Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments
DOD Computer Security Center, 1985 - Computer security - 13 pages
What people are saying - Write a review
We haven't found any reviews in the usual places.
Acknowledgment additional applications appropriate associated authorization of system authorized access Categories Containing Secret classification classified data clearance or authorization cleared compartmented information Computer Security Center computer security requirements Computer System Evaluation Confidential Configuration control count damage DAMI-CIC data processed Defense DoD Defense Trusted Computer defined definition Department of Defense developers disparity document DoD Computer Security DoDCSC firmware hardware identifying the minimum indicates individual introduced malicious logic introduction of malicious involved James least a class Limited Access loss malicious logic Manual maximum classification MAXIMUM DATA SENSITIVITY maximum sensitivity minimum class minimum clearance MINIMUM USER CLEARANCE mode of operation mode The mode Multilevel personnel present protection RATING SCALE REFERENCES reviewed SCALE FOR MAXIMUM security mode sensitive or classified sensitivity level Specific sufficient clearance System Evaluation Criteria System High system is required system users TABLE Top Secret Data Trusted Computer System types of compartmented unclassified warranted
Page 4 - ... 2) configuration control does not provide sufficient assurance that applications are protected against the introduction of malicious logic prior to and during the operation of system applications.
Page 5 - Mode — the mode of operation in which system hardware and software is only trusted to provide discretionary protection between users. In this mode, the entire system, to include all components electrically and/or physically connected, must operate with security measures commensurate with the highest classification and sensitivity of the information being processed and/or stored. All system users in this environment must possess clearances and authorization for all information contained in the system.
Page 4 - When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time.
Page 5 - An assembly of computer hardware, firmware, and software configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing, and retrieving data with a minimum of human intervention.
Page 5 - Sensitive Information - Information that, as determined by a competent authority, must be protected because its unauthorized disclosure, alteration, loss, or destruction will at least cause perceivable damage to someone or something. Sensitivity...
Page 4 - Malicious Logic Hardware, software, or firmware that is intentionally included in a system for the purpose of causing loss or harm.
Page 3 - ... acceptable presumption that they have not introduced malicious logic. Sufficient clearance is defined as follows: where the maximum classification of data to be processed is Confidential or below, developers are cleared and authorized to the same level as the most sensitive data; where the maximum classification of data to be processed is Secret or above, developers have at least a Secret clearance.
Page 1 - The resulting analysis is used as a basis for identifying appropriate and effective measures. risk index The disparity between the minimum clearance or authorization of system users and the maximum sensitivity (for example, classification and categories) of data processed by a system.
Page 4 - Mode-The mode of operation that is a type of multilevel security in which a more limited amount of trust is placed in the hardware/software base of the system, with resultant restrictions on the classification levels and clearance levels that may be supported.