43
PP 3.0 is internationally recognized:
The previous protection profile was not widely
adopted outside the United States, with many
countries developing their own requirements over
the years. This caused a lack of standardization in the
security of peripheral sharing switch products. PP 3.0
is a true international effort, having passed through
agencies and certification bodies from Australia,
Brazil, Canada, France, Germany, Greece, Israel,
Italy, Japan, UK, Poland, Spain, Turkey and NATO.
The boTTom line
This is a good thing, and a significant step toward
more secure networks. But don’t worry—no one
needs to go out and start ripping and replacing non-
PP 3.0 compliant devices. In fact, the first PP 3.0
compliant KVM systems are only just now becoming
available. However, the next time your organization
purchases a secure KVM, ensure that unit complies
with the new protection profile. Your business will be
more secure for it.
Michael Parvin is Product Manager for the Secure and Standard Desktop Products at Emerson Network Power.
He can be reached at
[email protected]The Road To PP 3.0
The National Information Assurance Partnership (NIAP)
understands security threats as well as any such organization
can, but it understands its blind spots—namely seeing security
and security technologies from the perspective of the
companies who rely on those technologies. For that reason,
NIAP typically enlists industry experts from companies that
develop security technologies to help with updates to security
guidelines and requirements.
After receiving concerns from security consultants related to
peripheral device security, NIAP reached out to Emerson
Network Power for assistance with PP 3.0. Emerson’s Michael
Parvin became the technical editor and led the development of
the document that spells out the new protection profile. Parvin
and the PSS Technical Community started their work in January
2014 and met—either in person or via phone—every other week
until the final document was released in January of this year.