CSEC CRITERIA TO SCI POLICY COMPARISON MATRICES

Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 CSEC CRITERIA TO SCI POLICY COMPARISON MATRICES 31 OCT 84 First - Matrix pattern: Evaluation of the level at which matching criteria satisfy the SCI polcy requirements for both Systems High Mode and Compartmented Mode of Operation, both before and after DIA's formal comments to the criteria are applied. The following legend is used: U - unacceptable F - unacceptable due to correctable flow M - minimally acceptable under some conditions A - acceptable S - stronger than needs to be, but reasonable 0 - over protected in comparison to requirement E - excessive protection Second - Matrix pattern: Comparison of whether corresponding criteria exist for SCI policy requirements for both System High Mode and Compartmented Mode of Operation, both before and after DIA's formal comments to the criteria are applied. Third - Matrix pattern: Display of full set of criteria and correspondence to SCI policy requirements for both System High and Compartmented Modes of Operation, both before and after DIA's formal comments are applied. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 REQUIREMENTS SATISFACTION BEF DIA COMMENTS CSEC CRITERIA AND SCI SYSTEWHIGH MODE CRITERIA CONTENTS BY LEVEL SYSTEM HIGH MODE SECURITY POLICY REQUIREMENTS B3 82 B1 C2 C1 DIAM 50-4 REFERENCES DISCRETIONARY ACCESS CONTROL F F F F F CHAPTER 2, 2.f.(5). +OBJECT REUSE A A A A - NOT REQUIRED LABELS S S A REQUIREMENTS 8, 11 LABEL INTEGRITY S S S REQUIREMENT 11 EXPORTATION OF LABELED INFORMATION 0 0 0 REQUIREMENT 11 LABELING HUMAN READABLE OUTPUT S S S REQUIREMENT 11 (a),(b) ++SUBJECT SENSITIVITY LABELS S S - NOT REQUIRED DEVICE LABELS S/A S/A - REQUIREMENT 8 (remote terminals) IDENTIFICATION AND AUTHENTICATION 0 0 0 A U REQUIREMENTS 8, 10 AUDIT 0 0 S REQUIREMENT 15 +SYSTEM ARCHITECTURE E E S A U NOT REQUIRED SYSTEM INTEGRITY A A A A A CHAPTER 3 TRUSTED FACILITY MANAGEMENT A M - CHAPTER 3, 3.b.(4) SECURITY TESTING E 0 S A M CHAPTER 3, 3.b. CONFIGURATION MANAGEMENT 0/F 0/F - CHAPTER 3, 3.b.(4).(d). SECURITY FEATURES USER'S GUIDE A A A A A CHAPTER 3, 3.a. TRUSTED FACILITY MANUAL E E 0 A U CHAPTER 3, 3.b.(4).(a). TEST DOCUMENTATION 0 0 A A A CHAPTER 3, 3.b.(5)., ENCLOSURE 7 DESIGN DOCUMENTATION E E S A A CHAPTER 3, 2. + Required by practice for new systems rather than policy documents. ++ Desirable on all systems at level C3 and above. NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 REQUIREMENTS SATISFACTION AFTER DIA COMMENTS CSEC CRITERIA AND SCI SYSTEM HIGH MODE CRITERIA CONTENTS BY LEVEL SYSTEM HIGH MODE SECURITY POLICY REQUIREMENTS 83 62 B1 C3 C2 C1 DIAM 50-4 REFERENCES DISCRETIONARY ACCESS CONTROL S A A A A U CHAPTER 2, 2.f.(5). +OBJECT REUSE A A A A A A NOT REQUIRED LABELS S S A A REQUIREMENTS 8, 11 LABEL INTEGRITY S S S A REQUIREMENT 11 EXPORTATION OF LABELED INFORMATION 0 0 0 A REQUIREMENT 11 LABELING HUMAN READABLE OUTPUT S S S A REQUIREMENT 11 (a),(b) ++SUBJECT SENSITIVITY LABELS S S - - NOT REQUIRED DEVICE LABELS S/A S/A A A REQUIREMENT 8 (remote terminals) IDENTIFICATION AND AUTHENTICATION 0 0 0 A A U REQUIREMENTS 8, 10 AUDIT 0 0 S A REQUIREMENT 15 +SYSTEM ARCHITECTURE E E S A A U NOT REQUIRED SYSTEM INTEGRITY A A A A A A CHAPTER 3 TRUSTED FACILITY MANAGEMENT A A A A CHAPTER 3, 3.b.(4) SECURITY TESTING E 0 S A A M CHAPTER 3, 3.b. CONFIGURATION MANAGEMENT 0/F 0/F A A CHAPTER 3, 3.b.(4).(d). SECURITY FEATURES USER'S GUIDE A A A A A A CHAPTER 3, 3.a. TRUSTED FACILITY MANUAL E E 0 A A U CHAPTER 3, 3.b.(4).(a). TEST DOCUMENTATION 0 0 A A A A CHAPTER 3, 3.b.(5)., ENCLOSURE 7 DESIGN DOCUMENTATION E E S A A A CHAPTER 3, 2. + Required by practice for new systems rather than policy documents. ++ Desirable on all systems at level C3 and above. NOTE: C3 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 REQUIREMENTS SATISFACTION BEFORE DIA COMMENTS CSEC CRITERIA AND SCI COI'ARTFENTED MODE 31 Oct 1984 CRITERIA CONTENTS BY LEVEL COMPARTMENTED MODE SECURITY POLICY REQUIREMENTS B3 82 C2 C1 DIAM 50-4 REFERENCES DISCRETIONARY ACCESS CONTROL F F F F CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 11 OBJECT REUSE A A A REQUIREMENT 13 LABELS LABEL INTEGRITY S A REQUIREMENTS 8, 11 REQUIREMENT 11 EXPORTATION OF LABELED INFORMATION A REQUIREMENT 11 LABELING HUMAN READABLE OUTPUT A REQUIREMENT 11 (a),(b) ++SUBJECT SENSITIVITY LABELS S S NOT REQUIRED DEVICE LABELS S/A S/A - REQUIREMENT 8 (remote terminals) MANDATORY ACCESS CONTROL 0/S/F 0/S/F S/F CHAPTER 2, 2.a. IDENTIFICATION AND AUTHENTICATION A A A U U REQUIREMENTS 8, 10 AUDIT 0 0 S U REQUIREMENT 15 SYSTEM ARCHITECTURE E 0/S A M U REQUIREMENTS 1, 2, 3 ,12 SYSTEM INTEGRITY A A A A A REQUIREMENTS 4, 5, 6, 9, CHAPTER 3 TRUSTED FACILITY MANAGEMENT A U - - CHAPTER 3, 3.b.(4) SECURITY TESTING E/O 0/S A/S M U CHAPTER 3, 3.b. ++DESIGN SPECIFICATION AND E/O 0 S - CHAPTER 3, 3.a. VERIFICATION CONFIGURATION MANAGEMENT S/F S/F - - CHAPTER 3, 3.b.(4).(d). SECURITY FEATURES USER'S GUIDE A A A A A CHAPTER 3, 3.a. TRUSTED FACILITY MANUAL S S A M U CHAPTER 3, 3.b.(4).(a). TEST DOCUMENTATION 0 0 A A A CHAPTER 3, 3.b.(5)., ENCLOSURE 7 DESIGN DOCUMENTATION E E/0 A M M CHAPTER 3, 2. ++ Desirable on all systems at level C3 and above. NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MADE. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 REQUIREMENTS SATISFACTION AFTER DIA COMMENTS CSEC CRITERIA AND SCI COMMENTED MODE 31 Oct 1984 CRITERIA CONTENTS BY ~.EYEL SECURITY POLICY REQUIREMENTS 83 B2 B1 C3 C2 C1 DIAM 50-4 REFERENCES DISCRETIONARY ACCESS CONTROL S A A A M U CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14 OBJECT REUSE A A A A A A REQUIREMENT 13 LABELS S S A A - - REQUIREMENTS 8, 11 LABEL INTEGRITY A A A U - - REQUIREMENT 11 EXPORTATION OF LABELED INFORM ATION A A A M - - REQUIREMENT 11 LABELING HUMAN READABLE OUTPU T A A A M - - REQUIREMENT 11 (a),(b) ++SUBJECT SENSITIVITY LABELS S S - - - - NOT REQUIRED DEVICE LABELS S/A S/A A A - - REQUIREMENT 8 (remote terminals) MANDATORY ACCESS CONTROL 0/S 0/S S - - - CHAPTER 2, 2.a. IDENTIFICATION AND AUTHENTICATI ON A A A U U U REQUIREMENTS 8, 10 AUDIT 0 0 S A U REQUIREMENT 15 SYSTEM ARCHITECTURE E 0/S A M M U REQUIREMENTS 1, 2, 3 ,12 SYSTEM INTEGRITY A A A A A A REQUIREMENTS 4, 5, 6, 9, CHAPTER 3 TRUSTED FACILITY MANAGEMENT A A A A - - CHAPTER 3, 3.b.(4) SECURITY TESTING E/O 0/S A/S M M U CHAPTER 3, 3.b. ++DESIGN SPECIFICATION AND E/0 S S - - - CHAPTER 3, 3.a. VERIFICATION CONFIGURATION MANAGEMENT S/F S/F A A CHAPTER 3, 3.b.(4).(d). SECURITY FEATURES USER'S GUIDE A A A A A A CHAPTER 3, 3.a. TRUSTED FACILITY MANUAL S S A M M U CHAPTER 3, 3.b.(4).(a). TEST DOCUMENTATION 0 0 A A A A CHAPTER 3, 3.b.(5)., ENCLOSURE 7 DESIGN DOCUMENTATION E E/O A M M M CHAPTER 3, 2. ++ Desirable on all systems at level C3 and above. NOTE: B1 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 REQUIREMENTS COMPARISON BEFORE DIA COMMENTS CSEC CRITERIA AND SCI SYSTEM HIGH MODE SYSTEM HIGH MODE CRITERIA CONTENTS BY LEVEL SECURITY POLICY REQUIREMENTS B3 B2 B1 DISCRETIONARY ACCESS CONTROL +OBJECT REUSE LABELS LABEL INTEGRITY EXPORTATION OF LABELED INFORMATION LABELING HUMAN READABLE OUTPUT ++SUBJECT SENSITIVITY LABELS DEVICE LABELS IDENTIFICATION AND AUTHENTICATION AUDIT +SYSTEM ARCHITECTURE SYSTEM INTEGRITY TRUSTED FACILITY MANAGEMENT SECURITY TESTING CONFIGURATION MANAGEMENT SECURITY FEATURES USER'S GUIDE TRUSTED FACILITY MANUAL TEST DOCUMENTATION DESIGN DOCUMENTATION * * * * * * * * _ * * * * * * * * * * * * * * * * * C2 Cl DIAN 50-4 REFERENCES * CHAPTER 2, 2.f.(5). NOT REQUIRED REQUIREMENTS 8, 11 REQUIREMENT 11 REQUIREMENT 11 REQUIREMENT 11 (a),(b) NOT REQUIRED REQUIREMENT 8 (remote terminals) REQUIREMENTS 8, 10 REQUIREMENT 15 NOT REQUIRED CHAPTER 3 CHAPTER 3, 3.b.(4) CHAPTER 3, 3.b. CHAPTER 3, 3.b.(4).(d). CHAPTER 3, 3.a. CHAPTER 3, 3.b.(4).(a). CHAPTER 3, 3.b.(5)., ENCLOSURE 7 CHAPTER 3, 2. + Required by practice for new systems rather than policy documents. ++ Desirable on all systems at level C3 and above. NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 SYSTEM HIGH MODE SECURITY POLICY REQUIREMENTS B3 DISCRETIONARY ACCESS CONTROL +OBJECT REUSE LABELS * LABEL INTEGRITY EXPORTATION OF LABELED INFORMATION LABELING HUMAN READABLE OUTPUT ++SUBJECT SENSITIVITY LABELS DEVICE LABELS IDENTIFICATION AND AUTHENTICATION AUDIT +SYSTEM ARCHITECTURE SYSTEM INTEGRITY TRUSTED FACILITY MANAGEMENT SECURITY TESTING CONFIGURATION MANAGEMENT SECURITY FEATURES USER'S GUIDE TRUSTED FACILITY MANUAL TEST DOCUMENTATION DESIGN DOCUMENTATION REQUIREMENTS SATISFACTION AFTER DIA COMMENTS CSEC CRITERIA AND SCI SYSTEM HIGH MODE CRITERIA CONTENTS BY LEVEL B2 B1 C3 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + Required by practice for new systems rather than policy documents. ++ Desirable on all systems at level C3 and above. NOTE: C3 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE. 31 Oct 1984 C2 C1 DIAM 50-4 REFERENCES CHAPTER 2, 2.f.(5). NOT REQUIRED REQUIREMENTS 8, 11 REQUIREMENT 11 REQUIREMENT 11 REQUIREMENT 11 (a),(b) NOT REQUIRED REQUIREMENT 8 (remote terminals) REQUIREMENTS 8, 10 REQUIREMENT 15 NOT REQUIRED CHAPTER 3 CHAPTER 3, 3.b.(4) CHAPTER 3, 3.b. CHAPTER 3, 3.b.(4).(d). CHAPTER 3, 3.a. CHAPTER 3, 3.b.(4).(a). CHAPTER 3, 3.b.(5)., ENCLOSURE 7 CHAPTER 3, 2. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 REQUIREMENTS COMPARISON BEFORE DIA COMMENTS CSEC CRITERIA AND SCI TMENTED MODE COMPARTMENTED MODE SECURITY POLICY REQUIREMENTS DISCRETIONARY ACCESS CONTROL OBJECT REUSE CRITERIA CONTENTS BY LEVEL LABELS LABEL INTEGRITY EXPORTATION OF LABELED INFORMATION LABELING HUMAN READABLE OUTPUT ++SUBJECT SENSITIVITY LABELS DEVICE LABELS MANDATORY ACCESS CONTROL IDENTIFICATION AND AUTHENTICATION AUDIT SYSTEM ARCHITECTURE SYSTEM INTEGRITY TRUSTED FACILITY MANAGEMENT SECURITY TESTING ++DESIGN SPECIFICATION AND VERIFICATION CONFIGURATION MANAGEMENT SECURITY FEATURES USER'S GUIDE TRUSTED FACILITY MANUAL TEST DOCUMENTATION DESIGN DOCUMENTATION * * _ * * _ * * * * * * * * * * * _ * * * * * * * * * * * * * * * * * * ++ Desirable on all systems at level C3 and above. C2 Cl DIAN 50-4 REFERENCES * * CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14 REQUIREMENT 13 REQUIREMENTS 8, 11 REQUIREMENT 11 REQUIREMENT 11 REQUIREMENT 11 (a),(b) NOT REQUIRED REQUIREMENT 8 (remote terminals) CHAPTER 2, 2.a. * * REQUIREMENTS 8, 10 * - REQUIREMENT 15 NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE. REQUIREMENTS 1, 2, 3 ,12 REQUIREMENTS 4, 5, 6, 9, CHAPTER 3 CHAPTER 3, 3.b.(4) CHAPTER 3, 3.b. CHAPTER 3, 3.a. CHAPTER 3, 3.b.(4).(d). * CHAPTER 3, 3.a. * CHAPTER 3, 3.b.(4).(a). * CHAPTER 3, 3.b.(5)., ENCLOSURE 7 * CHAPTER 3, 2. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 REQUIREMENTS COMPARISON AFTER DIA COMMENTS CSEC CRITERIA AND SCI COMPARTMENTED MODE 31 Oct 1984 CRITERIA CONTENTS BY LEVEL COMPARTMENTED MODE SECURITY POLICY REQUIREMENTS B3 B2 B1 C3 C2 C1 DIAM 50-4 REFERENCES DISCRETIONARY ACCESS CONTROL * * * * * * CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14 OBJECT REUSE * * * * * * REQUIREMENT 13 LABELS * * * * REQUIREMENTS 8, 11 LABEL INTEGRITY * * * REQUIREMENT 11 EXPORTATION OF LABELED INFORMATION * * * REQUIREMENT 11 LABELING HUMAN READABLE OUTPUT * * * REQUIREMENT 11 (a),(b) ++SUBJECT SENSITIVITY LABELS * NOT REQUIRED DEVICE LABELS * REQUIREMENT 8 (remote terminals) MANDATORY ACCESS CONTROL * CHAPTER 2, 2.a. IDENTIFICATION AND AUTHENTICATION * * * * REQUIREMENTS 8, 10 * * * - AUDIT SYSTEM ARCHITECTURE * * * * REQUIREMENT 15 REQUIREMENTS 1, 2, 3 ,12 SYSTEM INTEGRITY * * * * REQUIREMENTS 4, 5, 6, 9, CHAPTER 3 TRUSTED FACILITY MANAGEMENT * * CHAPTER 3, 3.b.(4) SECURITY TESTING * * CHAPTER 3, 3.b. ++DESIGN SPECIFICATION AND CHAPTER 3, 3.a. VERIFICATION CONFIGURATION MANAGEMENT CHAPTER 3, 3.b.(4).(d). SECURITY FEATURES USER'S GUIDE * * * * CHAPTER 3, 3.a. TRUSTED FACILITY MANUAL * * * * CHAPTER 3, 3.b.(4).(a). TEST DOCUMENTATION * * * * CHAPTER 3, 3.b.(5)., ENCLOSURE 7 DESIGN DOCUMENTATION * * * * CHAPTER 3, 2. ++ Desirable on all systems at level C3 and above. NOTE: 81 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 CSEC CRITERIA AND SCI SYSTEM HIGH MODE BEFORE DIA COMMENTS CSEC CRITERIA Al DISCRETIONARY ACCESS CONTROL OBJECT REUSE LABELS LABEL INTEGRITY EXPORTATION OF LABELED INFORMATION TO SINGLE LEVEL DEVICES TO MULTI-LEVEL DEVICES LABELING HUMAN READABLE OUTPUT SUBJECT SENSITIVITY LABELS DEVICE LABELS MANDATORY ACCESS CONTROL IDENTIFICATION AND AUTHENTICATION TRUSTED PATH AUDIT SYSTEM ARCHITECTURE SYSTEM INTEGRITY COVERT CHANNEL ANALYSIS TRUSTED FACILITY MANAGEMENT TRUSTED RECOVERY SECURITY TESTING DESIGN SPECIFICATION AND VERIFICATION CONFIGURATION MANAGEMENT TRUSTED DISTRIBUTION SECURITY FEATURES USER'S GUIDE TRUSTED FACILITY MANUAL TEST DOCUMENTATION DESIGN DOCUMENTATION NOTE: 82 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE. CRITERIA CONTENTS BY LEVEL B3 B2 B1 C2 C1 DIAM 50-4 REFERENCES * CHAPTER 2, 2.f.(5). REQUIREMENTS 8, 11 REQUIREMENT 11 REQUIREMENT 11 31 Oct 1984 REQUIREMENT 11 (a),(b) REQUIREMENT 8 (remote terminals) ENCLOSURE 8 * REQUIREMENTS 8, 10 REQUIREMENT 15 * * CHAPTER 3 CHAPTER 3, 3.b.(4) * CHAPTER 3, 3.b. CHAPTER 3, 3.b.(4).(d). * CHAPTER 3, 3.a. * CHAPTER 3, 3.b.(4).(a). * CHAPTER 3, 3.b.(5)., ENCLOSURE 7 * CHAPTER 3, 2. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 CSEC CRITERIA AND SCI SYSTEM HIGH MODE AFTER DIA COMMENTS CSEC CRITERIA Al DISCRETIONARY ACCESS CONTROL * OBJECT REUSE * LABELS * LABEL INTEGRITY * EXPORTATION OF LABELED INFORMATION TO SINGLE LEVEL DEVICES * TO MULTI-LEVEL DEVICES * LABELING HUMAN READABLE OUTPUT * SUBJECT SENSITIVITY LABELS * DEVICE LABELS * MANDATORY ACCESS CONTROL * IDENTIFICATION AND AUTHENTICATION TRUSTED PATH AUDIT SYSTEM ARCHITECTURE SYSTEM INTEGRITY COVERT CHANNEL ANALYSIS TRUSTED FACILITY MANAGEMENT TRUSTED RECOVERY SECURITY TESTING DESIGN SPECIFICATION AND VERIFICATION CONFIGURATION MANAGEMENT TRUSTED DISTRIBUTION SECURITY FEATURES USER'S GUIDE TRUSTED FACILITY MANUAL TEST DOCUMENTATION DESIGN DOCUMENTATION * * * * * * 31 Oct 1984 CRITERIA CONTENTS BY LEVEL 83 B2 B1 C3 C2 * * * * * * * * * * * * * * * * * * * * - * * * - * * * * * * - - * * * * * * * * * * * * * * * * * * * - - - * * * * * * * * * * * * * - - * * * * * * * * * * * * * * * * * * * * * * * * NOTE: C3 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR SYSTEM HIGH MODE. C1 DIAM 50-4 REFERENCES * CHAPTER 2, 2.f.(5). * REQUIREMENTS 8, 11 REQUIREMENT 11 REQUIREMENT 11 REQUIREMENT 11 (a),(b) REQUIREMENT 8 (remote terminals) ENCLOSURE 8 * REQUIREMENTS 8, 10 REQUIREMENT 15 * * CHAPTER 3 CHAPTER 3, 3.b.(4) * CHAPTER 3, 3.b. CHAPTER 3, 3.b.(4).(d). * CHAPTER 3, 3.a. * CHAPTER 3, 3.b.(4).(a). * CHAPTER 3, 3.b.(5)., ENCLOSURE 7 * CHAPTER 3, 2. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 CSEC CRITERIA AND SCI COMPARTMENTED MODE BEFORE DIA COMMENTS CRITERIA CONTENTS BY LEVEL 20 June 1984 CSEC CRITERIA Al 83 82 B1 C2 C1 DIAM 50-4 REFERENCES DISCRETIONARY ACCESS CONTROL * * * * * CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14 OBJECT REUSE * * * * - REQUIREMENT 13 LABELS * * * * REQUIREMENTS 8, 11 LABEL INTEGRITY * * * REQUIREMENT 11 EXPORTATION OF LABELED INFORMATION * * * REQUIREMENT 11 TO SINGLE LEVEL DEVICES * * * TO MULTI-LEVEL DEVICES * * * * LABELING HUMAN READABLE OUTPUT * * * * REQUIREMENT 11 (a),(b) SUBJECT SENSITIVITY LABELS * * * _ DEVICE LABELS * * * _ REQUIREMENT 8 (remote terminals) MANDATORY ACCESS CONTROL * * * * CHAPTER 2, 2.a. IDENTIFICATION AND AUTHENTICATION REQUIREMENTS 8, 10 * TRUSTED PATH * * _ - AUDIT * * * * * REQUIREMENT 15 SYSTEM ARCHITECTURE REQUIREMENTS 1, 2, 3 ,12 SYSTEM INTEGRITY * * * * REQUIREMENTS 4, 5, 6, 9, CHAPTER 3 COVERT CHANNEL ANALYSIS * * * REQUIREMENT 2, CHAPTER 3, 3.b.(5). TRUSTED FACILITY MANAGEMENT * * * CHAPTER 3, 3.b.(4) TRUSTED RECOVERY * * _ SECURITY TESTING * * * * CHAPTER 3, 3.b. DESIGN SPECIFICATION AND * VERIFICATION * * * CHAPTER 3, 3.a. CONFIGURATION MANAGEMENT * * * CHAPTER 3, 3.b.(4).(d). TRUSTED DISTRIBUTION * - - SECURITY FEATURES USER'S GUIDE * * * * * * CHAPTER 3, 3.a. TRUSTED FACILITY MANUAL * * * * * * CHAPTER 3, 3.b.(4).(a). TEST DOCUMENTATION * * * * * * CHAPTER 3, 3.b.(5)., ENCLOSURE 7 DESIGN DOCUMENTATION * * * * * * CHAPTER 3, 2. NOTE: B2 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7 CSEC CRITERIA AND SCI COMPARTMENTED MODE AFTER DIA COMMENTS DISCRETIONARY ACCESS CONTROL OBJECT REUSE LABELS LABEL INTEGRITY EXPORTATION OF LABELED INFORMATION TO SINGLE LEVEL DEVICES TO MULTI-LEVEL DEVICES LABELING HUMAN READABLE OUTPUT SUBJECT SENSITIVITY LABELS DEVICE LABELS MANDATORY ACCESS CONTROL IDENTIFICATION AND AUTHENTICATION TRUSTED PATH AUDIT SYSTEM ARCHITECTURE SYSTEM INTEGRITY COVERT CHANNEL ANALYSIS TRUSTED FACILITY MANAGEMENT TRUSTED RECOVERY SECURITY TESTING DESIGN SPECIFICATION AND VERIFICATION CONFIGURATION MANAGEMENT TRUSTED DISTRIBUTION SECURITY FEATURES USER'S GUIDE TRUSTED FACILITY MANUAL TEST DOCUMENTATION DESIGN DOCUMENTATION * * * * * CRITERIA CONTENTS BY LEVEL B3 B2 1131 C3 C2 C1 DIAM 50-4 REFERENCES * CHAPTER 2, 2.f.(5)., REQUIREMENTS 7, 14 * REQUIREMENT 13 REQUIREMENTS 8, 11 REQUIREMENT 11 REQUIREMENT 11 REQUIREMENT 11 (a),(b) REQUIREMENT 8 (remote terminals) CHAPTER 2, 2.a. * REQUIREMENTS 8, 10 REQUIREMENT 15 * REQUIREMENTS 1, 2, 3 ,12 * REQUIREMENTS 4, 5, 6, 9, CHAPTER 3 NOTE: B1 LEVEL MEETS MINIMUM SCI REQUIREMENTS FOR COMPARTMENTED MODE. REQUIREMENT 2, CHAPTER 3, 3.b.(5). CHAPTER 3, 3.b.(4) * CHAPTER 3, 3.b. CHAPTER 3, 3.a. CHAPTER 3, 3.b.(4).(d). * CHAPTER 3, 3.a. * CHAPTER 3, 3.b.(4).(a). * CHAPTER 3, 3.b.(5)., ENCLOSURE 7 * CHAPTER 3, 2. Approved For Release 2008/05/13: CIA-RDP89B01354R000100150026-7