Integrity-Oriented Control Objectives: Proposed Revisions to the Trusted Computer System Evaluation Criteria (TCSEC), DOD 5200.28-STD
Abstract
Control objectives, as they apply to automated information systems, express fundamental computer security requirements and serve as guidance to the development of more specific systems evaluation criteria. Within the DoD, the control objectives contained in the Trusted Computer System Evaluation Criteria (TCSEC), DoD 5200.28-STD, are of primary concern to the development of product evaluation criteria. The TCSEC's scope is currently confined to address only confidentiality protection of information. This document is intended to extend the scope of the TCSEC so that the control objectives, contained therin, will also address the protection of information and computing resource integrity. The document provides new and modified statements of control objectives along with discussion and rationale for their inclusion or revision. The revisions were initially determined as a result of an examination of various mechanisms and policy abstractions that seemed focused on integrity. The revisions were further reinforced by an examination of Federal law and policy. The basis in Federal law and policy for the revised control objectives is discussed. A summary, key text, cross-references, and commentary notes of each law and policy used in the derivation of the revisions are provided. The document is intended to be used as a strawman to foster further debate and research leading to a new standard for evaluation criteria that encompasses both integrity and confidentiality.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 01, 1991
- Accession Number
- ADA253989
Entities
People
- John M. Boone
- Stephen R. Welke
- Terry Mayfield
Organizations
- Institute for Defense Analyses