Integrity-Oriented Control Objectives: Proposed Revisions to the Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200.28-STD

Mayfield, Terry; Welke, Stephen R.; Boone, John M.

Integrity-Oriented Control Objectives: Proposed Revisions to the Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200.28-STD

Active / Technical Report | Accession Number: ADA252697 |

Open PDF

Abstract:

For many years, the security research community has focused on the confidentiality as security, an a solid analytical foundation for addressing confidentiality issues has evolved. Now it is recognized that integrity is at least as important as confidentiality in many computer systems it is also apparent that integrity is not well understood. Control objectives, as they apply to automated information systems, express fundamental computer security requirements and serve as guidance to the development of more specific systems evaluation criteria. Within the department of defense, the control objectives contained in the Trusted Computer System Evaluation Criteria TCSEC, DoD 5200. 28-STD, are of primary concern to the development of product evaluation criteria. The TCSECs scope is currently confined to address only confidentiality protection of information. This document is intended to extend the scope of the TCSEC so that the control objectives, contained therein, will also address the protection of information and computing resource integrity. The document provides new and modified statements of control objective along with discussion and rationale for their inclusion or revision. The basis in Federal law and policy for the revised control objectives is discussed and a summary of each law and policy used in the derivation of the revisions is provided. The document is intended to be used as a strawman to foster further research and debate leading to a new standard for evaluation criteria that encompasses both integrity and confidentiality.

Author(s):

Mayfield, Terry ; Welke, Stephen R. ; Boone, John M.

Author Organization(s):

INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA

Descriptive Note:

Final rept.

Pagination:

0141

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

NCSC-TR-111-91

Monitor Series:

NCSC/MD

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_5.5_Direct; JCA_5.5.1_Communicate Intent and Guidance; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_5.3.3_Develop Strategy; JCA_2_Battlespace Awareness; JCA_4.7.2_Installation Services; JCA_4.7_Base and Installations Support; JCA_2.1_Planning and Direction; JCA_2.1.1_Define and Prioritize Requirements; JCA_5.6.1_Assess Compliance with Guidance; JCA_5.6_Monitor; JCA_5.3.2_Apply Situational Understanding; JCA_6.4.1_Secure Information Exchange; JCA_6_Net Centric; JCA_5.4_Decide

Communities of Interest:

Cyber

Descriptor(s):

*REQUIREMENTS, *DATA PROCESSING SECURITY, *SYSTEMS ENGINEERING, RESOURCES, POLICIES, COMMUNITIES, INFORMATION SYSTEMS, FEDERAL LAW, COMPUTERS, CONTROL, INCLUSIONS, DOCUMENTS, PROTECTION, DEPARTMENT OF DEFENSE, ADDRESSING, SECURITY

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

DATA INTEGRITY, SYSTEM INTEGRITY

Report Date:

1991 Oct 01