C2 security ==>
<security, standard> A standard from the US Government National Computer
Security Council (an arm of the U.S. National Security Agency), "Trusted
Computer System Evaluation Criteria, DOD standard 5200.28-STD, December 1985"
which defines criteria for trusted computer products. There are four levels, A,
B, C, and D. Each level adds more features and requirements.
D is a non-secure system.
C1 requires user log-on, but allows group ID.
C2 requires individual log-on with password and an audit mechanism. (Most Unix
implementations are roughly C1, and can be upgraded to about C2 without
Levels B and A provide mandatory control. Access is based on standard Department
of Defense clearances.
B1 requires DOD clearance levels.
B2 guarantees the path between the user and the security system and provides
assurances that the system can be tested and clearances cannot be downgraded.
B3 requires that the system is characterised by a mathematical model that must
A1 requires a system characterized by a mathematical model that can be proven.
See also crayola books, book titles.
Oracle Parallel Server « Oracle Rdb « Oracle Toolkit
Orange Book » ORB » Orbit » Orca