1. Don Wright Director of Standards Lexmark International don@lexmark.com
P2600 Hardcopy Device and System Security May 2006 Working Group Meeting
Don Wright
Director of Standards
Lexmark International
2/17/2019

2. Agenda Items Tuesday/Wednesday, May 23-24 Welcome & Introductions
Update and Approve Agenda
Review and approve April Minutes
IEEE Patent Policy Review
2006 Meeting Schedule
Update on TCG
Update on INCITS CS1 Working Group
Review of Action Items from April Meeting
Topics from
2/17/2019

3. Agenda Items Tuesday/Wednesday, May 23-24 Merged Document Review
Document Review of PPs
B (Enterprise) PP
D (SoHo) PP
C (Public) PP
A (High) PP
Other items
Schedule
Next meeting details
Summarize and record action items
2/17/2019

4. Minutes from April Meeting
Minutes were published shortly after the meeting.
They are available at:
Any corrections or changes?
2/17/2019

5. Instructions for the WG Chair
At Each Meeting, the Working Group Chair shall:
Show slides #1 and #2 of this presentation
Advise the WG membership that:
The IEEE’s patent policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE-SA Standards Board Bylaws;
Early disclosure of patents which may be essential for the use of standards under development is encouraged;
Disclosures made of such patents may not be exhaustive of all patents that may be essential for the use of standards under development, and that neither the IEEE, the WG, nor the WG Chairman ensure the accuracy or completeness of any disclosure or whether any disclosure is of a patent that, in fact, may be essential for the use of standards under development.
Instruct the WG Secretary to record in the minutes of the relevant WG meeting:
That the foregoing advice was provided and the two slides were shown;
That an opportunity was provided for WG members to identify or disclose patents that the WG member believes may be essential for the use of that standard;
Any responses that were given, specifically the patents and patent applications that were identified (if any) and by whom.
2/17/2019
(Not necessary to be shown)
Approved by IEEE-SA Standards Board – March 2003 (Revised March 2005)

6. IEEE-SA Standards Board Bylaws on Patents in Standards
IEEE standards may include the known use of essential patents and patent applications provided the IEEE receives assurance from the patent holder or applicant with respect to patents whose infringement is, or in the case of patent applications, potential future infringement the applicant asserts will be, unavoidable in a compliant implementation of either mandatory or optional portions of the standard [essential patents]. This assurance shall be provided without coercion. The patent holder or applicant should provide this assurance as soon as reasonably feasible in the standards development process. This assurance shall be provided no later than the approval of the standard (or reaffirmation when a patent or patent application becomes known after initial approval of the standard). This assurance shall be either:
a) A general disclaimer to the effect that the patentee will not enforce any of its present or future patent(s) whose use would be required to implement either mandatory or optional portions of the proposed IEEE standard against any person or entity complying with the standard; or
b) A statement that a license for such implementation will be made available without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination.
This assurance is irrevocable once submitted and accepted and shall apply, at a minimum, from the date of the standard's approval to the date of the standard's withdrawal.
New text in red!
Even newer text in blue!
2/17/2019
Slide #1
Approved by IEEE-SA Standards Board – March 2003 (Revised February 2006)

7. Inappropriate Topics for IEEE WG Meetings
Don’t discuss the validity/essentiality of patents/patent claims
Don’t discuss the cost of specific patent use
Don’t discuss licensing terms or conditions
Don’t discuss product pricing, territorial restrictions, or market share
Don’t discuss ongoing litigation or threatened litigation
Don’t be silent if inappropriate topics are discussed… do formally object. If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at or visit This slide set is available at
2/17/2019
Slide #2
Approved by IEEE-SA Standards Board – March 2003 (Revised March 2005)

8. Officers Chair: Don Wright, Lexmark Vice Chair: Lee Farrell, Canon
Secretary: Brian Smithson, Ricoh
Editors:
Non-PP clauses: Jerry Thrasher, Lexmark
PP clauses: Brian Smithson, Ricoh
2/17/2019

9. 2006 Meeting Schedule June 19-20, Camas WA @ Sharp
July Rochester, Xerox
September 6-7 Boulder, IBM
Potential schedule change to Sept 19-20
October 23-24, Lexington Lexmark
December 11-12, Orange Canon
2/17/2019

10. Schedule Schedule Clauses 1-9, Informative Annex Protection Profiles
Ready for merging
May & June meeting reviews
Protection Profiles
Waiting for April decision on extent of change to CCV3 draft
Simple changes: July draft of CCV3
into the PPs by Sept?
PPs reviewed and iterate 1 or 2 times
Complex changes: who knows?
Complete draft out of December meeting
2/17/2019

11. Schedule Schedule January 2007 February March
Form IEEE ballot body
Engage with CC Eval Labs
February
Start Balloting
Start Evaluation of PPs
March
April -- (Will need group meeting)
Reconcile comments from IEEE and Eval Labs
May – June - July
Recirculations
September
RevCom / Standards Board Approval
2/17/2019

12. Trusted Computing Group
Update
2/17/2019

13. INCITS CS1 : Cyber-Security
Update
2/17/2019

14. Group General Action Items from April
Update web site with June meeting details – done
Create Merged Document of Clause 1-9 – done
Convert all sections to new PP names – done
Convert PP-A to CIM EAL 3 – (carry-over)
For PP-D: User authentication for printing – protecting the user document data – done
Take out the UD threats
Don’t include user authentication for print
Add back in threats to HCD’s integrity (“proxy”, “sw.update”)
Harmonize Subject/Object implementation – ?? (carry-over)
Company funding of Evaluations:
DAPS: $10 – 20K
Lexmark: $5K (possibly more)
Ricoh, HP – not immediately rejected
Canon, Sharp, Oki, Oce – wants to better understand the benefits of paying versus not paying
2/17/2019

15. Action Items from Previous Meetings
Any update on CCV3 plans from NIAP?
CCV3 version will happen in July
Part 2 will be based on CCv2.3 but modified
Subject/Object may or may not be included
“SEP and RVM will be removed and FCS may be incorporated into other functional requirements”
PP-D EAL1/LAPP: review, and consider if threats/assumptions should be included in that PP – ok, threats will be in PP-D
Review entries in P2600-action-items excel spreadsheet
2/17/2019

16. Issues raised on e-mail
NIAP Policy Letter #13 – Sukert
Clarify this in the PP TOE Description
Threat Actors – add to clause 7 (definitions, within each threat, summary table)
Plain English SFRs – use standard SFR language, use application notes to provide additional clarity.
Definitions – include both definitions with the “CIM” definition as an alternate
Term P2600 Definition CIM Definition
availability
A condition in which authorized users have access to information, functionality and associated assets when required. See also: asset; authorized user.
Timely, reliable access to IT resources.
confidentiality
A condition in which information is accessible only to those authorized to have access.
A security policy pertaining to disclosure of data.
integrity
A condition in which data has not been changed or destroyed in an unauthorized way.
A security policy pertaining to the corruption of data and to the corruption of security functional mechanisms.
non-repudiation
The prevention of false denial of involvement in sending or receiving information.
A security policy pertaining to providing one or more of the following: · To the sender of data, proof of delivery to the intended recipient, · To the recipient of data, proof of identity of the user who sent the data.
2/17/2019

17. Document Section Status
Editors Assigned:
Clauses 1-9 & non-PP Annexes: Jerry Thrasher
Clause 1 & 4 – Don W.
Clause 2 & Informative References – Don W.
Clause 3 (definitions) -- Alan Sukert
Clause 5 (environments) – Peter C.
Clause 6 (assets) – Brian V.
Clause 7 (threats) – Jerry T.
Clause 8 (Mitigation) – Tom H.
Clause 9 (Best Practices) – Don W.
Protection Profiles: Brian Smithson
PP-A -- Ron Nevo
PP-B -- Brian Smithson
PP-C -- Nancy Chen
PP-D -- Carmen Aubry
2/17/2019

18. Document Review Drafts needing most review Others? Merged Draft
PP-D (partially done… need full review of 4.1 & 4.2)
Others?
2/17/2019

19. Document Review – Merged Draft
Clause 1
Clause 2
Clause 3
Clause 4
Clause 5
Clause 6
Clause 7
Clause 8
Clause 9
Annexes
2/17/2019

20. Document Review: PP-D Review Draft number 18b
Now Protection Profile D, EAL1
2/17/2019

21. Document Review: PP-A Review Draft number 18b
Now Protection Profile A, EAL 3
2/17/2019

22. Document Review: PP-B Review Draft number 18c
Now Protection Profile B, EAL 2
2/17/2019

23. Document Review: PP-C Review Draft number 18b
Now Protection Profile C, EAL 2
2/17/2019

24. Next Meeting Details June 19-20
Sharp Labs of America NW Pacific Rim Blvd Camas, WA 98607
Directions:
2/17/2019

25. Next Meeting Details
2/17/2019

26. Action Items for June
Presentation from the PP team on mandating of encryption in PP-A and PP-B. (AI #198)
Discussion on whether the document should be a standard (document focused on shalls) or a recommended practice (document focused on shoulds)
2/17/2019

27. Backup Slides
2/17/2019

28. Mailing List and Web Site
Listserv run by the IEEE
An archive is available on the web site
Subscribe via a note to: containing the line: subscribe stds-2600
Only subscribers may send to the mailing list.
No Change
2/17/2019