systems MCS Systems.

Slide #1 Writing Winning Proposals. Slide #2 Agenda  Overview  Writing Tips  Comments, Suggestions, Questions  Upcoming Seminars.

Software Documentation Written By: Ian Sommerville Presentation By: Stephen Lopez-Couto.

The Research Problem and Objectives Lecture 6 1. Organization of this lecture Research Problem & Objectives: Research and Decision/Action Problems Importance.

Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.

Proceedings and Report of the Expert Meeting: Arrangements Proceedings and Report of the Expert Meeting: Arrangements.

Code as Communication Programming Studio Spring 2015.

RESEARCH METHODOLOGY. WHAT IS RESEARCH METHODOLOGY?  In this section, the researcher must state the type of research, its meaning, and how it is applicable.

11 th INIS/ETDE Joint Technical Committee Meeting Agenda Item 3.2 Update of common manuals – responsibilities and timeframe Debbie Cutler, ETDE OA 6-8.

Public Health Reporting Initiative Stage 3 Sprint: Implementation Guide Development Phone: x

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

TAG-TF Introduction Surveymonkey.com/s/TAGTFSurvey.

The Research Problem and Objectives Lecture 6 1. Organization of this lecture Research Problem & Objectives: Research and Decision/Action Problems Importance.

Research Methods Technical Writing Thesis Conference/Journal Papers

~ pertemuan 4 ~ Oleh: Ir. Abdul Hayat, MTI 20-Mar-2009 [Abdul Hayat, [4]Project Integration Management, Semester Genap 2008/2009] 1 PROJECT INTEGRATION.

ICAD3218A Create User Documentation.  Before starting to create any user documentation ask ‘What is the documentation going to be used for?’.  When.

Development of Assessments Laura Mason Consultant.

The Common Criteria for Information Technology Security Evaluation

Multiple literacy Standards for the 21st-Century learner

Writing a Critical Summary of an Article or Paper

Reading Skills for Academic Study

Document Development Cycle

CSE594 Fall 2009 Jennifer Wong Oct. 14, 2009

ECE361 Engineering Practice

Safeguards- Feedback on Safeguards ED-2 and Task Force Proposals

SCC P2P – Collaboration Made Easy Contract Management training

Policy & Procedure Writing

Planning your Dissertation

Software Documentation

IEEE 2600 Protection Profile Group

Sohar University Quality Unit

How to Publish with IEEE

EPICS Conceptual Review Template Notes:

Introduction to mobile app development Module 2 – Getting started with apps and App Studio Lance McCarthy.

Introduction to vital statistics report writing

Module 6: Preparing for RDA ...

Don Wright Director of Standards Lexmark International

Guidance on WIGOS Data Partnerships Draft v1.9

James Arnold/ Jean Petty 27 September 2007

9th International Common Criteria Conference Report to IEEE P2600 WG

Recent developments in Eurostat publications

Response to Comments Received on the a PAR and CSD

Job Analysis CHAPTER FOUR Screen graphics created by:

WJEC GCE Geography Guidance for Teachers: Assessment at AS/A level.

IEEE- P2600 PP Validation Suggested Process and Update

WG 2.9 Best Practices in River Basin Planning

Writing reports Wrea Mohammed

Writing Careful Long Reports

Research Methods Technical Writing Thesis Report Writing

Dr Panos Tsintis Senior Advisor - CIOMS Berlin - October 2018

Sam Catherine Johnston, Senior TA Specialist National AEM Center

Towards a strategic publications programme for Eurostat

IEEE- P2600 PP Validation Suggested Process and Update

What is a CA document? Date: Authors: March 2005 March 2005

IEEE- P2600 PP Guidelines Suggested Format and Content

Outlook and Shared Drives

Chapter 4: Project Integration Management

Learning Target: Students will provide constructive feedback to each group’s draft proposal to aid in the revision process. Language Objective: Students.

Cynthia Curry, Director National AEM Center

draft-ietf-dtn-bpsec-06

CSE594 Fall 2009 Jennifer Wong Oct. 14, 2009

BMA534 International Business Management

STEPS Site Report.

Presentation transcript:

IEEE- P2600 PP Guidelines Suggested Format and Content 6/2/2019 IEEE- P2600 PP Guidelines Suggested Format and Content Members: Alan Sukert Ron Nevo, Brian Smithson , Nancy Chen, Farrell Lee, Sameer Yami, Tom Haapanen, Peter Cybuck December 2007

PP Guidelines Possible Audience and Goals ST authors and CCTLs/consultants who write STs for vendors Understand how to write an ST against one of the Operational Environment PPs Customers & individuals involved in HCD procurements Understand how to apply these PPs and what they mean Understand what compliance means against each of the Operational Environment PPs and individual TOE PPs Vendors and their product developers ST evaluators Guidance on how to evaluate a TOE based on the PPs Validators (both present and future)

PP Guidelines Possible Guidelines Content How to interpret what products belong in which Operational Environment – distinctions among 4 environments Actual examples on how to construct an ST for a product using the structure (e.g., what applies to a typical type of HCD, etc.) Include sample text for each ST section based on one of the PPs Show multiple ways to meet requirements How the PPs allow vendors to be compliant without indicating a specific implementation (i.e., allow for flexibility) Comment on scheme-specific policies and interpretations Certification issues in specific countries (e.g.., unique Scheme policies) 3

PP Guidelines Possible Guidelines Content (cont) Explaining how the PPs were formulated (e.g., additional explanation of App Notes) Where (and to whom ) to send questions on PP text (e.g., applicable URL pointers) Explain why certain decisions were made, why certain threats did or did not end up in PPs, etc. Confidential vs. protected data – definitions, examples, how to choose what data should be specified in an ST, etc. What SFRs/threats/objectives apply to each environment How to deal with updates of CC and the relation to existing PPs and current / new STs 4

PP Guidelines Possible Guidelines Content (cont) General introduction about guidance and what is expected of ST authors. Would take a “high level” approach to what the guidelines is trying to accomplish (e.g., allow innovation in STs that are created from the PPs). Put everything in perspective Include mailing list Would help generate FAQs Show important “To dos’ and ‘Not to dos’ Clarification of what PPs from the Family of PPs should be selected for a given TOE

PP Guidelines Possible Guidelines Format Combined format – general wording on the PPs and FAQs Be completely web-based, especially FAQs. Would allow the guidelines to be “evergreen”. Be a published document. Be both published and web-based Include mailing list? Would help generate FAQs Use applicable IEEE style guide for this type of document “Web Publications” vs. “Guide” format template 6

PP Guidelines Content Recommendation Include an Introduction and Purpose Separate sections for guidance to vendors, ST authors, ST evaluators, PP validators. Each section should include: How to interpret what products belong in which Operational Environment – distinctions among 4 environments Examples showing multiple ways to meet requirements Show important “To dos’ and ‘Not to dos’ Clarification of what PPs from the Family of PPs should be selected for a given TOE Table that shows what PPs from the Family of PPs should be incorporated into ST for a given Operational Environment and TOE 7

PP Guidelines Format Recommendation Be a published document Consider web-based FAQs Follow the IEEE Standard for a ‘Guide’ 8

PP Guidelines Development Plan Must finish document before first ST would be written against the validated P2600 PPs Availability of selected Scheme to validate the P2600 PPs will determine when this should be Approach Provide only high-level guidance in initial version Include more detailed guidance in later versions Initial Plan (assumes worst case) Dec 07 P2600 Meeting – Create task group and complete initial document scoping Feb 08 Meeting – Review draft of Introduction, initial content and initial FAQs Mar 08 meeting – Review full content of initial version 9

PP Guidelines Development Issues Scope PP Guidelines appropriately so they aren’t so “huge” What is the appropriate scope? Choice of what Audience the document will support is critical Do we have the knowledge and expertise to provide guidance to ST authors? Evaluators? Validators? Make the FAQs dynamic so they grow over time Web pages vs. hardcopy document 10

PP Guidelines Other Issues Will IEEE charge for this document Will guidelines be separate from P2600 standard or be included with the standard Who will maintain/update these guidelines How do the guidelines get updated as CC gets updated Will IEEE membership/password access be required (i.e., open just to IEEE members) 11