Section 3.3 Out of Scope
While we're not specifying a standard for any of the mechanisms or functionality in section 3.3, we do include a statement that impacts:
6. Data Protection Policies
For instance, in section 6, "Conformance Requirements", #2 and #3 deal specifically with items that would be included in a data protection policy
And in section 9 "Security Considerations", we again require integrity protection of the log information.
We may want to modify the "out of scope" section to state that we are placing requirements on data protection policies, but not including recommendations for a "soup to nuts" data protection policy for logging information (of course, "soup to nuts" may not be appropriate for the actual text, but hopefully you get the idea)
By the way, the sentence in section 9 I'm referring to above is written as:
> Device MUST provide protection from alteration both on the device and when distributed outside the device.
>>IMHO, this wording should be more specific….something like:
Imaging devices MUST provide integrity protection for log message data, both on the device, as well as when the log data is transported outside the device.
The original text doesn't explicitly state what might be altered.
On Nov 26, 2012, at 12:47 PM, "Murdock, Joe" <jmurdock at sharplabs.com> wrote:
>> [This PWG Last Call starts today Monday November 26, 2012 and ends Friday January 18, 2013 at 10pm US PST.]
>> This is the formal announcement of the PWG Last Call for the PWG Log specification, located at:
>>ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-log10-20121112.pdf>> All required entries and values defined in this document have been prototyped by Apple. The IDS WG has completed extensive review of the various revisions of this document and an IDS WG last call.
>> The PWG Process/3.0 requires that a quorum (30%) of PWG voting members must acknowledge a PWG Last Call (with or without comments), before any document can progress to PWG Formal Vote. This PWG Last Call is NOT a Formal Vote but it DOES require your review acknowledgment.
>>> HOW TO RESPOND
>> Send an email with *exactly* the following subject line format:
> Subject: <Company Name> has reviewed the PWG-Log specification and has [no] comments
>>> WHERE TO SEND YOUR RESPONSE
>> Please send your response to *all* of the following email addresses (replacing "dot" with '.' and "at" with '@'):
>> “ids "at" pwg "dot" org (IDS WG mailing list - you must be subscribed!)
> jmurdock "at" sharplabs "dot" com (Joe Murdock, IDS WG Chair)
> alan.sukert "at" xerox "dot" com (Alan Sukert, IDS WG Secretary)
> msweet "at" apple "dot" com (Michael Sweet, PWG-Log Editor)
>> Note that you must be subscribed to the IDS WG mailing list to send email there - otherwise your email will be silently discarded.
>> Please do NOT simply reply to this note on the PWG-Announce list.
>> Note: The PWG Definition of the Standards Development Process Version 3.0 is located at:
> Joe Murdock
> Principal Engineer and Researcher
> Chair IEEE/ISTO Printer Working Group Imaging Device Security
> Sharp Labs of America
> 5750 NW Pacific Rim Blvd
> Camas, WA 98607
> (360) 817-7542
>jmurdock at sharplabs.com>>> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> pwg-announce mailing list
>pwg-announce at pwg.org>https://www.pwg.org/mailman/listinfo/pwg-announce
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...