Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
(Class 01 and above):<br />
3.2.2.2.1.6 Labeling Human-Readable Output<br />
(Class B1 and above):<br />
3.2.2.2.1.7 Manda<strong>to</strong>ry Access Control (Class B1<br />
and above):<br />
3.2.2.2.1.8 Subject Sensitivity Labels (Class<br />
B2 and above):<br />
3.2.2.2.1.9 Device Labels (Class B2 and<br />
above):<br />
3.2.2.2.2 ACCOUNTABILITY<br />
3.2.2.2.2.1 Identification and Au<strong>the</strong>ntication<br />
(all classes):<br />
3.2.2.2.2.2 Audit (Class C2 and above):<br />
3.2.2.2.2.3 <strong>Trusted</strong> Path (Class B2 and above):<br />
3.2.2.2.3 ASSURANCE<br />
3.2.2.2.3.1 System Architecture (all classes):<br />
3.2.2.2.3.2 System Integrity (all classes):<br />
3.2.2.2.3.3 Covert Channel <strong>An</strong>alysis (Class B2<br />
and above):<br />
3.2.2.2.3.4 <strong>Trusted</strong> Facility Management (Class<br />
B2 and above):<br />
3.2.2.2.3.5 Security Testing (all classes):<br />
3.2.2.2.3.6 Design Specification and<br />
Verification (Class B1 and above):<br />
3.2.2.2.3.7 Configuration Management (Class B2<br />
and above):<br />
3.2.2.2.3.8 <strong>Trusted</strong> Recovery (Class B3 and<br />
above):<br />
3.2.2.2.3.9 <strong>Trusted</strong> Distribution (Class A1):<br />
3.2.2.2.4 DOCUMENTATION<br />
3.2.2.2.4.1 3.2.2.2.4.1 Security Features<br />
User's <strong>Guide</strong> (all classes):<br />
3.2.2.2.4.2 <strong>Trusted</strong> Facility Manual (all<br />
classes):<br />
3.2.2.2.4.3 Test Documentation (all classes):<br />
3.2.2.2.4.4 Design Documentation (all<br />
classes):<br />
3.3 SOFTWARE<br />
3.3.1 PRINCIPAL SOFTWARE FACTORS<br />
3.3.1.1 STRUCTURE AND DISCIPLINE<br />
3.3.1.2 COST ESTIMATING<br />
3.3.1.3 PROGRAMMING LANGUAGE<br />
3.3.1.4 DATABASE MANAGEMENT SYSTEMS (DBMSs)<br />
3.3.1.5 UTILITIES<br />
3.3.2 THE PROCESS<br />
3.3.3 MANAGING SOFTWARE DEVELOPMENT<br />
3.3.3.1 DESIGN DOCUMENTATION<br />
3.3.3.1.1 SECURITY POLICY<br />
3.3.3.1.2 MODEL<br />
3.3.3.1.3 DESCRIPTIVE TOP-LEVEL SPECIFICATION<br />
3.3.3.1.4 FORMAL TOP-LEVEL SPECIFICATION<br />
3.3.3.1.5 SYSTEM/SUBSYSTEM SPECIFICATION ("B"<br />
SPECIFICATION) AND UNIT SPECIFICATION ("C"<br />
<strong>Page</strong> 4