IEEE 2600.1-2009 pdf download IEEE Standard for a Protection Profile in Operational Environment A
HCDs can be implemented in many different configurations, depending on their intended purpose orpurposes. Simple devices have a single purpose plemented by a single function, such as a printer.scanner, copier, or fax machine. Other devices augment a single primary purpose with additional secondaryfunctions, such as a fax machine that can also be used to make copies, or a copier that can also be used as aprinter. Complex multifunction devices fulfill multiple purposes by using multiple functions in differentcombinations to perform the operations of several single-function devices
Some HCDs have additional functions that enhance their capabilities, such as hard disk drives or othernonvolatile storage systems,document server functions, or mechanisms for manually or automaticallyupdating the HCD’s operating software, All HCDs considered in this Protection Profile are assumed toprovide the capability for appropriately authorized users to manage the security features of the HCD.
4.2Typical usage
HCDs can be used in a wide variety of environments, such as:
Home use by consumers
Home or office use by small businesses
Office use by medium or large organizations
Self-service use by the public in retail copy shops, libraries, business centers, or educationalinstitutions
Production use by commercial service providersHCDs may contain or process valuable or sensitive assets that need to be protected from unauthorizeddisclosure and alteration. The utility of the device itself may be considered a valuable asset which alsoneeds to be protected. There is also a need to ensure that the HCD cannot be misused in such a way that itcauses harm to devices with which it shares network connections
However, cach environment ay place a diflerent value on those assets, make diflerent assumptions aboutsecurity-relevant factors such as physicalsecurity and administrator skill, face threats of differing approachand sophistication,and bedifferent extermalegal,regulatory,or policy requirements. It is notpractical to fulfill one set of Security Objectives for all environments, and therefore, IEEE Std 2600-2008has defined several environmentsthat formthe basis for several Protection Profile standards in theIEEE Std 2600 series. A complete description of those environments can be found in IEEE Std 2600-2008.
This Protection Profile and associated SFR Packages address the requirements of Operational Environmentgenerally characterizedA,Operational Environmentrestrictive commercial informationprocessing environment in which a relatively high level of document security, operational accountability.and information assurance are required, Typical information processed in this environment is trade secret.mission-critical, or subject to legal and regulatory considerations such as for privacy or governance. Thisenvironment is not intended to support life-critical or national security applications
5. TOE overview (APE INT)
5.1TOE functions
To facilitate the creation of Security Targets or Protection Profiles that can be used for many types andconfigurations of HCDs, this standard is composed of a Protection Profile that describes the genericsecurity problem, objectives, and security functional requirements of all HCDs, and a set of named SFR
IEEE 2600.1-2009 pdf download
PS:Thank you for your support!
