Per my action item from last meeting, please take a look at NIAP's PP for
"network devices" here http://www.niap-ccevs.org/pp/pp_nd_v1.0/.
It is for infrastructure devices (such as routers or firewalls), and it
covers only the administrative access and control of the device. It isn't
intended to cover the primary function of such devices (such as routing or
blocking network traffic). The purpose of looking at this document is to get
some inkling of NIAP's new direction for PPs. For example:
* In addition to "Application Notes" that are found in traditional PPs
(like IEEE 2600.1), there are some detailed "Assurance Activity" notes.
* Take a look at the FCS class of SFRs and you'll see a lot more detail
(although mainly US-specific) on both product implementation and on
assurance activity.
* They have made quite a few extended components. Alas, they don't
provide any general discussion or rationale for such extensions, and
in some cases I wonder if an extended component was really needed (who
can say? there's no rationale...).
--
Regards,
Brian Smithson
PMP, CSM, CISSP, CISA, ISO 27000 PA
Security Research, Planning
Advanced Customer Technologies
Ricoh Americas Corporation
bsmithson at ricohsv.com
(408)346-4435
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20110615/fb805028/attachment-0001.html>