Computer Security Requirements -- Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments
NATIONAL COMPUTER SECURITY CENTER FORT GEORGE G MEADE MD
Pagination or Media Count:
This document establishes computer security requirements for the Department of Defense DoD by identifying the minimum class of system required for a given risk index. The classes are those defined by CSC-STD-001-83, Department of Defense Trusted Computer System Evaluation Criteria henceforth referred to as the Criteria. 1 A systems risk index is defined as the disparity between the minimum clearance or authorization of system users and the maximum sensitivity of data processed by the system. The recommendations in this document are those that the DoD Computer Security Center DoDCSC believes to be the minimum adequate to provide an acceptable level of security. These recommendations are made in part due to the fact that there is no comprehensive policy in effect today which covers this area of computer security. Where current policy does exist, however, this document shall not be taken to supersede or override that policy, nor shall it be taken to provide exemption from any policy covering areas of security not addressed in this document. Section 2 of this document provides definitions of terms used. Risk index computation is described in Section 3, while Section 4 presents the computer security requirements.
- Computer Systems Management and Standards