What people are saying - Write a review
We haven't found any reviews in the usual places.
access control lists additional requirements ADP system and/or assurance and documentation audit data audit record audit trail auditing mechanism auditing subsystem authentication data authorized users Complete Security System Computer Security Center computer security subsystems contained in Section D2 class DAC subsystem DAC/D2 class Description of Subsystem Discretionary Access Control documentation requirements listed feature requirements Features User’s Guide Global Description hardware I&A mechanism I&A subsystem identiﬁcation and authentication implemented larger system environment named individuals National Computer Security NCSC Object Reuse Subsystems perform previously used storage protected system protection mechanisms Rationale/Discussion required supporting functions requirement applies requirements and interpretations requirements are contained Requirements for Auditing Requirements for DAC Requirements for I&A Requirements for Object requirements in Sections Role Within Complete Security Features User’s Speciﬁc storage objects Subsystem Features subsystems evaluated Subsystems Subsystems system administrator System Architecture D2 tamperproof TCSEC Quote TCSEC requirements Trusted Facility Manual users or groups vendor shall set
Page 35 - Approval/Accreditation - The official authorization that is granted to an ADP system to process sensitive information in its operational environment, based upon comprehensive security evaluation of the system's hardware, firmware, and software security design, configuration, and implementation and of the other system procedural, administrative, physical, TEMPEST, personnel, and communications security controls.
Page 24 - The TCB shall contain a mechanism that is able to monitor the occurrence or accumulation of security auditable events that may indicate an imminent violation of security policy. This mechanism shall be able to immediately notify the security administrator when thresholds are exceeded and, if the occurrence or accumulation of these • Interpretation This criterion applies as stated.
Page 22 - For identification/authentication events the origin of request (eg, terminal ID) shall be included in the audit record. For events that introduce an object into a user's address space and for object deletion events the audit record shall include the name of the object. The ADP system administrator shall be able to selectively audit the actions of any one or more users based on individual identity.
Page 33 - Design Documentation Documentation shall be available that provides a description of the manufacturer's philosophy of protection and an explanation of how this philosophy is translated into the TCB. If the TCB is composed of distinct modules, the interfaces between these modules shall be described.
Page 10 - The enforcement mechanism (eg, access control lists) shall allow users to specify and control sharing of those objects, and shall provide controls to limit propagation of access rights. The discretionary access control mechanism shall, either by explicit user action or by default, provide that objects are protected from unauthorized access. These access controls shall be capable of specifying, for each named object, a list of named individuals and a list of groups of named individuals with their...
Page 35 - Certification - The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meet a set of specified security requirements.
Page 11 - These access controls shall be capable of specifying, for each named object, a list of named individuals and a list of groups of named individuals with their respective modes of access to that object. Furthermore, for each such named object, it shall be possible to specify a list of named individuals and a list of groups of named individuals for which no access to the object is to be given.
Page 10 - The discretionary access control mechanism shall, either by explicit user action or by default, provide that objects are protected from unauthorized access. These access controls shall be capable of including or excluding access to the granularity of a single user.
Page 18 - The TCB shall require users to identify themselves to it before beginning to perform any other actions that the TCB is expected to mediate. Furthermore, the TCB shall maintain authentication data that includes information for verifying the identity of individual users (eg, passwords) as well as information for determining the clearance and authorizations of individual users. This data shall be used by the TCB to authenticate the user's identity...