NCKUS089@TWNMOE10.BITNET (Mac Su-Cheong) (05/31/91)
Dear Netters May someone please give me information on DOD Computer Security Center ? Is it possible to get reports or papers of DOD ? Thanks in advance. MSC - --- Mac Su-Cheong nckus089@twnmoe10 msc@sun4.ee.ncku.edu.tw
nautilus@jec310.its.rpi.edu (John M Twilley) (06/07/91)
NCKUS089@TWNMOE10.BITNET (Mac Su-Cheong) writes: > May someone please give me information on DOD Computer Security Center ? >Is it possible to get reports or papers of DOD ? DOD stands for the United States Department of Defense. I am pretty sure that they publish unclassified information on virii, but I wouldn't know where to find it. - -- |John M. Twilley (Nautilus)|"Electricity is the dangerous|Disclaimer: Take| |Internet: nautilus@rpi.edu| stuff in an extension cord."|what I say with | |BITNet: Nautilus@RPITSMTS|(paraphrased from S. Dorner) |a grain of salt.|
patel@mwunix.mitre.org (Anup C. Patel) (06/12/91)
nautilus@jec310.its.rpi.edu (John M Twilley) writes: >NCKUS089@TWNMOE10.BITNET (Mac Su-Cheong) writes: > >> May someone please give me information on DOD Computer Security Center ? >>Is it possible to get reports or papers of DOD ? > >DOD stands for the United States Department of Defense. > >I am pretty sure that they publish unclassified information on >virii, but I wouldn't know where to find it. These are some of the documents I received from the NCSC (National Computer Security Center) several years ago. More info on NCSC follows. If anyone wants to contact the NCSA, I could dig up their phone number. Most of the documents listed below are at least 4-6 years old. Department of Defense (DOD) documents: ====================================== "Department of Defense Standard: Department of Defense Trusted Copmuter System Evaluation Criteria" "Department of Defense: Password Management Guideline" "Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments" "Technical Rational Behind CSC-STD-003-085 (see above): Computer Security Requirements " National Security Agency (NSA) documents: ========================================= "Information Systems Security: Products and Services Catalogue" "Computer Security Subsystem: Interpretation of the Trusted Computer System Evaluation Criteria" "Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria" "Design Documentation in Trusted Systems" "Configuration Management in Trusted Systems" "Glossary of Computer Security Terms" "Discretionary Access Control in Trusted Systems" "A Guide to Understanding Audit in Trusted Systems" "Personal Computer Security Considerations" **************************** Reprinted from the **************************** **************************** Computer Library **************************** Book: The Computer Glossary (The Electronic Version) * Full Text COPYRIGHT The Computer Language Co. Inc. 1990. - ----------------------------------------------------------------------------- Term: NCSC Author: Freedman, Alan. - ----------------------------------------------------------------------------- (National Computer Security Center) An arm of the U.S. National Security Agency that defines criteria for trusted computer products. The security levels in its Orange Book (Trusted Computer Systems Evaluation Criteria, DOD Standard 5200.28) follow. Each level adds more features and requirements. D - Non-secure system. Level C provides discretionary control. The owner of the data can determine who has access to it. C1 - Requires user log-on, but allows group ID. C2 - Requires individual user log-on with password and an audit mechanism. Levels B and A provide mandatory control. Access is based on standard DOD clearances. B1 - DOD clearance levels. B2 - Guarantees path between user and the security system. Provides assurances that system can be tested and clearances cannot be downgraded. B3 - System is characterized by a mathematical model that must be viable. A1 - System is characterized by a mathematical model that can be proven. Highest security. - ----------------------- End of Document ----------------------