wayne@tecnet1.jcte.jcs.mil (11/21/90)
Has SunOS MLS been certified by NCSC at one of the orange book levels? If not, does anyone know if it has been submitted for certification? If so, what level is being sought (B1, B2, B3, C1, C2?). I've also seen several references that auditing extensions that meet "some" of the C2 requirements are available on the distribution tape as an option. I assume this means that the extensions meet some of the C2 extensions but that the system has not been submitted for certification??? Is there anything more to it than that? Thanks in advance for anyone who can help clear up the fog. My sales rep readily admits this is out of his normal set of every day questions...
boyter@uunet.uu.net (Maj Brian Boyter) (11/30/90)
wayne@tecnet1.jcte.jcs.mil writes: >Has SunOS MLS been certified by NCSC at one of the orange book levels? If >not, does anyone know if it has been submitted for certification? If so, >what level is being sought (B1, B2, B3, C1, C2?). I'm pretty sure that the final NCSC B1 approval has been received... MLS was submitted for certification at B1 a long time ago... >I've also seen several references that auditing extensions that meet >"some" of the C2 requirements are available on the distribution tape as an >option. I assume this means that the extensions meet some of the C2 >extensions but that the system has not been submitted for certification??? >Is there anything more to it than that? Vanilla SunOS does not strictly meet all C2 requirements (for example, when you print the classification goes at the top/bottom of page, the classification is supposed to be on the screen, etc)... SunOS was never submitted to the NCSC for certification... >Thanks in advance for anyone who can help clear up the fog. My sales rep >readily admits this is out of his normal set of every day questions... I'm not sure what you are trying to do, but I have about 50 Sun workstations, on the Dodiis network, accredited by DIA for SCI processing. They all have SunOS with the C2 options (auditing and password hiding) turned on... If you need 'systems-high' processing, then you probably can get accredited by DIA with just SunOS and the C2 options... If you need strict C2 compliance, then you need MLS... If you need MultiLevel Processing, then you need MLS... If you want to do MultiLevel Processing on a network, then you need the CMW (compartmented mode workstation)... If your salesperson doesn't know what these are, then you need a new salesperson :-) Maj. Brian A Boyter US Army Foreign Science & Technology Center boyter@fstc-chville.army.mil ||