Final Evaluation Report of Computer Security Corporation: Citadel.
NATIONAL COMPUTER SECURITY CENTER FORT GEORGE G MEADE MD
Pagination or Media Count:
The Citadel Security product has been evaluated by the National Computer Security Center NCSC. Citadel is considered to be a sub-system rather than a complete trusted computer system. Therefore, it was evaluated against a relevant subset of the requirements in the Department of Defense Trusted Computer System Evaluation Criteria, dated December 1985. Specifically, the subset for this evaluation included identification authentication IA, discretionary access control, and audit requirements. The NCSC evaluation team has determined that Citadel, when configured as tested, is capable of providing additional protection mechanisms for the IBMPCXT and PCAT. Citadel requires each user to enter a user ID and a valid password in order to gain access to the computer. Citadel maintains discretionary access control by mediating access to files. In addition, Citadel has the capability to audit system activity. Sub-systems are intended to be implemented on automatic data processing ADP systems. Specifically, sub-systems are designed to add a level of assurance to an ADP system that has limited or ineffective security mechanisms.
- Computer Systems Management and Standards