CSEC CRITERIA TO SCI POLICY COMPARISON MATRICES
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP89B01354R000100150026-7
Release Decision:
RIFPUB
Original Classification:
K
Document Page Count:
13
Document Creation Date:
December 21, 2016
Document Release Date:
May 13, 2008
Sequence Number:
26
Case Number:
Publication Date:
October 31, 1984
Content Type:
REPORT
File:
Attachment | Size |
---|---|
![]() | 464.2 KB |
Body:
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
CSEC CRITERIA TO SCI POLICY COMPARISON MATRICES
31 OCT 84
First - Matrix pattern:
Evaluation of the level at which matching criteria satisfy the SCI polcy
requirements for both Systems High Mode and Compartmented Mode of Operation,
both before and after DIA's formal comments to the criteria are applied. The
following legend is used:
U - unacceptable
F - unacceptable due to correctable flow
M - minimally acceptable under some conditions
A - acceptable
S - stronger than needs to be, but reasonable
0 - over protected in comparison to requirement
E - excessive protection
Second - Matrix pattern:
Comparison of whether corresponding criteria exist for SCI policy
requirements for both System High Mode and Compartmented Mode of Operation,
both before and after DIA's formal comments to the criteria are applied.
Third - Matrix pattern:
Display of full set of criteria and correspondence to SCI policy
requirements for both System High and Compartmented Modes of Operation, both
before and after DIA's formal comments are applied.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
REQUIREMENTS SATISFACTION BEF DIA COMMENTS
CSEC CRITERIA AND SCI SYSTEWHIGH MODE
CRITERIA CONTENTS BY LEVEL
SYSTEM HIGH MODE
SECURITY POLICY REQUIREMENTS
B3
82
B1
C2
C1
DIAM 50-4 REFERENCES
DISCRETIONARY ACCESS CONTROL
F
F
F
F
F
CHAPTER 2, 2.f.(5).
+OBJECT REUSE
A
A
A
A
-
NOT REQUIRED
LABELS
S
S
A
REQUIREMENTS 8, 11
LABEL INTEGRITY
S
S
S
REQUIREMENT 11
EXPORTATION OF LABELED INFORMATION
0
0
0
REQUIREMENT 11
LABELING HUMAN READABLE OUTPUT
S
S
S
REQUIREMENT 11 (a),(b)
++SUBJECT SENSITIVITY LABELS
S
S
-
NOT REQUIRED
DEVICE LABELS
S/A
S/A
-
REQUIREMENT 8 (remote terminals)
IDENTIFICATION AND AUTHENTICATION
0
0
0
A
U
REQUIREMENTS 8, 10
AUDIT
0
0
S
REQUIREMENT 15
+SYSTEM ARCHITECTURE
E
E
S
A
U
NOT REQUIRED
SYSTEM INTEGRITY
A
A
A
A
A
CHAPTER 3
TRUSTED FACILITY MANAGEMENT
A
M
-
CHAPTER 3, 3.b.(4)
SECURITY TESTING
E
0
S
A
M
CHAPTER 3, 3.b.
CONFIGURATION MANAGEMENT
0/F
0/F
-
CHAPTER 3, 3.b.(4).(d).
SECURITY FEATURES USER'S GUIDE
A
A
A
A
A
CHAPTER 3, 3.a.
TRUSTED FACILITY MANUAL
E
E
0
A
U
CHAPTER 3, 3.b.(4).(a).
TEST DOCUMENTATION
0
0
A
A
A
CHAPTER 3, 3.b.(5)., ENCLOSURE 7
DESIGN DOCUMENTATION
E
E
S
A
A
CHAPTER 3, 2.
+ Required by practice for new systems rather than policy documents.
++ Desirable on all systems at level C3 and above.
NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
REQUIREMENTS SATISFACTION AFTER DIA COMMENTS
CSEC CRITERIA AND SCI SYSTEM HIGH MODE
CRITERIA CONTENTS BY LEVEL
SYSTEM HIGH MODE
SECURITY POLICY REQUIREMENTS
83
62
B1
C3
C2
C1
DIAM 50-4 REFERENCES
DISCRETIONARY ACCESS CONTROL
S
A
A
A
A
U
CHAPTER 2, 2.f.(5).
+OBJECT REUSE
A
A
A
A
A
A
NOT REQUIRED
LABELS
S
S
A
A
REQUIREMENTS 8, 11
LABEL INTEGRITY
S
S
S
A
REQUIREMENT 11
EXPORTATION OF LABELED INFORMATION
0
0
0
A
REQUIREMENT 11
LABELING HUMAN READABLE OUTPUT
S
S
S
A
REQUIREMENT 11 (a),(b)
++SUBJECT SENSITIVITY LABELS
S
S
-
-
NOT REQUIRED
DEVICE LABELS
S/A
S/A
A
A
REQUIREMENT 8 (remote terminals)
IDENTIFICATION AND AUTHENTICATION
0
0
0
A
A
U
REQUIREMENTS 8, 10
AUDIT
0
0
S
A
REQUIREMENT 15
+SYSTEM ARCHITECTURE
E
E
S
A
A
U
NOT REQUIRED
SYSTEM INTEGRITY
A
A
A
A
A
A
CHAPTER 3
TRUSTED FACILITY MANAGEMENT
A
A
A
A
CHAPTER 3, 3.b.(4)
SECURITY TESTING
E
0
S
A
A
M
CHAPTER 3, 3.b.
CONFIGURATION MANAGEMENT
0/F
0/F
A
A
CHAPTER 3, 3.b.(4).(d).
SECURITY FEATURES USER'S GUIDE
A
A
A
A
A
A
CHAPTER 3, 3.a.
TRUSTED FACILITY MANUAL
E
E
0
A
A
U
CHAPTER 3, 3.b.(4).(a).
TEST DOCUMENTATION
0
0
A
A
A
A
CHAPTER 3, 3.b.(5)., ENCLOSURE 7
DESIGN DOCUMENTATION
E
E
S
A
A
A
CHAPTER 3, 2.
+ Required by practice for new systems rather than policy documents.
++ Desirable on all systems at level C3 and above.
NOTE: C3 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
REQUIREMENTS SATISFACTION BEFORE DIA COMMENTS
CSEC CRITERIA AND SCI COI'ARTFENTED MODE
31 Oct 1984
CRITERIA CONTENTS BY LEVEL
COMPARTMENTED MODE
SECURITY POLICY REQUIREMENTS
B3
82
C2
C1
DIAM 50-4 REFERENCES
DISCRETIONARY ACCESS CONTROL
F
F
F
F
CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 11
OBJECT REUSE
A
A
A
REQUIREMENT 13
LABELS
LABEL INTEGRITY
S
A
REQUIREMENTS 8, 11
REQUIREMENT 11
EXPORTATION OF LABELED INFORMATION
A
REQUIREMENT 11
LABELING HUMAN READABLE OUTPUT
A
REQUIREMENT 11 (a),(b)
++SUBJECT SENSITIVITY LABELS
S
S
NOT REQUIRED
DEVICE LABELS
S/A
S/A
-
REQUIREMENT 8 (remote terminals)
MANDATORY ACCESS CONTROL
0/S/F
0/S/F
S/F
CHAPTER 2, 2.a.
IDENTIFICATION AND AUTHENTICATION
A
A
A
U
U
REQUIREMENTS 8, 10
AUDIT
0
0
S
U
REQUIREMENT 15
SYSTEM ARCHITECTURE
E
0/S
A
M
U
REQUIREMENTS 1, 2, 3 ,12
SYSTEM INTEGRITY
A
A
A
A
A
REQUIREMENTS 4, 5, 6, 9, CHAPTER 3
TRUSTED FACILITY MANAGEMENT
A
U
-
-
CHAPTER 3, 3.b.(4)
SECURITY TESTING
E/O
0/S
A/S
M
U
CHAPTER 3, 3.b.
++DESIGN SPECIFICATION AND
E/O
0
S
-
CHAPTER 3, 3.a.
VERIFICATION
CONFIGURATION MANAGEMENT
S/F
S/F
-
-
CHAPTER 3, 3.b.(4).(d).
SECURITY FEATURES USER'S GUIDE
A
A
A
A
A
CHAPTER 3, 3.a.
TRUSTED FACILITY MANUAL
S
S
A
M
U
CHAPTER 3, 3.b.(4).(a).
TEST DOCUMENTATION
0
0
A
A
A
CHAPTER 3, 3.b.(5)., ENCLOSURE 7
DESIGN DOCUMENTATION
E
E/0
A
M
M
CHAPTER 3, 2.
++ Desirable on all systems at level C3 and above.
NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MADE.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
REQUIREMENTS SATISFACTION AFTER DIA COMMENTS
CSEC CRITERIA AND SCI COMMENTED MODE
31 Oct 1984
CRITERIA CONTENTS BY ~.EYEL
SECURITY POLICY REQUIREMENTS
83
B2
B1
C3
C2
C1
DIAM 50-4 REFERENCES
DISCRETIONARY ACCESS CONTROL
S
A
A
A
M
U
CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14
OBJECT REUSE
A
A
A
A
A
A
REQUIREMENT 13
LABELS
S
S
A
A
-
-
REQUIREMENTS 8, 11
LABEL INTEGRITY
A
A
A
U
-
-
REQUIREMENT 11
EXPORTATION OF LABELED INFORM
ATION A
A
A
M
-
-
REQUIREMENT 11
LABELING HUMAN READABLE OUTPU
T A
A
A
M
-
-
REQUIREMENT 11 (a),(b)
++SUBJECT SENSITIVITY LABELS
S
S
-
-
-
-
NOT REQUIRED
DEVICE LABELS
S/A
S/A
A
A
-
-
REQUIREMENT 8 (remote terminals)
MANDATORY ACCESS CONTROL
0/S
0/S
S
-
-
-
CHAPTER 2, 2.a.
IDENTIFICATION AND AUTHENTICATI
ON A
A
A
U
U
U
REQUIREMENTS 8, 10
AUDIT
0
0
S
A
U
REQUIREMENT 15
SYSTEM ARCHITECTURE
E
0/S
A
M
M
U
REQUIREMENTS 1, 2, 3 ,12
SYSTEM INTEGRITY
A
A
A
A
A
A
REQUIREMENTS 4, 5, 6, 9, CHAPTER 3
TRUSTED FACILITY MANAGEMENT
A
A
A
A
-
-
CHAPTER 3, 3.b.(4)
SECURITY TESTING
E/O
0/S
A/S
M
M
U
CHAPTER 3, 3.b.
++DESIGN SPECIFICATION AND
E/0
S
S
-
-
-
CHAPTER 3, 3.a.
VERIFICATION
CONFIGURATION MANAGEMENT
S/F
S/F
A
A
CHAPTER 3, 3.b.(4).(d).
SECURITY FEATURES USER'S GUIDE A
A
A
A
A
A
CHAPTER 3, 3.a.
TRUSTED FACILITY MANUAL S
S
A
M
M
U
CHAPTER 3, 3.b.(4).(a).
TEST DOCUMENTATION 0
0
A
A
A
A
CHAPTER 3, 3.b.(5)., ENCLOSURE 7
DESIGN DOCUMENTATION E
E/O
A
M
M
M
CHAPTER 3, 2.
++ Desirable on all systems at level C3 and above.
NOTE: B1 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
REQUIREMENTS COMPARISON BEFORE DIA COMMENTS
CSEC CRITERIA AND SCI SYSTEM HIGH MODE
SYSTEM HIGH MODE
CRITERIA CONTENTS BY LEVEL
SECURITY POLICY REQUIREMENTS B3 B2 B1
DISCRETIONARY ACCESS CONTROL
+OBJECT REUSE
LABELS
LABEL INTEGRITY
EXPORTATION OF LABELED INFORMATION
LABELING HUMAN READABLE OUTPUT
++SUBJECT SENSITIVITY LABELS
DEVICE LABELS
IDENTIFICATION AND AUTHENTICATION
AUDIT
+SYSTEM ARCHITECTURE
SYSTEM INTEGRITY
TRUSTED FACILITY MANAGEMENT
SECURITY TESTING
CONFIGURATION MANAGEMENT
SECURITY FEATURES USER'S GUIDE
TRUSTED FACILITY MANUAL
TEST DOCUMENTATION
DESIGN DOCUMENTATION
* * *
* * *
* * _
* * *
* *
* * *
* * *
* * *
* * *
C2 Cl DIAN 50-4 REFERENCES
* CHAPTER 2, 2.f.(5).
NOT REQUIRED
REQUIREMENTS 8, 11
REQUIREMENT 11
REQUIREMENT 11
REQUIREMENT 11 (a),(b)
NOT REQUIRED
REQUIREMENT 8 (remote terminals)
REQUIREMENTS 8, 10
REQUIREMENT 15
NOT REQUIRED
CHAPTER 3
CHAPTER 3, 3.b.(4)
CHAPTER 3, 3.b.
CHAPTER 3, 3.b.(4).(d).
CHAPTER 3, 3.a.
CHAPTER 3, 3.b.(4).(a).
CHAPTER 3, 3.b.(5)., ENCLOSURE 7
CHAPTER 3, 2.
+ Required by practice for new systems rather than policy documents.
++ Desirable on all systems at level C3 and above.
NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
SYSTEM HIGH MODE
SECURITY POLICY REQUIREMENTS B3
DISCRETIONARY ACCESS CONTROL
+OBJECT REUSE
LABELS *
LABEL INTEGRITY
EXPORTATION OF LABELED INFORMATION
LABELING HUMAN READABLE OUTPUT
++SUBJECT SENSITIVITY LABELS
DEVICE LABELS
IDENTIFICATION AND AUTHENTICATION
AUDIT
+SYSTEM ARCHITECTURE
SYSTEM INTEGRITY
TRUSTED FACILITY MANAGEMENT
SECURITY TESTING
CONFIGURATION MANAGEMENT
SECURITY FEATURES USER'S GUIDE
TRUSTED FACILITY MANUAL
TEST DOCUMENTATION
DESIGN DOCUMENTATION
REQUIREMENTS SATISFACTION AFTER DIA COMMENTS
CSEC CRITERIA AND SCI SYSTEM HIGH MODE
CRITERIA CONTENTS BY LEVEL
B2 B1 C3
* * *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
+ Required by practice for new systems rather than policy documents.
++ Desirable on all systems at level C3 and above.
NOTE: C3 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE.
31 Oct 1984
C2 C1 DIAM 50-4 REFERENCES
CHAPTER 2, 2.f.(5).
NOT REQUIRED
REQUIREMENTS 8, 11
REQUIREMENT 11
REQUIREMENT 11
REQUIREMENT 11 (a),(b)
NOT REQUIRED
REQUIREMENT 8 (remote terminals)
REQUIREMENTS 8, 10
REQUIREMENT 15
NOT REQUIRED
CHAPTER 3
CHAPTER 3, 3.b.(4)
CHAPTER 3, 3.b.
CHAPTER 3, 3.b.(4).(d).
CHAPTER 3, 3.a.
CHAPTER 3, 3.b.(4).(a).
CHAPTER 3, 3.b.(5)., ENCLOSURE 7
CHAPTER 3, 2.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
REQUIREMENTS COMPARISON BEFORE DIA COMMENTS
CSEC CRITERIA AND SCI TMENTED MODE
COMPARTMENTED MODE
SECURITY POLICY REQUIREMENTS
DISCRETIONARY ACCESS CONTROL
OBJECT REUSE
CRITERIA CONTENTS BY LEVEL
LABELS
LABEL INTEGRITY
EXPORTATION OF LABELED INFORMATION
LABELING HUMAN READABLE OUTPUT
++SUBJECT SENSITIVITY LABELS
DEVICE LABELS
MANDATORY ACCESS CONTROL
IDENTIFICATION AND AUTHENTICATION
AUDIT
SYSTEM ARCHITECTURE
SYSTEM INTEGRITY
TRUSTED FACILITY MANAGEMENT
SECURITY TESTING
++DESIGN SPECIFICATION AND
VERIFICATION
CONFIGURATION MANAGEMENT
SECURITY FEATURES USER'S GUIDE
TRUSTED FACILITY MANUAL
TEST DOCUMENTATION
DESIGN DOCUMENTATION
* * _
* * _
* * *
* * *
* * *
* * _
* * *
* * *
* * *
* * *
* * *
* * *
++ Desirable on all systems at level C3 and above.
C2 Cl DIAN 50-4 REFERENCES
* * CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14
REQUIREMENT 13
REQUIREMENTS 8, 11
REQUIREMENT 11
REQUIREMENT 11
REQUIREMENT 11 (a),(b)
NOT REQUIRED
REQUIREMENT 8 (remote terminals)
CHAPTER 2, 2.a.
* * REQUIREMENTS 8, 10
* - REQUIREMENT 15
NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE.
REQUIREMENTS 1, 2, 3 ,12
REQUIREMENTS 4, 5, 6, 9, CHAPTER 3
CHAPTER 3, 3.b.(4)
CHAPTER 3, 3.b.
CHAPTER 3, 3.a.
CHAPTER 3, 3.b.(4).(d).
* CHAPTER 3, 3.a.
* CHAPTER 3, 3.b.(4).(a).
* CHAPTER 3, 3.b.(5)., ENCLOSURE 7
* CHAPTER 3, 2.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
REQUIREMENTS COMPARISON AFTER DIA COMMENTS
CSEC CRITERIA AND SCI COMPARTMENTED MODE
31 Oct 1984
CRITERIA CONTENTS BY LEVEL
COMPARTMENTED MODE
SECURITY POLICY REQUIREMENTS B3 B2 B1 C3 C2 C1
DIAM 50-4 REFERENCES
DISCRETIONARY ACCESS CONTROL * * * * * *
CHAPTER 2, 2.f.(5)., REQUIREMENTS 7,
14
OBJECT REUSE * * * * * *
REQUIREMENT 13
LABELS * * * *
REQUIREMENTS 8, 11
LABEL INTEGRITY * * *
REQUIREMENT 11
EXPORTATION OF LABELED INFORMATION * * *
REQUIREMENT 11
LABELING HUMAN READABLE OUTPUT * * *
REQUIREMENT 11 (a),(b)
++SUBJECT SENSITIVITY LABELS *
NOT REQUIRED
DEVICE LABELS *
REQUIREMENT 8 (remote terminals)
MANDATORY ACCESS CONTROL *
CHAPTER 2, 2.a.
IDENTIFICATION AND AUTHENTICATION * * * *
REQUIREMENTS 8, 10
* * * -
AUDIT
SYSTEM ARCHITECTURE * * * *
REQUIREMENT 15
REQUIREMENTS 1, 2, 3 ,12
SYSTEM INTEGRITY * * * *
REQUIREMENTS 4, 5, 6, 9, CHAPTER 3
TRUSTED FACILITY MANAGEMENT * *
CHAPTER 3, 3.b.(4)
SECURITY TESTING * *
CHAPTER 3, 3.b.
++DESIGN SPECIFICATION AND
CHAPTER 3, 3.a.
VERIFICATION
CONFIGURATION MANAGEMENT
CHAPTER 3, 3.b.(4).(d).
SECURITY FEATURES USER'S GUIDE * * * *
CHAPTER 3, 3.a.
TRUSTED FACILITY MANUAL * * * *
CHAPTER 3, 3.b.(4).(a).
TEST DOCUMENTATION * * * *
CHAPTER 3, 3.b.(5)., ENCLOSURE 7
DESIGN DOCUMENTATION * * * *
CHAPTER 3, 2.
++ Desirable on all systems at level C3 and above.
NOTE: 81 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
CSEC CRITERIA AND SCI SYSTEM HIGH MODE
BEFORE DIA COMMENTS
CSEC CRITERIA Al
DISCRETIONARY ACCESS CONTROL
OBJECT REUSE
LABELS
LABEL INTEGRITY
EXPORTATION OF LABELED INFORMATION
TO SINGLE LEVEL DEVICES
TO MULTI-LEVEL DEVICES
LABELING HUMAN READABLE OUTPUT
SUBJECT SENSITIVITY LABELS
DEVICE LABELS
MANDATORY ACCESS CONTROL
IDENTIFICATION AND AUTHENTICATION
TRUSTED PATH
AUDIT
SYSTEM ARCHITECTURE
SYSTEM INTEGRITY
COVERT CHANNEL ANALYSIS
TRUSTED FACILITY MANAGEMENT
TRUSTED RECOVERY
SECURITY TESTING
DESIGN SPECIFICATION AND
VERIFICATION
CONFIGURATION MANAGEMENT
TRUSTED DISTRIBUTION
SECURITY FEATURES USER'S GUIDE
TRUSTED FACILITY MANUAL
TEST DOCUMENTATION
DESIGN DOCUMENTATION
NOTE: 82 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE.
CRITERIA CONTENTS BY LEVEL
B3 B2 B1 C2 C1 DIAM 50-4 REFERENCES
* CHAPTER 2, 2.f.(5).
REQUIREMENTS 8, 11
REQUIREMENT 11
REQUIREMENT 11
31 Oct 1984
REQUIREMENT 11 (a),(b)
REQUIREMENT 8 (remote terminals)
ENCLOSURE 8
* REQUIREMENTS 8, 10
REQUIREMENT 15
*
* CHAPTER 3
CHAPTER 3, 3.b.(4)
* CHAPTER 3, 3.b.
CHAPTER 3, 3.b.(4).(d).
* CHAPTER 3, 3.a.
* CHAPTER 3, 3.b.(4).(a).
* CHAPTER 3, 3.b.(5)., ENCLOSURE 7
* CHAPTER 3, 2.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
CSEC CRITERIA AND SCI SYSTEM HIGH MODE
AFTER DIA COMMENTS
CSEC CRITERIA Al
DISCRETIONARY ACCESS CONTROL *
OBJECT REUSE *
LABELS *
LABEL INTEGRITY *
EXPORTATION OF LABELED INFORMATION
TO SINGLE LEVEL DEVICES *
TO MULTI-LEVEL DEVICES *
LABELING HUMAN READABLE OUTPUT *
SUBJECT SENSITIVITY LABELS *
DEVICE LABELS *
MANDATORY ACCESS CONTROL *
IDENTIFICATION AND AUTHENTICATION
TRUSTED PATH
AUDIT
SYSTEM ARCHITECTURE
SYSTEM INTEGRITY
COVERT CHANNEL ANALYSIS
TRUSTED FACILITY MANAGEMENT
TRUSTED RECOVERY
SECURITY TESTING
DESIGN SPECIFICATION AND
VERIFICATION
CONFIGURATION MANAGEMENT
TRUSTED DISTRIBUTION
SECURITY FEATURES USER'S GUIDE
TRUSTED FACILITY MANUAL
TEST DOCUMENTATION
DESIGN DOCUMENTATION
*
*
*
*
*
*
31 Oct 1984
CRITERIA CONTENTS BY LEVEL
83 B2 B1 C3 C2
* * * * *
* * * * *
* * * *
* * *
* * * -
* * * -
* * * *
* * - -
* * *
* * *
* *
* * * * *
* * * * *
* - - -
* * * *
*
* * * * *
* * * - -
* * * *
* * * * *
* * * * *
* * * * *
* * * * *
NOTE: C3 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE.
C1 DIAM 50-4 REFERENCES
* CHAPTER 2, 2.f.(5).
*
REQUIREMENTS 8, 11
REQUIREMENT 11
REQUIREMENT 11
REQUIREMENT 11 (a),(b)
REQUIREMENT 8 (remote terminals)
ENCLOSURE 8
* REQUIREMENTS 8, 10
REQUIREMENT 15
*
* CHAPTER 3
CHAPTER 3, 3.b.(4)
* CHAPTER 3, 3.b.
CHAPTER 3, 3.b.(4).(d).
* CHAPTER 3, 3.a.
* CHAPTER 3, 3.b.(4).(a).
* CHAPTER 3, 3.b.(5)., ENCLOSURE 7
* CHAPTER 3, 2.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
CSEC CRITERIA AND SCI COMPARTMENTED MODE
BEFORE DIA COMMENTS
CRITERIA CONTENTS BY LEVEL
20 June 1984
CSEC CRITERIA Al
83
82 B1 C2 C1
DIAM 50-4 REFERENCES
DISCRETIONARY ACCESS CONTROL
*
* * * *
CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14
OBJECT REUSE
*
* * * -
REQUIREMENT 13
LABELS *
*
* *
REQUIREMENTS 8, 11
LABEL INTEGRITY
*
* *
REQUIREMENT 11
EXPORTATION OF LABELED INFORMATION
*
* *
REQUIREMENT 11
TO SINGLE LEVEL DEVICES
*
* *
TO MULTI-LEVEL DEVICES *
*
* *
LABELING HUMAN READABLE OUTPUT *
*
* *
REQUIREMENT 11 (a),(b)
SUBJECT SENSITIVITY LABELS *
*
* _
DEVICE LABELS *
*
* _
REQUIREMENT 8 (remote terminals)
MANDATORY ACCESS CONTROL *
*
* *
CHAPTER 2, 2.a.
IDENTIFICATION AND AUTHENTICATION
REQUIREMENTS 8, 10
*
TRUSTED PATH *
*
_ -
AUDIT *
*
* * *
REQUIREMENT 15
SYSTEM ARCHITECTURE
REQUIREMENTS 1, 2, 3 ,12
SYSTEM INTEGRITY *
*
* *
REQUIREMENTS 4, 5, 6, 9, CHAPTER 3
COVERT CHANNEL ANALYSIS *
*
*
REQUIREMENT 2, CHAPTER 3, 3.b.(5).
TRUSTED FACILITY MANAGEMENT *
*
*
CHAPTER 3, 3.b.(4)
TRUSTED RECOVERY *
*
_
SECURITY TESTING *
*
* *
CHAPTER 3, 3.b.
DESIGN SPECIFICATION AND *
VERIFICATION
*
* *
CHAPTER 3, 3.a.
CONFIGURATION MANAGEMENT *
*
*
CHAPTER 3, 3.b.(4).(d).
TRUSTED DISTRIBUTION *
-
-
SECURITY FEATURES USER'S GUIDE *
*
* * * *
CHAPTER 3, 3.a.
TRUSTED FACILITY MANUAL *
*
* * * *
CHAPTER 3, 3.b.(4).(a).
TEST DOCUMENTATION *
*
* * * *
CHAPTER 3, 3.b.(5)., ENCLOSURE 7
DESIGN DOCUMENTATION *
*
* * * *
CHAPTER 3, 2.
NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7
CSEC CRITERIA AND SCI COMPARTMENTED MODE
AFTER DIA COMMENTS
DISCRETIONARY ACCESS CONTROL
OBJECT REUSE
LABELS
LABEL INTEGRITY
EXPORTATION OF LABELED INFORMATION
TO SINGLE LEVEL DEVICES
TO MULTI-LEVEL DEVICES
LABELING HUMAN READABLE OUTPUT
SUBJECT SENSITIVITY LABELS
DEVICE LABELS
MANDATORY ACCESS CONTROL
IDENTIFICATION AND AUTHENTICATION
TRUSTED PATH
AUDIT
SYSTEM ARCHITECTURE
SYSTEM INTEGRITY
COVERT CHANNEL ANALYSIS
TRUSTED FACILITY MANAGEMENT
TRUSTED RECOVERY
SECURITY TESTING
DESIGN SPECIFICATION AND
VERIFICATION
CONFIGURATION MANAGEMENT
TRUSTED DISTRIBUTION
SECURITY FEATURES USER'S GUIDE
TRUSTED FACILITY MANUAL
TEST DOCUMENTATION
DESIGN DOCUMENTATION
*
*
*
*
*
CRITERIA CONTENTS BY LEVEL
B3 B2 1131 C3 C2 C1 DIAM 50-4 REFERENCES
* CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14
* REQUIREMENT 13
REQUIREMENTS 8, 11
REQUIREMENT 11
REQUIREMENT 11
REQUIREMENT 11 (a),(b)
REQUIREMENT 8 (remote terminals)
CHAPTER 2, 2.a.
* REQUIREMENTS 8, 10
REQUIREMENT 15
* REQUIREMENTS 1, 2, 3 ,12
* REQUIREMENTS 4, 5, 6, 9, CHAPTER 3
NOTE: B1 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE.
REQUIREMENT 2, CHAPTER 3, 3.b.(5).
CHAPTER 3, 3.b.(4)
* CHAPTER 3, 3.b.
CHAPTER 3, 3.a.
CHAPTER 3, 3.b.(4).(d).
* CHAPTER 3, 3.a.
* CHAPTER 3, 3.b.(4).(a).
* CHAPTER 3, 3.b.(5)., ENCLOSURE 7
* CHAPTER 3, 2.
Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7