IEEE Selects ATSEC to Certify Protection Profiles for New Information Security Standard
2008-04-29(via BusinessWire)
PISCATAWAY, N.J. -- The IEEE Standards Association has selected an independent laboratory, ATSEC Information Security Corporation, to test and certify the protection profiles being developed to work with the recently approved standard, IEEE 2600™, "Standard for Information Technology: Hardcopy System and Device Security."
The IEEE 2600 standard defines security requirements (including but not limited to authentication, authorization, privacy, integrity, device management, physical security and information security) for manufacturers, users and others on the selection, installation, configuration and usage of hardcopy devices and systems, including printers, copiers, and multifunction devices.
In addition to the main standard, the four protection profiles currently being developed concern the security requirements of different types of devices. A protection profile is a combination of threats, security objectives, assumptions, security functional requirements, security assurance requirements, assumptions, and rationales.
"In security matters, it's not always enough to have a standard," said Don Wright, Chair of the IEEE 2600 Working Group. "A standard usually involves protocols and hardware, but that won't necessarily protect a document. Corporate enterprises and government agencies need protection profiles, and they like to see them independently verified and certified.
"We expect ATSEC's first review of the protection profiles to be completed by the end of the year," said Wright. "This will help us to create the next revision of the protection profiles, which will to be used to further enhance their document security provisions."
The IEEE 2600 standard and the four protection profiles are being developed by the Hardcopy Device and System Security Working Group, a standards project sponsored by the IEEE Information Assurance Standards Committee of the IEEE Computer Society.
[Editors - For additional information, please see the backgrounder, IEEE 2600™, "Standard for Information Technology: Hardcopy System and Device Security" at: http://standards.ieee.org/announcements/bkgnd_ieee2600.html]
About the IEEE Standards Association
The IEEE Standards Association, a globally recognized standards-setting body, develops consensus standards through an open process that brings diverse parts of industry together. These standards set specifications and procedures based on current scientific and technological consensus. The IEEE-SA has a portfolio of over 870 active standards and more than 400 standards under development. For information on IEEE-SA see: http://standards.ieee.org/.
About the IEEE
The IEEE (Institute of Electrical and Electronics Engineers, Inc.) is the world’s largest technical professional society. Through its more than 375,000 members in 160 countries, the organization is a leading authority on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. Dedicated to the advancement of technology, the IEEE publishes 30 percent of the world’s literature in the electrical and electronics engineering and computer science fields, and has developed nearly 900 active industry standards. The organization annually sponsors more than 850 conferences worldwide. Additional information about the IEEE can be found at http://www.ieee.org.
About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany and Sweden.
atsec offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada; and compliance validation to the Payment Card Industry (PCI) Data Security Standard.
atsec also offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services.
atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf.
