Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
d. DoD Directive 3020.26, "Continuity <strong>of</strong> Operations Policies and Planning."<br />
2.6.6 DOCUMENTS FOR BOTH PROGRAM MANAGEMENT AND MISSION USER<br />
a. DoD 5200.28-STD, "DoD <strong>Trusted</strong> Computer System Evaluation Criteria."<br />
b. DoD Directive 7920.1, "Life-Cycle Management <strong>of</strong> Au<strong>to</strong>mated Information<br />
<strong>Systems</strong>" - This directive specifies <strong>the</strong> six life-cycle management phases and<br />
<strong>the</strong> applicable policies.<br />
c. DoD Instruction 7920.2, "Au<strong>to</strong>mated Information <strong>Systems</strong> (AIS) Life-Cycle<br />
Management Review and Miles<strong>to</strong>ne Approval Procedure" - This instruction defines<br />
specific tasks <strong>to</strong> be completed for each life-cycle management phase.<br />
d. Military Standard (MIL-STD)-483A, "Configuration Management Practices for<br />
<strong>Systems</strong>, Equipment, Munitions, and Computer S<strong>of</strong>tware" - This military standard<br />
identifies <strong>the</strong> requirement for configuration identification, a configuration<br />
management plan, specification allocation and audits. The document addresses<br />
<strong>the</strong> relationship with o<strong>the</strong>r documents, reporting, configuration control, and<br />
specification maintenance.<br />
e. MIL-STD-490A, "Specification Practices" - This standard usually applies<br />
when major systems are being acquired. This is a source <strong>of</strong> specific guidance<br />
on format and content <strong>of</strong> <strong>the</strong> specifications. Most contrac<strong>to</strong>r-developed<br />
documentation will follow this guideline.<br />
f. MIL-STD-499, "Engineering Management."<br />
g. MlL-STD-499B (Draft), "<strong>Systems</strong> Engineering."<br />
h. MlL-H-46855, "Human Engineering Requirements for Military <strong>Systems</strong>,<br />
Equipment, and Facilities."<br />
i. MIL-STD-1521A, "Technical Reviews and Audits for <strong>Systems</strong>, Equipments and<br />
Computer Programs. "<br />
j. MlL-STD-1785, "System Security Engineering Program Management<br />
Requirements."<br />
k. DoD-STD-21 67A, "Defense System S<strong>of</strong>tware Development."<br />
3 COMPUTER SECURITY<br />
3.1 INTRODUCTION<br />
Because <strong>of</strong> its general application and <strong>the</strong> use <strong>of</strong> formal methodologies,<br />
COMPUSEC has become <strong>the</strong> most rigorous and complex <strong>of</strong> all <strong>the</strong> security<br />
disciplines. Never<strong>the</strong>less, a systems programming expertise is not required<br />
<strong>to</strong> understand <strong>the</strong> basic concepts. This chapter provides most <strong>of</strong> <strong>the</strong><br />
information needed <strong>to</strong> ensure that AlS acquisitions satisfy COMPUSEC concerns.<br />
3.2 COMPUTER SECURITY REQUIREMENTS<br />
This section interprets requirements provided by DoD Directive 5200.28 and DoD<br />
<strong>Page</strong> 34