P2600 Hardcopy Device and System Security Feb 2004 Working Group Meeting

1
P2600Hardcopy Device and System SecurityFeb
2004 Working Group Meeting

• Don Wright
• Director, Alliances Standards
• Lexmark International
• don_at_lexmark.com

2
Agenda

• February 3, 2004 900 - 930   Opening, Intros,
  Attendance930 - 945   Review IEEE Patent
  Policy945 - 1000  Mailing list and
  Website1000 - 1015 Break1015 - Noon 
  Review/Approve Operating ProceduresNoon -
  130   Lunch130 - 200   Election of
  Officers200 - 230   Identify Document
  Editor(s)230 - 245   Break245 - 430  
  Requirements Document
• February 4, 2004900 - 915   Opening.
  etc.915 - 1015  Content Outline1015 - 1030
  Break1030 - Noon  Content Outline
  (Cont.)Noon - 130   Lunch130 - 230  
  Content Outline (Cont.)230 - 245  
  Break245 - 315   Assign Sections to
  Authors/Editors315 - 400   Future Meeting
  Plans

3
IEEE-SA Standards Board Bylaws on Patents in
Standards

• 6. Patents
• IEEE standards may include the known use of
  patent(s), including patent applications,
  provided the IEEE receives assurance from the
  patent holder or applicant with respect to
  patents essential for compliance with both
  mandatory and optional portions of the standard.
  This assurance shall be provided without coercion
  and prior to approval of the standard (or
  reaffirmation when a patent becomes known after
  initial approval of the standard). This assurance
  shall be a letter that is in the form of either
• a) A general disclaimer to the effect that the
  patentee will not enforce any of its present or
  future patent(s) whose use would be required to
  implement the proposed IEEE standard against any
  person or entity using the patent(s) to comply
  with the standard or
• b) A statement that a license will be made
  available without compensation or under
  reasonable rates, with reasonable terms and
  conditions that are demonstrably free of any
  unfair discrimination
• This assurance shall apply, at a minimum, from
  the date of the standard's approval to the date
  of the standard's withdrawal and is irrevocable
  during that period.

Slide 1
Approved by IEEE-SA Standards Board March 2003
4
Inappropriate Topics for IEEE WG Meetings

• Dont discuss licensing terms or conditions
• Dont discuss product pricing, territorial
  restrictions or market share
• Dont discuss ongoing litigation or threatened
  litigation
• Dont be silent if inappropriate topics are
  discussed do formally object.
• If you have questions, contact the IEEE Patent
  Committee Administrator at patcom_at_ieee.org or
  visit http//standards.ieee.org/board/pat/index.ht
  ml

Slide 2
Approved by IEEE-SA Standards Board March 2003
5
P2600

• Scope
• This standard provides security direction for
  manufacturers, users and others on the selection,
  installation, configuration and usage of hardcopy
  devices and systems including printers, copiers,
  and multifunction devices and the computer
  systems that support these devices. This
  standard identifies security exposures for these
  hardcopy devices and systems and instructs
  manufacturers and software developers on
  appropriate security capabilities to include in
  their devices and systems and instructs users on
  appropriate ways to use these security
  capabilities.
• Note General techniques used to address physical
  security, password complexity and change
  frequency, etc. are out of scope. Specific
  techniques useful for hardcopy devices are in
  scope.
• Purpose
• In today's Information Technology environment,
  significant time and effort are being spent on
  security for workstations and servers. However,
  today's hardcopy devices (printers, copiers,
  multifunction devices, etc.) are connected to the
  same local area networks and contain
  communications, processing and storage components
  just as subject to security problems as
  workstations and servers. At this time, there
  are no standards to guide manufacturers or users
  of hardcopy devices or the computer systems that
  support them in the secure installation,
  configuration or usage of these devices and
  systems.

6
Announcement and Awareness

• Study Group met in November at IEEE Computer
  Society meeting to lay out the plans for this
  work.
• Final PAR was submitted after the November
  meeting and was approved by IEEE SASB December
  2003
• Press Release went out on BusinessWire on Jan 7,
  2004
• http//biz.yahoo.com/bw/040107/75849_1.html
• Lexmark is currently engaging with high profile,
  security aware customers including both
  commercial and public sector to get their
  participation. Are others?

7
Press Release

• IEEE Begins Standard to Enhance Security in
  Networked Printers and Other Hardcopy
  DevicesWednesday January 7, 541 pm ET
• PISCATAWAY, N.J.--(BUSINESS WIRE)--Jan. 7,
  2004--Most organizations make computer security a
  priority, but few do the same for their networked
  printers and other hardcopy peripherals even
  though these devices may be vulnerable to attack.
  In seeking to address this situation, the IEEE
  Standards Association (IEEE-SA) has begun work on
  IEEE P2600(TM), "Standard for Information
  Technology Hardcopy System and Device Security."
  
• This new standard will define security
  requirements for those who manufacture, create
  software for and use printers, copiers,
  multifunction devices and other hardcopy devices,
  as well as for the computer systems that support
  them. It will cover many aspects of security
  involved in developing, selecting, installing,
  configuring and using these devices.
• These issues encompass authentication,
  authorization and the privacy of data sent to and
  from devices and residing on them, as well as
  such areas as data integrity and device
  management. Additionally, this project may
  include checklists, guidelines and other aids for
  creating and implementing hardcopy security
  plans.
• "IEEE P2600 will help manufacturers, system
  administrators and users rectify the many
  potential security liabilities associated with
  hardcopy devices," says Don Wright, Chair of the
  IEEE Hardcopy Security Working Group and
  Director, Alliances Standards, Lexmark
  International. "As things stand now, the
  communications, processing and storage elements
  in such devices are prone to the misdeeds of
  others. They can, for instance, let attackers
  read information sent to printers or open
  gateways that lead beyond firewalls and expose
  sensitive and confidential information."
• The IEEE 2600 working group defines hardcopy
  security as those measures, methods and
  procedures taken to guard against an attack on,
  theft of, espionage against or sabotage of the
  devices, components or systems used to print,
  scan, copy, transmit, receive or store documents
  on (or intended to be on) paper or other
  human-readable media.
• "Few existing standards even touch on hardcopy
  security, let alone address it broadly," says
  Wright. "In correcting this situation, the new
  standard will raise awareness of hardcopy
  security issue and help companies become more
  secure and come into compliance with existing
  laws."
• These laws include the Health Insurance
  Portability and Accountability Act, which
  requires healthcare organizations to protect the
  privacy and security of confidential health
  information, as well as the Safeguards Rule in
  the Gramm-Leach-Bliley Act, which calls on
  financial institutions to have comprehensive
  security programs that keep customer information
  secure and confidential. In addition, compliance
  with certain parts of the Sarbanes-Oxley Act of
  2002 could be adversely affected by a failure to
  provide adequate hardcopy security.
• The standards effort will involve those from
  hardcopy device manufacturers and users in the
  commercial and government sectors. The first
  meeting of the IEEE Hardcopy Security Working
  Group will be held in early 2004. Those
  interested in participating in this effort should
  visit http//grouper.ieee.org/groups/2600.

8
Press Release (continued)

• IEEE 2600 is sponsored by the IEEE Computer
  Society and is part of the IEEE's information
  assurance standards effort. Other IA standards
  underway within IEEE-SA include
• IEEE P1619(TM), "Standard Architecture for
  Encrypted Shared Storage Media," which will
  address the need for need for secure storage
  methods.
• IEEE P1700(TM), "Standard Security Architecture
  for Certification and Accreditation of
  Information Systems," which will set directions
  for a suite of detailed CA standards.
• IEEE P2200(TM), "Base Operating System Security
  (BOSS(TM))," which concerns external threats and
  intrinsic flaws arising from software design and
  engineering practices.
• To learn more about specific IEEE IA information
  assurance standards projects, go to
  http//ieeeia.org/projects.html.
• About the IEEE Standards Association
• The IEEE Standards Association, a globally
  recognized standards-setting body, develops
  consensus standards through an open process that
  brings diverse parts of an industry together.
  These standards set specifications and procedures
  based on current scientific consensus. The
  IEEE-SA has a portfolio of more than 870
  completed standards and more than 400 standards
  in development. Over 15,000 IEEE members
  worldwide belong to IEEE-SA and voluntarily
  participate in standards activities. For further
  information on IEEE-SA see http//www.standards.i
  eee.org/.
• About the IEEE
• The IEEE has more than 380,000 members in
  approximately 150 countries. Through its members,
  the organization is a leading authority on areas
  ranging from aerospace, computers and
  telecommunications to biomedicine, electric power
  and consumer electronics. The IEEE produces
  nearly 30 percent of the world's literature in
  the electrical and electronics engineering,
  computing and control technology fields. This
  nonprofit organization also sponsors or
  cosponsors more than 300 technical conferences
  each year. Additional information about the IEEE
  can be found at http//www.ieee.org.
• Contact
• Security Working Group
• Don Wright
• don_at_lexmark.com
• or
• IEEE Marketing Manager
• Karen McCabe, 1 732-562-3824
• k.mccabe_at_ieee.org

9
Mailing List and Web Site

• Web Site http//grouper.ieee.org/groups/2600
• Mailing list
• Majordomo run by the IEEE
• An archive is available via the web site
• Subscribe via a note to majordomo_at_ieee.org
  containing the line subscribe stds-2600
• Only subscribers may send e-mail to the mailing
  list.

10
IEEE Standards
IEEE Board of Directors
IEEE
IEEE Computer Society
Standards Association
Standards Activity Board
Board of Governors
- Don Wright, Member
- Don Wright, Governor
IEEE
IEEE-SA
Standard Sponsor
Standards Board
IASC
- Don Wright, Chair
- Jack Cole, Chair
Proposed Standards
P2600 Hardcopy Device And System Security
Management
11
Operating Procedures

• Modeled after the model IEEE Sponsor Procedures
• Identifies
• Governing Documents
• Scope of the Group
• Responsibilities of the Group
• Officers of the Group and their responsibilities
• Membership of the Group
• A Quorum (25 of members)
• Voting Procedures
• Initially adopted by a majority of the membership
  of the group can be subsequently modified by 2/3
  vote.
• All those in attendance today have voting rights.

12
Operating Procedures

• Motion
• Move to approve the Operating Procedures for the
  Hardcopy Security Working Group as published on
  the P2600 Website.

13
Election of Officers

• Chair
• Member of the IEEE and the IEEE Standards
  Association
• 2 year term, eligible for re-election without
  limit
• Chairs meetings, submits work to sponsor
• Vice Chair
• 2 year term, eligible for re-election without
  limit
• Fulfills responsibilities of the chair in his/her
  absence.
• Secretary
• 2 year term, eligible for re-election without
  limit
• Records and publishes minutes
• Maintains voting membership list

14
Slate of Officers

• Chair
• Don Wright, Lexmark
• Vice Chair
• Secretary

15
Document Editor(s)

• Create drafts
• Publish on web site
• Respond to comments
• Maintain change history
• Volunteers??
• Brian V.
• Jerry T.
• Ron Bergman
• Stefaan DS

16
Requirements

17
Components of Hardcopy Security

• Physical
• Theft prevention (Memory Cards, Hard disk drives,
  etc.)
• Disposal of integrated flash memory and/or hard
  disk drives
• Authentication
• Who are you and how do you prove it? Userids?
  Passwords? SmartCards? Biometrics?
• Federated Identity Systems such as Liberty
  Alliance or Passport
• Authentication of the device itself
• Authorization
• Are you authorized to print? Copy? Scan?
• Is that your print job being held for you in the
  printer?
• How are authorization levels maintained, managed,
  transmitted?
• Privacy
• Protection/Encryption of data transmitted to or
  from device
• Protection/Encryption of data residing on device
• HIPAA, Gramm-Leach-Bliley Act, Sarbanes-Oxley
  (Protection of Nonpublic Personal Information)
• Protection of the physical output, i.e. the paper
• Integrity
• Maintain and enforce the trustworthiness of the
  system
• Nonrepudiation

18
Components of Hardcopy Security

• Monitoring / Auditing
• Should you track who scanned or copied what?
• Knowledge of printing/scanning usage, timing,
  volumes can be insightful.
• Who is attempting unauthorized activities?
• Device Management
• Unauthorized configuration changes (disabling
  safeguards)
• Unauthorized firmware updates (re-enabling or
  bypassing disabled functions)
• Document Security
• Confidentiality, Integrity, Authenticity
• Non-repudiation, Authentication, Access Control
• Restrictive Rules and Legislation
• Unique purchasing requirements for DOD and others
• Encryption import/export laws
• Customer perceptions (correct or incorrect)
• Use of fax modem connection to break into
  corporate networks
• Use of device as source of denial of service,
  e-mail relays (spam), etc.
• Utilization of device programmability to
  compromise security

19
Translating Theory to Reality

• Encryption of content both to and from device
• Identification of users at device
• Magstripe, smartcards, proximity cards, etc
• Passwords, PINs
• Biometrics
• Physical protection of input forms/paper and
  output
• Locks
• Print and Hold
• Management and Configuration
• Turning off unnecessary protocols and ports
• Securing necessary ports (e.g. running IPSec over
  FTP)
• Restricting reconfiguration
• Management Web page security/protection
• Protection against unauthorized firmware updates
• Remote management and configuration ports
  (network, POTS, etc) on H/C devices could be used
  as access points into network
• Security implications of automated configuration
  (BOOTP, DHCP, etc.) both hacking the server and
  spoofing.

20
Translating Theory to Reality (cont.)

• Digitally signed documents
• To the device
• From the device
• Protection of residual data
• Fax to Network path control and protection
• Monitoring and Auditing
• Redistribution of viruses, trojan horses, etc. by
  hardcopy devices.
• Control over embedded Java, scripting, other
  execution languages within the device. Granular
  control versus global on/off.

21
Translating Theory to Reality (cont.)

• Over the wire security (e.g. end-user digital
  certificates) for standard and proprietary
  protocols. Varies from protocol to protocol.
• Denial of service (e.g. looping PostScript code,
  corrupted resident/permanent font download)

22
Roles Print/Scan/Fax/Copy/Manage/Network Device,
etc.

• Vulnerabilities
• Denial of Service
• Exploit Downloading corrupt firmware
• Looping PostScript
• Packet flooding
• Exposure of print and scan data
• Taking output from output tray
• Steal Printer, read hard disk
• Using device as gateway into the network
• Spreading viruses, trojan horses, etc.
• Theft of Service
• Steal Printer
• Steal memory/harddisk, etc.

Vulnerabilities
Exploitations
Roles
23
Role Print Jean-Claude L.

• Vulnerabilities
• Denial of Service
• Looping PostScript job
• PJL and other device control language
• Unauthorized firmware update
• Unplug device power cable, data cables, etc.
• Take device offline with control panel
• Unauthorized access to print data (on network, on
  harddisk, output)
• Networking sniffing of print job
• Reading residual data off the hard disk
• Steal output from hopper
• Compromised user identification means (pin ,
  proximity card, etc.) causing job to be released
• Theft of Service / Unauthorized usage including
  resources
• Stolen check stock from input tray
• Unauthorized user access to color printing
  capability
• User identity theft (e.g. capturing magstripe
  info)
• Network sniffing user id information from printer
  to LDAP server
• Corruption/alteration of print data
• Man-in-the-middle capture/alter/resend print job

24
Role Scan Stefaan D.

• Vulnerabilities
• Denial of Service
• Looping execution occurring on other roles (e.g.
  looping PS on printer leaves no cycles for
  scanning)
• Unauthorized firmware changes
• Destination device full (ftp server, mail server,
  etc.)
• Unauthorized access to scan data (on network, on
  harddisk)
• Network sniffer
• Secretly send copies of scanned data to other
  destination
• Theft of Service / Unauthorized usage including
  resources
• Unauthorized use of scanner
• User identity theft (e.g. capturing magstripe
  info)
• Network sniff of user id on the way to the LDAP
  server
• Corruption/alteration of scan data
• Man-in-the-middle capture/alter/resend
• Capture ftp server userid/password and replace
  scanned file
• Using scanner as a data generator for denial of
  service elsewhere
• Scan large document to all e-mail addresses in
  corp address book
• Theft of input document if operator walks away
• Cause the operator to walk away and then take the
  input document

25
Role Copy - Fujitani

• Vulnerabilities
• Denial of Service
• Looping execution occurring on other roles (e.g.
  looping PS on printer prevents copying)
• Unauthorized firmware changes
• Unauthorized access to copied data (on network,
  on hard disk)
• Steal hard disk with residual data from copying
• Java applet that secretly sends copied data to an
  e-mail address
• Theft of Service / Unauthorized usage including
  resources
• Unauthorized use of copier
• Stolen copier access codes
• User identity theft (e.g. capturing magstripe
  info)
• Network sniff of user id on the way to the LDAP
  server
• Steal hard disk containing user lists
• Corruption/alteration of copier data
• Java applet that reduces copy quality to fax
  quality and adds fax-like headers and footers to
  a document.
• Java applet to forge Bates stamp/number on legal
  documents
• Misapplication of signatures, hanko stamp, notary
  stamps, watermarks, etc.
• Printing of barcode containing maliciously wrong
  information
• Theft of physical input or output document if
  operator walks away

26
Role Fax Jerry T.

• Vulnerabilities
• Denial of Service
• Unplug phone cord
• Physical injection of noise on the phone line
• Disabling of user id device reader
• As an agent for a POTS denial of service
• Unauthorized firmware update that never completes
  negotiation with remote fax machine.
• Sending huge documents over and over to a machine
• Unauthorized access to faxed data (on network, on
  harddisk, on paper)
• Java applet that secretly prints data, sends data
  to an e-mail address or another phone number.
• Phone line sniffer installed outside building or
  in wiring closet, etc.
• Take output from output hopper of device after
  hours.
• Theft of Service / Unauthorized usage including
  resources (both sending and receive faxes)
• Configuration change to disable security
• User identity theft (e.g. capturing magstripe
  info)
• Rogue MEAP applet capturing magstripe identity
  data
• Corruption/alteration of fax data or meta data
• Adding information to a document making it look
  like it was faxed at a different date/time/phone
  number than it really was.
• Theft of physical input or output if operator
  walks away or machine is unattended

27
Role Managed Device Stuart R.

• Vulnerabilities
• Integrity of devices Logs
• Unauthorized access or alteration of transaction
  log
• Unauthorized deletion of logs
• Configuration management
• Unauthorized firmware updates
• Unlocked operator panel
• SNMP V1 with public community name
• Security management
• BOOTP Server spoofing
• Unlocked Operator Panel
• Unauthorized firmware updates
• Denial of service
• Disabling ports and/or protocols
• Starting a flash memory update cycle without ever
  finishing
• As an agent for denial of service
• Setting a very short interval on a network
  operation (e.g. service discovery broadcasts)
• Theft of security information (e.g. user lists,
  passwords, etc.)
• Use of management application to create
  backdoor to steal identity information

28
Role Network Device Ron B.

• Vulnerabilities
• Agent for a Denial of Service attack (e.g. packet
  flooding)
• Assuming the IP address of a device to cause
  perpetual network errors
• Theft of devices identification (e.g. spoofing)
• Masquerading as the hardcopy device and capturing
  all of its traffic
• Change DNS server to point hardcopy device DNS
  name to another device capture network traffic
• Unauthorized access to the network
• Bridging fax modem to ethernet
• Remote access phone line bridged to ethernet
• Bridging two separate networks together using two
  network adapters in device
• Being capable of being infected by a virus or
  trojan horse
• Running an embedded version of a popular
  operating system which is susceptible to
  viruses/trojan horses.
• Spreading viruses or trojan horses
• Support for executing common file formats
• Device provides an open mail relay function
• Denial of service
• Change IP address to be the same as another
  device on the network to prevent hardcopy device
  from operating.
• Replace Cat5 cable with Cat3 cable in wiring
  closet
• Agent for unauthorized network usage

29
Role / Vulnerability / Exploit Assignments

• 6 Roles assigned to individuals
• Each person will expand list of vulnerabilities
  and exploits
• Can be more than just a bullet especially for
  more complex vulnerabilities and exploits
• Distribute, via mailing list, completed work on
  or before March 1st.

30
What are out expectations of MS contributions?

• An understanding of the system side requirements
  and capabilities of print security.
• How can the spooler be secured?
• Securing print jobs from the client to the server
  is probably out of scope for this project but
  from a customers perspective it is a real issue
  as a part of the total hardcopy security area.
• What are other standards bodies doing that affect
  spooler/print security?
• Without a total system perspective, work done to
  secure the hardcopy devices and the content to
  and from them is ineffective.
• This group would be a good forum for the exchange
  of security requirements both from and to MS.
• Awareness of new tools and capabilities in future
  OS releases that could be used by the Hardcopy
  industry to implement security capabilities.

31
Content of Standard

• Profile based on CC
• Rationale supporting the profile is based on work
  done on Role/Vulnerabilities/Exploits
• Extension of CC to cover hardcopy unique areas
  (e.g. output bin locks)

32
Schedule

• The PAR included estimates of the end-points of
  the schedule
• Sponsor Ballot June 2005
• Submission to RevCom Feb 2006
• Meetings every 6-8 weeks
• Some aligned with other industry/standards
  meetings.
• Proposed Future Meetings
• March 10-11, location NY/NJ
• April 19-20, in conjunction with PWG in
  Washington DC
• May 27-28, in conjunction with PWG in Japan or
  June 2-3, location w/c
• July 22-23, in conjunction with PWG, in Montreal
• September 1-2, location w/c
• October 6-7, Lexington KY
• November 18-19, in conjunction with PWG, location
  w/c

33
2004 PWG Meeting Schedule

• September 20-24 Madison, WI 20 T.B.D. 21
  WBMM22 Plenary / T.B.D.23 T.B.D.24 T.B.D.
• November 15-19 T.B.D. 15 T.B.D. 16
  T.B.D.17 T.B.D.18 P260019 P2600

• April 19-23 Washington, D.C. 19 P2600 20
  P260021 Plenary / T.B.D.22 WBMM23 FSG
• May 24-28 Tokyo, Japan24 T.B.D. 25 WBMM26
  Plenary / T.B.D.27 FSG Japan28 T.B.D.
• July 19-23 Montreal, Canada 19 T.B.D. 20
  WBMM21 Plenary / T.B.D.22 P260023 P2600

34
BACKUP SLIDES
35
Hardcopy Security and the Law
HIPAA The Health Insurance Portability and
Accountability Act (HIPAA) requires health care
organizations to protect the privacy and security
of confidential health information and calls for
standard formats for electronic transactions.
These standardized national requirements apply to
the electronic transmission of patient history
and health records such as health insurance
enrollment detail and claims. The need to
maintain confidentiality and privacy of medical
information and rules for medical document
security, including standards related to data
integrity and encryption, are also outlined in
HIPAA. GLB The Gramm-Leach-Bliley Act (GLB)
contains a Safeguards Rule which requires
financial institutions to have in place a
comprehensive security program to ensure the
security and confidentiality of customer
information. This includes the identification of
employee coordinators, the identification of
foreseeable internal and external risks, the
implementation of safeguards to address the
risks, and the regular adjustment of the programs
in light of developments that may materially
affect the program. SARBANES-OXLEY Sarbanes-Oxley
contains provisions requiring certain levels of
security for the financial records which are used
to create the CEO-signed reports submitted
annually. How these provisions relate to
Hardcopy Device and System Security is TBD.
36
Existing Standards for Hardcopy Security

• No comprehensive standards specific to hardcopy
  security currently exist.
• Components of some existing standards could be
  applied to the hardcopy environment, for example
• Common Criterias Residual information
  protection (FDP_RIP) for the contents of an
  integrated hard disk.
• Common Criterias Cryptographic operation
  (FCS_COP) for sending an encrypted print job.
• Many others
• Some information security policies deal lightly
  with hardcopy security but then only from the
  perspective of information classification.
• However, while these basic functions may be
  useful, they do not address the aggregation of
  functions for a printer such as what is contained
  in ISO/IEC 17799 Information technology Code
  of practice for information security management
  for computers and workstations in general.

37
What is needed?

• Standards for hardcopy security covering all
  aspects of printers and other multifunction
  hardcopy devices and their usage, including
• Applications
• Operating system
• Transmission of the print job or scan job
• Copying
• Job hold for user
• Physical Security
• Device management
• User authentication
• Etc.
• Checklists, guidelines and best practices
  documents to assist IT organizations in planning
  and implementing a hardcopy security plan will
  follow the standard.
• Assessment and Certification standards to measure
  compliance with the above standards will also
  follow.

38
Content of Standard

• Description of the security environments
  (multiple levels) including threats and risks.
• No security
• Office/Small Business Environment (salary list)
• Regulatory security (Bank accounts, medical
  records)
• Top secret (Coke formula, Launch codes, double
  agent list)
• Detail the threats, risks, attack techniques
  (should this include mitigating errors made by
  authorized users?)
• Scenarios Involve end users / consultants in
  creating scenarios
• Internal Threat Agents
• Both malicious, negligent and erroneous actions,
  disabling or defeating protection, etc
• External Threat Agents
• Hacker virus, theft of services, denial of
  services, physical theft, malicious code,
  snooping information, spoofing information, etc.
• Acts of God
• Destruction of equipment, power loss, etc.

39
Content of Standard

• Breakdown into components of the hardcopy device
  and systems. Potentially create additional CC
  classes.
• Classes from CC FAU/FCO/FCS, etc.
• Create other Classes Physical Security, e.g.
  locking covers
• Create profiles based upon the environments using
  the Common Criteria.
• Three protection profiles (one for each level of
  security specified above.)
• Informed but subjective process
• Involvement of end users
• What are the implications of using NIAP as a part
  of this? How would NIAP interpret the profile?
• Initially will include content from the
  perspective of both the developer/manufacturer
  and the end user.

40
Instructions for the WG Chair

• At Each Meeting, the Working Group Chair shall
• Show slides 1 and 2 of this presentation
• Advise the WG membership that
• The IEEEs Patent Policy is consistent with the
  ANSI patent policy and is described in Clause 6
  of the IEEE SA Standards Board Bylaws
• Early disclosure of patents which may be
  essential for the use of standards under
  development is encouraged
• Disclosures made of such patents may not be
  exhaustive of all patents that may be essential
  for the use of standards under development, and
  that neither the IEEE, the WG nor the WG Chairman
  ensure the accuracy or completeness of any
  disclosure or whether any disclosure is of a
  patent that in fact may be essential for the use
  of standards under development.
• Instruct the WG Secretary to record in the
  minutes of the relevant WG meeting
• that the foregoing advice was provided and the
  two slides were shown
• that an opportunity was provided for WG members
  to identify or disclose patents that the WG
  member believes may be essential for the use of
  that standard
• any responses that were given, specifically the
  patents and patent applications that were
  identified (if any) and by whom.

(Not necessary to be shown)
Approved by IEEE-SA Standards Board March 2003