[IDS] Fwd: [Network iTC] CCUF Amsterdam Follow-Up

[IDS] Fwd: [Network iTC] CCUF Amsterdam Follow-Up

[IDS] Fwd: [Network iTC] CCUF Amsterdam Follow-Up

Ira McDonald blueroofmusic at gmail.com
Tue May 2 14:54:04 UTC 2017


Common Criteria update on International Network Device Protection Profile
from Amsterdam F2F last week, for CCUF report at IDS session tomorrow.

- Ira

Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
mailto: blueroofmusic at gmail.com
Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434

---------- Forwarded message ----------
From: Common Criteria Users' Forum <postman at notify.onlyoffice.com>
Date: Tue, May 2, 2017 at 9:45 AM
Subject: Projects [Network iTC]. New discussion: CCUF Amsterdam Follow-Up
To: blueroofmusic at gmail.com

[image: ONLYOFFICE] <http://www.onlyoffice.com/>
New discussion created: CCUF Amsterdam Follow-Up

5/2/2017 9:45:13 AM Mark Jackson
has started a new discussion: CCUF Amsterdam Follow-Up

Hi All,

Great to catch up with some of you face to face in Amsterdam last week. I
know many of your couldn't make the event and so thought I'd share a few
highlights from the meeting we held, along with a pointer to the slides

   - I provided an update as to where we are with NDcPP and ND SD version
   2. We are very close now. We have one issue to resolve on the cPP which is
   undergoing a review with NIAP but otherwise this is now done. I'm aiming to
   have this closed by this week. The SD is undergoing a final editorial
   review and so may be a little behind the cPP as it undergoes some final
   consistency checks before being released. But its should't be too far
   behind and I'd certainly like to see this released next week also.
   - I've been asked about a detailed change log for version 2. This is
   going to be very difficult to provide, not least because of the lack of
   tooling that is enabling us to track each and every issue. In addition,
   we've made so many changes to the documents that it would be a very
   extensive list - so extensive that it wouldn't really serve any purpose. I
   will update the change document I published during the public review and
   will also be publishing the consolidated comment forms for the cPP and SD.
   Together they should give a sense of what has changed.
   - I talked a little about the editorial process that the team had ben
   following, just so there was some transparency over what we've been doing
   for the past few months. The details are in the slides so I won't repeat it
   all here. I'm planning to publish the process so that we can re-use as a
   standard process for the iTC going forward.
   - We talked about major and minor versioning with regards the cPP and SD
   as we all recognise that we have a number of elements that need a much
   shorter 'fix' time that 2-3 years. Tony talked about his ideas about having
   a regular minor version update that would focus on minor updates to the
   documents, covering such things as;

      - Fixes that are unable to be incorporated in to the previous version
      (due to timescales or scale of fix)
      - NIT Technical Decisions

   - Some of the versioning conversation relies on how schemes adopt our
   approach - details which still need to be worked on.
   - We talked about version 2.1 as being a great trial for our
   first minor. This will be tightly scoped to a defined set of changes and
   the plan is, that as a minor version, will not be subject to the external
   public review cycle we would perform for a major version. Instead, it would
   receive an internal iTC only review. Furthermore, the editorial team will
   focus on comments/feedback associated with the changed elements of the
   cPP/SD, not comments that impact the wider document - unless they are of a
   critical nature.
   - We talked also about the need to review the current basis for the cPP
   and SD. At a combined page count of > 400 pages, it is getting increasingly
   difficult to manage the documents and make use of them. We discussed the
   need to review the validity of some of the requirements and ensure that
   they remain applicable in the fact of the threats we're trying to protect
   against. This will be a long-term project and will run in parallel to other
   developmental activity. Details of this approach are yet to be defined.

I think this captures the highlights. It was a lively and engaged debate
which is good as there is much still do do within the iTC. If you have
questions or comments, please add them to the thread.

Slides from the session can be found at https://ccusersforum.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20170502/709e5320/attachment.html>

More information about the ids mailing list