Rating Maintenance Phase: Program Document

Front Cover
National Computer Security Center, 1989 - Computer security - 85 pages
The National Computer Security Center has established an aggressive program to study and implement computer security technology, and to encourage the wide-spread availability of trusted computer products for use by any organization desiring better protection of their important data. The Trusted Product Evaluation Program, and the open and cooperative business relationship being forged with the computer and telecommunications industries, will result in the fulfillment of our country's computer security requirement. We are resolved to meet the challenge of identifying trusted computer products suitable for use in protecting information. "Rating Maintenance Phase Program Document" is the latest in the series of technical guidelines published by the National Computer Security Center. The Rating Maintenance Phase (RAMP) of the Trusted Product Evaluation Program provides for the maintenance of computer security ratings across product revisions. This document describes RAMP for current and prospective vendors of trusted systems. The primary objectives are to provide formal statements of program requirements and to provide guidance on addressing them.
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Other editions - View all

Common terms and phrases

Popular passages

Page 28 - ... allows managers to trace system changes and establish the history of any developmental problems and associated fixes. Configuration accounting also tracks the status of current changes as they move through the configuration control process. Configuration accounting establishes the granularity of recorded information and thus shapes the accuracy and usefulness of the audit function. The accounting function must be able to locate all possible versions of a Cl and all of the incremental changes...
Page 26 - Configuration control is a means of ensuring that system changes are approved before being implemented, that only the proposed and approved changes are implemented, and that the implementation is complete and accurate. This involves strict procedures for proposing, monitoring, and approving system changes and their implementation. Configuration control entails central direction of the change process by personnel...
Page i - Trusted Computer System Evaluation Criteria. This program, and an open and cooperative business relationship with the computer and telecommunications industries, will result in the fulfillment of our country's information systems security requirements. We resolve to meet the challenge of identifying trusted computer products suitable for use in processing delicate information.
Page 24 - ... record and report the status of change processing and implementation. Configuration management involves process monitoring, version control, information capture, quality control, bookkeeping, and an organizational framework to support these activities. The configuration being managed is the verification system plus all tools and documentation related to the configuration process.
Page 26 - ... the proposed and approved changes are implemented, and the implementation is complete and accurate. This involves strict procedures for proposing, monitoring, and approving system changes and their implementation. Configuration control entails central direction of the change process by personnel who coordinate analytical tasks, approve system changes, review the implementation of changes, and supervise other tasks such as documentation. CONFIGURATION ACCOUNTING Configuration accounting documents...
Page 28 - CI at any specific time. The associated records must include commentary about the reason for each change and its major implications for the verification system. Configuration Audit Configuration audit is the quality assurance component of configuration management. It involves periodic checks to determine the consistency and completeness of accounting information and to verify that all configuration management policies are being followed. A vendor's configuration management program must be able to...
Page 25 - ... management involves process monitoring, version control, information capture, quality control, bookkeeping, and an organizational framework to support these activities. The configuration being managed is the verification system plus all tools and documentation related to the configuration process. Four major aspects of configuration management are configuration identification, configuration control, configuration status accounting, and configuration auditing. CONFIGURATION IDENTIFICATION Configuration...
Page 24 - ... 2) manage all changes to these characteristics; and 3) record and report the status of change processing and implementation. Configuration management involves process monitoring, version control, information capture, quality control, bookkeeping, and an organizational framework to support...
Page 28 - ... verification system. CONFIGURATION AUDIT Configuration audit is the quality assurance component of configuration management. It involves periodic checks to determine the consistency and completeness of accounting information and to verify that all configuration management policies are being followed. A vendor's configuration management program must be able to sustain a complete configuration audit by an NCSC review team. CONFIGURATION MANAGEMENT PLAN Strict adherence to a comprehensive configuration...
Page 28 - Cl at any specific time. The associated records must include commentary about the reason for each change and its major implications for the verification system. CONFIGURATION AUDIT Configuration audit is the quality assurance component of configuration management. It involves periodic checks to determine the consistency and completeness of accounting information and to verify that all configuration management policies are being followed. A vendor's configuration management program must be able to...

Bibliographic information