Metric Methodology for the Creation of Environments and Processes to Certify a Component: The NRL Pump
Abstract
Information superiority has many components. Of critical importance is information security. Over forty years ago, when information security for computer based systems started being discussed, the military leadership looked for general-purpose, high-assurance, multi-level secure (MLS) computers and software. Information is compiled at various data sensitivity levels, but it also incorporates low-level data with high-level data to provide the necessary information at the system high-level being evaluated. What is the best way to get the low-level data to the high-level system/user without compromising the high-level system? One proposed solution is the Naval Research Laboratory's (NRL) Network Pump (NP) to prevent unauthorized information flow between competitors of different security levels. To incorporate the NP into the DoD infrastructure it is necessary to get the NP through the hurdle of Certification and Accreditation. The NRL has produced and provided many useful documents for the C&A of the NP, but the key requirement for Certification and Accreditation is the creation of a Protection Profile and an understanding of the DITSCAP requirements and process. This thesis creates a Protection Profile for the NP along with a draft Type SSAA for Certification and Accreditation of the NP.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2003
- Accession Number
- ADA415064
Entities
People
- Jonathan S. Holmgren Sr
Organizations
- Naval Postgraduate School