Final Evaluation Report of Top Secret Version 3.0,

Abstract

The Department of Defense Computer Security Center (DoDCSC) was established in January 1981 to encourage the widespread availability of trusted computer systems for use by facilities processing classified or other sensitive data. In the second quarter of FY 83. CGA Software Products Group, Inc. requested that the DoDCSC evaluate Version 3.0 of their commercially available TOP SECRET security package for the OS/VS2 MVS operating system. MVS is an IBM operating system for its 303X, 308X, 4341, 370/158 and 370/168 processors. The security features provided by Version 3.0 of TOP SECRET were evaluated against the requirements specified by the Department of Defense Trusted Computer System Evaluation Criteria dated 15 August 1983. The DoDCSC evaluation team determined that the highest class at which TOP SECRET running with the MVS system satisfies all the requirements of the Criteria is class C2. Therefore, the DoDCSC has assigned TOP SECRET/MVS a C2 rating. This rating, however, is contingent upon the system being configured as detailed in this report (e.g., the PASSWORD (NOPW) attribute, which allows users to submit batch jobs without a password on a job card, is not allowed, etc.). A class C2 system enforces discretionary access control by making users individually accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation.

Document Details

Document Type

Technical Report

Publication Date

Apr 02, 1985

Accession Number

ADA157600

Entities

Tags