Comparison between Family Comparison between Family of PPsof PPs and PP with Packages and PP with Packages
Brian Smithson and Ron Nevo
Structure Comparison Structure Comparison tabletable
Topic Family of PPs PP with packages (PP?)
Comments
How many documents
One document for all
One document for all
If IPA will not approve packages, will use PP
How many basic PPs
One mandatory common PP plus at least one of four hardcopy function PPs
Select one of two mandatory basic PPs
What included in the basic PP
Common requirements for user I&A and administration, plus chosen hardcopy function
(1) Network printer or (2) Network printer with copy and scan functions
How many independent PPs/ packages
8 independent PPs (including the 4 hardcopy PPs)
4 independent packages (PPs?)
Click for details
Click for details
Structure Comparison table Structure Comparison table (continue)(continue)
Topic Family of PPs PP with packages (pps)
Comments
Configuration coverage
Any combination of print, scan, copy, fax, doc server, doc server, HDD, SW install, network. Must have admin function.
Printer or MFP; optional fax, HDD, SW install, local I/F. Must have network. No doc server.
How to comply
One mandatory common PP, plus at least one of four hardcopy function PPs and four independent PPs as needed
One of two mandatory PPs, plus four dependent packages (pps) as needed
Compliance statement
Each PP is individually named, each name is specified for compliance
One PP with specified name for compliance name . The name depended on the packages included
Click for details
Structure Comparison table Structure Comparison table (continue)(continue)
Topic Family of PPs PP with packages
Comments
User (DAPS) Comments
Prefer to have fewer PPs in order to show the differences and to compare between vendors
NIAP Acceptable approach
Acceptable approach
IPA One document is acceptable if PPs are individually identified. No opinion yet on the FPP’s rules for use.
Packages need to get IPA approval if not will use separate PPs
ST must comply to everything that is described in a PP.
Other schemes
? ?
CC laboratories
? ?
CC consultants
? Packages are not evaluated, and do not need assets / threats / objectives; not sure how packages would be published / enforced
Family of PPs / Packages – What is included in the Family of PPs / Packages – What is included in the Common/Basic PPCommon/Basic PP
P2600.1-COM, Protection Profile for Common Functions in Hardcopy Devices
This Protection Profile shall be used for HCD products, and it includes common functions suchas for configuring user identification/authorization, device options, data interfaces, security, orauditing.
Plus at least one of these four:P2600.1-PRT, Protection Profile for Print Functions in Hardcopy DevicesP2600.1-SCN, Protection Profile for Scan Functions in Hardcopy DevicesP2600.1-CPY, Protection Profile for Copy Functions in Hardcopy Device,P2600.1-FAX, Protection Profile for Fax Functions in Hardcopy Devices
Base HCD packages:Base Network Printer Package to include the following functions:
Printing digital documents to paper form using a network interface
Base Network MFD Package to include the following functions: Printing digital documents to paper form using a network interfaceCopying paper documents Scanning paper documents to digital form using a network interface
The base packages are the same
Go Back
Family of PPs / Packages – How many dependent PPs/ Family of PPs / Packages – How many dependent PPs/ packages existpackages exist
8 independent optional PPs:
P2600.1-PRT, Protection Profile for Print Functions in Hardcopy Devices, Operational
2600.1-SCN, Protection Profile for Scan Functions in Hardcopy Devices, Operational
P2600.1-CPY, Protection Profile for Copy Functions in Hardcopy 76 Devices, Operational
P2600.1-FAX, Protection Profile for Fax Functions in Hardcopy Device, Operational
P2600.1-DSR, Protection Profile for Document Storage and Retrieval Functions in
P2600.1-NVS, Protection Profile for Nonvolatile Storage Functions in Hardcopy Devices,
P2600.1-SWI, Protection Profile for Software Installation Functions in Hardcopy Devices,
P2600.1-SMI, Protection Profile for Shared-medium Interface Functions in Hardcopy
4 dependent optional Packages:Nonvolatile Storage Package to include:
Persistent storage and retrievalNon-Hardware Functional Update Package to include:
Software / Firmware / Applet installation and upgradeLocal Interface Package to include:
User data and management data I/O through local interfaces (such as USB, Copy Control and others)Fax Package to include:
Transmitting paper or digital documents to a facsimile device using a PSTN interfaceReceiving documents from a facsimile device and delivering them in paper or digital form using a PSTN interface
Go Back
Family of PPs / Packages – How to complyFamily of PPs / Packages – How to comply
Compliant Security Targets and other Protection Profiles shall claim at least Demonstrable Conformance with this family of Protection Profiles. Demonstrable conformance requires that the Security Target and other Protection Profiles be a suitable solution to the generic security problems described in this protection profile. Refer to Table 1 that describe the HCD packages that addressed by this Family of Protection Profiles.Certification Path Validation – The Base HCD Package is a dependency of the following other packages, i.e., when the following packages are included in a PP, Basic HCD package must also be included in the PP: Base HCD Package
Either the Base Network Printer Package or Base Network MFD packageDependent packages of base HCD package including :
Nonvolatile Storage packageNon-Hardware Functional Upgrade packageLocal Interface packageFax package
Naming of Protection Profile:If an ST claims Demonstrable Conformance to a base Package then the PP name that the ST claims conformance to “IEEE P2600.1 Protection Profile with packages: Base Network Printer <or Base Network MFD> at EAL 3 with ALC_FLR 2 augmentation”.If an ST claim Demonstrable Conformance to a base package (e.g. Base Network Printer) and to one of the dependency functional packages (e.g. Nonvolatile Storage package) then the PP name that the ST claims conformance to is “IEEE P2600.1 Protection Profile with packages: Base Network Printer, Nonvolatile Storage at EAL 3 with ALC_FLR 2 augmentation”.
To claim conformance to any of the protection profiles that are contained in this Family of Protection
Profiles, the conforming security target or protection profile shall comply with three rules:a) The Common Functions Rule: Security targets and other protection profiles shall claim at leastDemonstrable Conformance with the following Protection Profile listed in Section 4.1 “PP References”: P2600.1-COM.b) The Hardcopy Rule: Security targets and other protection profiles shall claim at leastDemonstrable Conformance with one or more of the following Protection Profiles listed inSection 4.1 “PP References”: P2600.1-PRT, P2600.1-SCN, P2600.1-CPY, or P2600.1-FAX.c) The Complete TOE Rule: Security targets and other protection profiles shall claim at leastDemonstrable Conformance with any and all Protection Profiles listed in Section 1 “PPReferences” whose target(s) of evaluation are representative of functions that are provided inthe target of that security target or other protection profile.
Demonstrable conformance requires that the security target and other protection profiles be a suitablesolution to the generic security problems described in this Protection Profile.
Go Back