Archief - De topics van lang geleden

Which document describes: what the requirements are for an OS according to the CC

20-03-2003, 14:58 door Anoniem, 4 reacties
Hi,

I was wondering if there is a document available, which describes what aspects an OS has to satisfy according to the CC...
For example if an OS wants to satisfy EAL 3, then one has to have a certain auhorization scheme etc.

Because the CC self is quite open, and does not describe what an OS has to satisfy according to a certain level of EAL
Does anyone know if their is a document, which describes what I want to know???
Can someone please help me out?
Reacties (4)
20-03-2003, 15:10 door Anoniem
20-03-2003, 15:11 door Anoniem
"Page last updated: January 1, 1970 GMT"
21-03-2003, 10:32 door Anoniem
The CC itself does not set the requirements, it is more of a set of standard requirements you can use to describe your IT security product.
That said, there are several standard sets of requirements (protection profiles) for OSes:
Controlled Access PP (roughly the old C2 level, this is what MS Win2K is evaluated against, requires discretionary access control i.e. ACLs or similar).
Labelled Security PP (roughly the old B1 level and a proper superset of CAPP, requires mandatory access control)
For both there is a stronger requirements set:
Single-Level resp. Multi-Level Operating Systems in Medium Robustness Environments PP. These PPs mostly add much more assurance requirements on the development process (and are more explicit in the functional requirements).

See for the actual PPs http://niap.nist.gov/cc-scheme/PPRegistry.html#operatingsystem

For more information on the Dutch CC lab, see http://www.commoncriteria.nl/
22-03-2003, 20:04 door Anoniem
Don't forget to be a jack of all trades but master of none.
Reageren

Deze posting is gelocked. Reageren is niet meer mogelijk.