A Class C2 Security Evaluation Procedure for Local Area Networks
Abstract
The National Computer Security Center's (NCSC) 'Computer Security Requirements,' CSC-STD-003-85 (Yellow Book) specifies 'Class C2' as the required protection level for computer systems running at a 'system high' level of Top Secret. Methodology exists to determine if a computer system provides class C2 protection, however, there are no general procedures available to determine if a Local Area Network (LAN) provides class C2 protection. This thesis effort reviewed the criteria necessary for a C2 rating and developed a checklist based on the three types of security features required (discretionary access control, identification/authentication and audit capabilities) in a C2 system. HQ USAF/ SCTT and the Air Force Cryptologic Support Center (AFCSC) reviewed the proposed checklist to identify deficiencies and inconsistencies. Their comments were addressed and the checklist modified as required. The checklist was then applied to a LAN used in the US Air Force to verify the capabilities of the checklist and determine if the LAN provided class C2 protection. Problems in applying the checklist were identified and changes were incorporated into the checklist. The checklist can now be used to determine if a LAN provides class C2 security.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 1988
- Accession Number
- ADA202536
Entities
People
- Rick E. Whitson
Organizations
- Air Force Institute of Technology