mwm@raybed2.msd.ray.com (mwm) (01/17/91)
Hi folk, Hope someone can help me out there. We're converting to Ultrix 4.x and I need to know how DEC gets C2 compliance (DIS security rating) for running on a secure system with no apparent modifications for printing classified output. From what I've been able to surmise, nothing special was done with the lpr subsystem to handle classified output (i.e. marked banner pages, classification headers and footers on each page, logging classification of job). We're running modified source 3.1 right now and we make mods to the lpr subsystem to handle this stuff, but I can't figure out what DEC did to handle it in 4.x. Any help or pointers would be immensely appreciated. Thanks in advance, Mark -- *Mark Marino * The old ranger weathered the storm and he topped the *mwm@raybed6.msd.ray.com * rise by the middle of morn. He saw rippled dunes, *Raytheon Co. * calm and surreal, and a glint of a solitary shaft of *Tewksbury, MA * chromium steel. The Golden Age of Leather
barmar@think.com (Barry Margolin) (01/18/91)
In article <1991@raybed2.msd.ray.com> mwm@raybed2.msd.ray.com (mwm) writes: > Hope someone can help me out there. We're converting to Ultrix 4.x and >I need to know how DEC gets C2 compliance (DIS security rating) for running >on a secure system with no apparent modifications for printing classified >output. Has Ultrix 4.x actually been rated? In any case, the C2 security rating doesn't require distinguishing between security levels. Mandatory security levels are introduced in the B ratings. If I remember correctly (it has been several years since the Multics B2 project that I was involved with), the main features of the C ratings are discretionary access control, protection of security information, and auditing. -- Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar