ࡱ; N  !"#$%&'()*+-./0123456789:;<=>?@ABCDEFGHIJKLMOPRoot Entry  !r\V)䰱 PresentationStarImpress 5.0"umSfxDocumentInfo  (01UB )01 uK Info 0 Info 1 Info 2 Info 3 (01UB0< TASK,0,1,H 1,0,100,1,Oh+'0 h t 6@ݿ@)@7@:N XOutdevItemPool 1   )     &'()*+,-./06789:;UVWXYZ[\]c !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstt      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefd0\'@qXX',@X'.@2XXX' @X'@Arrow ArrowddXXXS'c@(ArrowddXX'.@^,XXX'"@,XX'@XX'@X @ @  @! @7 @M @c @y'@XX'b@̙XX X2XD'6@O22ddX'(@X'"@BMvv(@@SD@x^SI 0 s\ z 46ZBn8x)1̔.<觔B+̄ ޢ40:prf |q]~+H~|WFMbP@aoCē[ȡz6~U{߃**<@ XXXX X&77<@ XXXX X&HH @ +' +'' +'+' ' XXX X&X,XDXVXbXnff@JJKKJJKKJJKKQQVVJJKKJJKKJJKKJJKK JJKKXX X2XPXbXtXX8p)W "8bFt$:Pf|,BXn4J`vL t   . D Z z  * @ V l b P))EditEngineItemPool 6f $07g*|@m, ",StarBatsN -",StarBatsN -",StarBatsN -"` ` ,StarBatsN -" ,StarBatsN -",StarBatsN -"hh,StarBatsN -",StarBatsN -",StarBatsN -"pp,StarBatsN - "X,StarBatsN -",StarBatsN -",StarBatsN -"` ` ,StarBatsN -" ,StarBatsN -",StarBatsN -"hh,StarBatsN -",StarBatsN -",StarBatsN -"pp,StarBatsN - ",StarBatsN -",StarBatsN -",StarBatsN -"` ` ,StarBatsN -" ,StarBatsN -",StarBatsN -"hh,StarBatsN -",StarBatsN -",StarBatsN -"pp,StarBatsN - Z"|,StarBatsN -"|,StarBatsN -` ` ,StarBatsN K",StarBatsN -,StarBatsN K"pp,StarBatsN -"  ,StarBatsN -" ,StarBatsN -"%%,StarBatsN -"0*0*,StarBatsN -Z r,StarBats -r,StarBats -r,StarBats -r ,StarBats -r,StarBats -r,StarBats -rpp,StarBats -rXX,StarBats -r@@,StarBats -r(#(#,StarBats - "XX,StarBatsi -",StarBatsi -",StarBatsi -"` ` ,StarBatsi -" ,StarBatsi -",StarBatsi -"hh,StarBatsi -",StarBatsi -",StarBatsi -XX.XNXn XX @,@, XXq@ .FdddRdddxddDd  xdddxYdddY ddd YDdddYD dddYD dddYD 8ddd8YDXdddXYDxdddxYD!ddd!YDXX!X4XGX`XyXXXXXXX(<( n@ .\  XXXX X&X,X2X8X>XD ( /@ 0 StarBats!"- StarBats!"- StarBatsX!"- StarBats !K StarBatsX!"-  StarBats!r-  StarBats!"- , StarBatsX!"-  StarBatsX!KXXGXXXX+XdXX@'@73dddddXdddd,dd|d@ddd`  dddhddddddpddd  xddd (#ddd% 'ddd0* dddX WdddX dddYdddY|` ddd` YdddYdddYpdddpY ddd Y ddd Y%ddd%YXdddddd0*ddd0*YXX!X4XGXZXmXXXXXXXXXX1XJXcX|XXXXXX XA'@4ddddddddddddd,ddd dddXXX&X2X>XJXVXb1'@V4dX+'(@4! XXX' @4!'@4X'@4TimesX' @ 5 Nd 4d d d {d d d hd 2d d d id XXX"X,X6X@XJXTX^XhXrX|?( @5'@5XX'@ 6X'@*6X'@N6XX'@q6X'@6X%' @6S' @6"' @6' @6 @7@7!X{(c@7 pJhttp://csrc.ncsl.nist.gov/cchttp://csrc.ncsl.nist.gov/ccW!X!XSF k !!!" "?"g"""""""#1#P<g* "XX,StarBatsN -",StarBatsN -",StarBatsN -"` ` ,StarBatsN -" ,StarBatsN -",StarBatsN -"hh,StarBatsN -",StarBatsN -",StarBatsN -"pp,StarBatsN - ( StarBats!"-!''Times'Od 08s2 +KStandardStandard#'''''''''''''''+;(,,--..g* (@'A'1'+'!'''''''''Object with arrowStandardObject with arrow'''''''Object with shadowStandardObject with shadow+;(,,--..Object without fillStandardObject without fill'TextStandardText'' Text bodyStandard Text body'''Text body justfiedStandardText body justfied''+'First line indentStandardFirst line indent''g*@'TitleStandardTitle'''Title1StandardTitle1 '''+;(,,--..+''Title2StandardTitle2 ''+;(,,--..g*@'A'+''HeadingStandardHeading''A''Heading1StandardHeading1''A'''Heading2StandardHeading2''A''''Dimension LineStandardDimension Line'''''''Home~LT~Gliederung 1Home~LT~Gliederung 1''g*@'A'+'!'''''''''Home~LT~Gliederung 2Home~LT~Gliederung 1Home~LT~Gliederung 2@'A'' Home~LT~Gliederung 3Home~LT~Gliederung 2Home~LT~Gliederung 3@'A''Home~LT~Gliederung 4Home~LT~Gliederung 3Home~LT~Gliederung 4@'A'' Home~LT~Gliederung 5Home~LT~Gliederung 4Home~LT~Gliederung 5@'A'' Home~LT~Gliederung 6Home~LT~Gliederung 5Home~LT~Gliederung 6@'A'' Home~LT~Gliederung 7Home~LT~Gliederung 6Home~LT~Gliederung 7@' A'' Home~LT~Gliederung 8Home~LT~Gliederung 7Home~LT~Gliederung 8@' A'' Home~LT~Gliederung 9Home~LT~Gliederung 8Home~LT~Gliederung 9@' A'' Home~LT~Titel Home~LT~Titel''QQg*+'!''' ''''''Home~LT~UntertitelHome~LT~Untertitel''QQg*@' +'!''' ''''''Home~LT~NotizenHome~LT~Notizen ''!'''''''''Home~LT~HintergrundobjekteHome~LT~Hintergrundobjekte+;(,,--..Home~LT~HintergrundHome~LT~Hintergrund''TitleTitle@SubtitleSubtitle@Background objectsBackground objects@ Background Background@NotesNotes@ Outline 1 Outline 1@ Outline 2 Outline 1 Outline 2@ Outline 3 Outline 2 Outline 3@ Outline 4 Outline 3 Outline 4@ Outline 5 Outline 4 Outline 5@ Outline 6 Outline 5 Outline 6@ Outline 7 Outline 6 Outline 7@ Outline 8 Outline 7 Outline 8@ Outline 9 Outline 8 Outline 9@tPDP8> p< n  x H t & Y %DrMd==JoeMn0(01IB)01)01ODrLy LAYER_LAYOUTDrLy LAYER_BCKGRNDDrLy LAYER_BACKGRNDOBJDrLyLAYER_CONTROLSDrLy!LAYER_MEASURELINESDrMP'JoeMlVTDrML DrOb<SVDr&y1A&DrOb<SVDr&;LdA&DrOb<SVDr&y.1LDrOb<SVDr&;.LdLDrXXgg fHome~LT~GliederungDrMPJoeM`mRDrML DrObSVDr&_mR'Home~LT~Hintergrund_mRDrObSVDr& oe! Home~LT~Titel oepxV4B1[#Click to edit the title text format Home~LT~Titel<( (@'DrObWSVDr& oe{J(Home~LT~Gliederung 1 oe{J xV4B1 %Click to edit the outline text formatHome~LT~Gliederung 1<( ( @'Second Outline LevelHome~LT~Gliederung 2<( (@'Third Outline LevelHome~LT~Gliederung 3<( ( @'Fourth Outline LevelHome~LT~Gliederung 4 <( ( @'Fifth Outline LevelHome~LT~Gliederung 5 <( ( @'Sixth Outline LevelHome~LT~Gliederung 6 <( ( @'Seventh Outline LevelHome~LT~Gliederung 7<( ( @'Eighth Outline LevelHome~LT~Gliederung 8<( ( @'Ninth Outline LevelHome~LT~Gliederung 9<(  ( @' DrXXgg ^Home~LT~GliederungDrMPJoeMVTlDrML DrObSVDr&T C(0! Home~LT~TitelT C(0dxV4B1OClick to move the slide Home~LT~Titel<( (@'DrObSVDr& 3G"]#Home~LT~Notizen 3G"]mxV4B1XClick to edit the notes formatHome~LT~Notizen<( ( @' DrXXgg VHome~LT~GliederungDrPgcJoeMlVTDrML8DrMD,DrXX Handoutsgg FHome~LT~GliederungDrPgeJoeM`mRDrML8DrMD,DrObSVDr&=e01! Home~LT~Titel=e01xV4B1s#Mapping TCSEC to Common Criteria Home~LT~Titel<( (@' !!""#DrXXgg JHome~LT~GliederungDrPguJoeMVTlDrML8DrMD,DrOb<SVDr&T C(0DrObLSVDr& 3G#]#Home~LT~Notizen 3G#]xV4B1Demonstrate the use of the Common Criteria as it applies to accreditation of a new system or reaccredition of a legacy C2 system.Home~LT~Notizen<( (@' DrXXgg VHome~LT~GliederungDrPg-JoeM`mRDrML8DrMD,DrObSVDr& oe! Home~LT~Titel oerxV4B1]%Common Criteria Accreditation Process Home~LT~Titel<( (@'DrObSVDr& oe|J& Home~LT~Untertitel~ oe|J_xV4B1FObtain Protection Profile Home~LT~Untertitel<( (@' +'' 4Refine Protection Profile to create Security Target Home~LT~Untertitel<( (@' +'' Security Target AccreditationHome~LT~Untertitel<( (@' +'' DrXXgg NHome~LT~GliederungDrPgjJoeMVTlDrML8DrMD,DrOb<SVDr&T C(0DrObISVDr& 3G#]# Home~LT~Notizen 3G#]xV4B13 stepsHome~LT~Notizen<( (@' '8the next slides will explain this process in more depthHome~LT~Notizen<( (@' 'DrXXgg NHome~LT~GliederungDrPgJoeM`mRDrML8DrMD,DrObSVDr& oe! Home~LT~Titel oedxV4B1OProtection Profile (PP) Home~LT~Titel<( (@'DrObSVDr& oe|J& Home~LT~Untertitel[ oe|J<xV4B1%^Required for accreditation or re-accreditation of systems to meet new Common Criteria standardHome~LT~Untertitel<( (@' +'>PP defines mandatory requirements with flexible implementationHome~LT~Untertitel<( (@'+'DrXXgg VHome~LT~GliederungDrPgJoeMVTlDrML8DrMD,DrOb<SVDr&T C(0DrObtSVDr& 3Gg#Home~LT~Notizen 3GgxV4B1&First component of accreditation is PPHome~LT~Notizen<( (@' SSimply a template that defines mandatory requirements with flexible implementationsHome~LT~Notizen<( (@' Home~LT~Notizen<( (@' for ex.Home~LT~Notizen<( (@' fA Mandatory requirement is: an audit log must notify administrator when a storage threshold is reachedHome~LT~Notizen<( (@' ^The Flexible part:allows you to specify how full the log can get before notification of adminHome~LT~Notizen<( (@' Home~LT~Notizen<( (@' Home~LT~Notizen<( (@' DrXXgg RHome~LT~GliederungDrPg"JoeM`mRDrML8DrMD,DrObSVDr& oe! Home~LT~Titel oesxV4B1^&Protection Profile to Security Target Home~LT~Titel<( (@'DrObSVDr& oe|J& Home~LT~Untertitelr oe|JS xV4B1. Protection Profile:Home~LT~Untertitel<( (@' +'1The TSF shall generate an alarm to the authorizedHome~LT~Untertitel<( (@' +'6administrator if the audit trail exceeds [assignment: Home~LT~Untertitel<( (@' +'(6pre-defined limit]Home~LT~Untertitel<( (@' +'Home~LT~Untertitel<( (@' +'Security Target:Home~LT~Untertitel<( (@' +'1The TSF shall generate an alarm to the authorizedHome~LT~Untertitel<( (@' +'.administrator if the audit trail exceeds 10mb.Home~LT~Untertitel<( (@' +')-Home~LT~Untertitel<( (@' +'DrXXgg VHome~LT~GliederungDrPgeJoeMVTlDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizeni 3G#]JxV4B11BSecurity Target is a document generated by the refinement of a PPHome~LT~Notizen<( ( @' ex pp requirementHome~LT~Notizen<( ( @' Bwhen flexible portions are filled in, it becomes a Security TargetHome~LT~Notizen<( ( @' DrXXgg VHome~LT~GliederungDrPgBJoeM`mRDrML8DrMD,DrObSVDr& oe! Home~LT~Titelo oePxV4B1;TOE Home~LT~Titel<( (@'DrObSVDr& oe|J& Home~LT~Untertitel oe|JxV4B1{XProtection Profile TOE: General class of systems that the Protection Profile refers to. Home~LT~Untertitel<( (@' +'Home~LT~Untertitel<( (@' +'2Security Target TOE: A specifically defined systemHome~LT~Untertitel<( (@' +'Home~LT~Untertitel<( (@' +'DrXXgg VHome~LT~GliederungDrPgfJoeMVTlDrML8DrMD,DrOb<SVDr&T C(0 DrObSVDr& 3G#]#Home~LT~Notizenj 3G#]KxV4B1*"PP TOE - general class of systems Home~LT~Notizen<( ( @' Ex.Home~LT~Notizen<( ( @' *PP TOE-A distrbuted processing environmentHome~LT~Notizen<( ( @' Home~LT~Notizen<( ( @' ST TOE-DIMHRSHome~LT~Notizen<( ( @' Home~LT~Notizen<( ( @' nST TOE is actually more fleshed out with functionality and architecture of the system described in more detailHome~LT~Notizen<( ( @' DrXXgg VHome~LT~GliederungDrPguJoeM`mRDrML8DrMD,DrObSVDr& oe! Home~LT~Titel oexV4B1n.Mapping C2 accreditedation to Common Criteria Home~LT~Titel<( (@'DrObSVDr& oe|J& Home~LT~Untertitel/ oe|JxV4B1>Obtain NIAP certified Protection Profile (CAPP 1.d) from Home~LT~Untertitel<( (@' +' >=>#Apply Protection Profile to system Home~LT~Untertitel<( (@' +' #8Refinement of Protection Profile creates Security TargetHome~LT~Untertitel<( (@'+' 8+Insert Security Target into DITSCAP processHome~LT~Untertitel<( (@' +' +DrXXgg RHome~LT~GliederungDrPgJoeMVTlDrML8DrMD,DrOb<SVDr&T C(0 DrOb]SVDr& 3Gh`#Home~LT~Notizen 3Gh`xV4B1gApplication of Protection Profile to the system basically consists of defining the configurable optionsHome~LT~Notizen<( ( @' Home~LT~Notizen<( ( @' :CAPP 1.d(Controlled Access Protection Profile) maps to C2Home~LT~Notizen<( ( @' Home~LT~Notizen<( ( @' #DITSCAP not created with CC in mindHome~LT~Notizen<( ( @' %not yet known how the CC will fit in.Home~LT~Notizen<( ( @' wthe Security Target document is still useful, as it will fufill the Security Requirements Document portion of the SSAA.Home~LT~Notizen<( ( @' DrXXgg RHome~LT~GliederungDrPgJoeM`mRDrML8DrMD,DrObSVDr& oe! Home~LT~Titel oeyxV4B1d, Mapping B1 accreditation to Common Criteria Home~LT~Titel<( (@'DrObSVDr& oe|J& Home~LT~UntertitelP oe|J1xV4B1(Primary difference is Protection ProfileHome~LT~Untertitel<( (@' +'LSPP 1.bHome~LT~Untertitel<( (@'+'More requirements than CAPP 1.dHome~LT~Untertitel<( (@'+'DrXXgg RHome~LT~GliederungDrPgwJoeMVTlDrML8DrMD,DrOb<SVDr&T C(0 DrObNSVDr& 3G#]#Home~LT~Notizen 3G#]xV4B1*LSPP (Labeled Security Protection Profile)Home~LT~Notizen<( (@' &Adds security requirements to CAPP1.dHome~LT~Notizen<( (@' DrXXgg VHome~LT~GliederungDrXXFGeneric PrinterSGENPRT PostScriptH`Tl`Tld,,lprdefault_queueSGENPRT DrVwP SVDr SVDr:SVDr{{SVDrALayout:SVDr{{SVDr#SVDr SVDr# SVDr0 SVDr1 SVDr3 SVDr4SVDr@SVDr SVDrD SVDrP SVDrQ DrHL DrHL DrHL "um Root Entry!r\V)䰱CompObjEOle persist elements"SfxDocumentInfo uSfxWindowsSfxStyleSheetsKSummaryInformation((StarDrawDocument3$,B