An Approach to Determining Computer Security Requirements for Navy Systems
Final rept. May 84-Jan 85
NAVAL RESEARCH LAB WASHINGTON DC
Pagination or Media Count:
The DoD Trusted Computer System Evaluation Criteria The Orange Book define requirements corresponding to specified levels of security functions and assurance. These do not The Orange Book, however, help determine what level system is required for a specific environment. It is at present left to the system is expected to be used. This report proposes a straightforward technique a developer can use to map a specific system architecture and application environment to a particular requirement level as defined in the Criteria. This technique is applicable throughout the system life cycle, so that security requirements can be updated as changes to system structure and function occur.
- Computer Systems Management and Standards