attachment-0001
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#ffffff" text="#000000">
Per my action item from last meeting, please take a look at NIAP's
PP for "network devices" here
<a class="moz-txt-link-freetext" href="http://www.niap-ccevs.org/pp/pp_nd_v1.0/">http://www.niap-ccevs.org/pp/pp_nd_v1.0/</a>.<br>
<br>
It is for infrastructure devices (such as routers or firewalls), and
it covers only the administrative access and control of the device.
It isn't intended to cover the primary function of such devices
(such as routing or blocking network traffic). The purpose of
looking at this document is to get some inkling of NIAP's new
direction for PPs. For example:<br>
<ul>
<li>In addition to "Application Notes" that are found in
traditional PPs (like IEEE 2600.1), there are some detailed
"Assurance Activity" notes. <br>
</li>
<li>Take a look at the FCS class of SFRs and you'll see a lot more
detail (although mainly US-specific) on both product
implementation and on assurance activity. <br>
</li>
<li>They have made quite a few extended components. Alas, they
don't provide any general discussion or rationale for such
extensions, and in some cases I wonder if an extended component
was really needed (who can say? there's no rationale...).</li>
</ul>
<pre class="moz-signature" cols="76">--
Regards,
Brian Smithson
PMP, CSM, CISSP, CISA, ISO 27000 PA
Security Research, Planning
Advanced Customer Technologies
Ricoh Americas Corporation
<a class="moz-txt-link-abbreviated" href="mailto:bsmithson@ricohsv.com">bsmithson@ricohsv.com</a>
(408)346-4435</pre>
<br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body>
</html>