Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.2.5 ACQUISITION SYSTEM PROTECTION PROGRAM (ASPP)<br />
4.3 RISK ASSESSMENT<br />
4.3.1 RISK INDEX<br />
4.3.1.1 DATA SENSITIVITY<br />
4.3.1.2 USER CLEARANCE<br />
4.3.1.3 REQUIRED TRUSTED COMPUTING BASE<br />
4.3.2 SECURITY MODE OF OPERATION<br />
4.3.2.1 DEDICATED SECURITY MODE<br />
4.3.2.2 SYSTEM HIGH SECURITY MODE<br />
4.3.2.3 PARTITIONED SECURITY MODE<br />
4.3.2.4 MULTILEVEL SECURITY MODE<br />
4.4 COST/BENEFIT ANALYSIS<br />
4.4.1 PERFORMING THE ANALYSIS<br />
4.4.2 SATISFYiNG SECURITY REQUIREMENTS<br />
4.4.3 RELATION TO SYSTEM LEVEL ANALYSES<br />
4.4.4 EXAMPLES OF TRADEOFFS<br />
4.5 THREAT ASSESSMENT<br />
4.5.1 THE SYSTEM THREAT ASSESSMENT REPORT (STAR)<br />
4.5.2 FORWARDING THE INFORMATION<br />
4.5.3 VALIDATION BY THE DIA<br />
4.5.4 CLANDESTINE VULNERABILITY ANALYSIS<br />
4.6 RISK ANALYSIS<br />
4.6.1 DIFFICULTIES<br />
4.6.2 PERFORMING A SUBJECTIVE ANALYSIS<br />
4.6.3 FACTORS IN A RISK ANALYSIS METHODOLOGY<br />
4.7 SAFEGUARD SELECTION AND IMPLEMENTATION<br />
4.7.1 DEVELOPER RESPONSIBILITIES<br />
4.7.2 THE DEVELOPMENT ENVIRONMENT<br />
4.7.3 REGULATIONS THAT APPLY TO DEVELOPMENT<br />
4.8 REFERENCES<br />
5 SECURITY TEST AND EVALUATION<br />
5.1 INTRODUCTION<br />
5.2 SECURITY TEST AND EVALUATION<br />
5.2.1 TERMS<br />
5.2.1.1 EVALUATION<br />
5.2.1.2 SECURITY TEST AND EVALUATION<br />
5.2.1.3 ENDORSE<br />
5.2.2 ST&E AND THE ACQUISITION PROCESS<br />
5.2.3 USE OF EVALUATED PRODUCTS<br />
5.2.4 THE EVALUATION PROCESS<br />
5.2.4.1 THE EVALUATED PRODUCTS LIST<br />
5.2.4.2 PRODUCT TYPES<br />
5.2.5 TEST AND EVALUATION (T&E) AND THE LIFE-CYCLE PROCESS<br />
5.2.5.1 DETERMINATION OF MISSION NEED<br />
5.2.5.2 CONCEPT EXPLORATION AND DEFINITION<br />
5.2.5.3 DEMONSTRATION AND VALIDATION<br />
5.2.5.4 ENGINEERING AND MANUFACTURING DEVELOPMENT<br />
5.2.5.5 PRODUCTION AND DEPLOYMENT<br />
5.3 THE TESTING PROCESS<br />
5.3.1 DEVELOPMENTAL TEST AND EVALUATION<br />
5.3.1.1 QUALIFICATION TEST AND EVALUATION (QT&E)<br />
5.3.1.2 PREPRODUCTION QUALIFICATION TEST (PPQT)<br />
5.3.1.3 PRODUCTION QUALIFICATION TEST (PQT)<br />
<strong>Page</strong> 6