A Guide to Understanding Configuration Management in Trusted Systems
Abstract
The Trusted Computer System Evaluation Criteria (TCSEC) is the standard used for evaluating the effectiveness of security controls built into ADP systems. The TCSEC is divided into four divisions: D, C, B, and A, ordered in a hierarchical manner with the highest division, A, being reserved for systems providing the best available level of assurance. Within divisions C through A are a number of subdivisions known as classes, which are also ordered in a hierarchical manner to represent different levels of security in these classes. For TCSEC classes B2 through Al, the TCSEC requires that all changes to the Trusted Computing Base (TCB) be controlled by configuration management. Configuration management of a trusted system consists of identifying, controlling, accounting for, and auditing all changes made to the TCB during its development, maintenance, and design. The primary purpose of this guideline is to provide guidance to developers of trusted systems on what configuration management is and how it may be implemented in the development and life-cycle of a trusted system. This guideline has also been designed to provide guidance to developers of all systems on the importance of configuration management and how it may be implemented.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 28, 1988
- Accession Number
- ADA392775