Use of the Trusted Computer System Evaluation Criteria (TCSEC) for Complex, Evolving, Multipolicy Systems.

Johnson, Howard L.; Devilbiss, Melvin L.

Use of the Trusted Computer System Evaluation Criteria (TCSEC) for Complex, Evolving, Multipolicy Systems.

Active / Technical Report | Accession Number: ADA344688 |

Open PDF

Abstract:

The purpose of this paper is to provide a methodology to assist the heads of DoD components to procure, certify, and accredit existing, evolving, multipolicy systems against the TCSEC 4 requirements, consistent with the guidance provided in the TNI 2 and the TDI 3. This methodology must come to grips with the problems that exist in current operational command and control systems. The intended audience is anyone concerned with any aspect of these objectives. A more immediate goal, once these ideas have been finalized, is to develop a STRAWMAN follow-on version of Volume 2 of the Procurement Guideline Series Language for RFP Specifications and Statements of Work - An Aid to Procurement Initiators 5, but it will apply to complex systems. This will provide a way to extend the guidelines application from the procurement of Evaluated Products List EPL 6 products or the equivalent to procurement of integrated systems, encouraging maximum use of EPL products in the system developmentevolution.

Author(s):

Johnson, Howard L. ; Devilbiss, Melvin L.

Author Organization(s):

NATIONAL COMPUTER SECURITY CENTER FORT GEORGE G MEADE MD

Pagination:

0036

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

NCSC-TR-002

Monitor Series:

NCSC*

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_8.2_Shape; JCA_8_Building Partnerships; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_5.3.3_Develop Strategy; JCA_5.3.2_Apply Situational Understanding; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_5.4_Decide; JCA_6_Net Centric; JCA_5.3.1_Analyze Problem; JCA_6.1_Information Transport; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_1_Force Support; JCA_1.2_Force Preparation; JCA_5.4.1_Manage Risk; JCA_5.4.3_Establish Rule Sets; JCA_6.4.1_Secure Information Exchange; JCA_7_Protection

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*DEPARTMENT OF DEFENSE, *DATA PROCESSING SECURITY, *COMPUTER NETWORKS, RISK, ACQUISITION, DATA MANAGEMENT, COST EFFECTIVENESS, INTERFACES, SECURITY, COMMAND AND CONTROL SYSTEMS, EVOLUTION(GENERAL), SYSTEMS ANALYSIS, CLASSIFIED MATERIALS

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

BMDO COLLECTION, U5407, MULTIPOLICY SYSTEMS, CERTIFICATION, TCSEC(TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA)

Report Date:

1994 Jul 01

Creation Date:

1998 Jun 03