The @WholeChainCom™ Blog

Discussing whole chain communications between enterprises and consumers.

Beyond the Front Page

IP Resources

Category Archives

About this Blog

As enterprise supply chains and consumer demand chains have beome globalized, they continue to inefficiently share information “one-up/one-down”. Profound "bullwhip effects" in the chains cause managers to scramble with inventory shortages and consumers attempting to understand product recalls, especially food safety recalls. Add to this the increasing usage of personal mobile devices by managers and consumers seeking real-time information about products, materials and ingredient sources. The popularity of mobile devices with consumers is inexorably tugging at enterprise IT departments to shifting to apps and services. But both consumer and enterprise data is a proprietary asset that must be selectively shared to be efficiently shared.

About Steve Holcombe

Monday

Aug102009

DOD Orange Book

Monday, August 10, 2009 at 10:15AM

Preface

The trusted computer system evaluation criteria defined in this document classify systems into four broad hierarchical divisions of enhanced security protection. They provide a basis for the evaluation of effectiveness of security controls built into automatic data processing system products. The criteria were developed with three objectives in mind: (a) to provide users with a yardstick with which to assess the degree of trust that can be placed in computer systems for the secure processing of classified or other sensitive information; (b) to provide guidance to manufacturers as to what to build into their new, widely-available trusted commercial products in order to satisfy trust requirements for sensitive applications; and (c) to provide a basis for specifying security requirements in acquisition specifications. Two types of requirements are delineated for secure processing: (a) specific security feature requirements and (b) assurance requirements. Some of the latter requirements enable evaluation personnel to determine if the required features are present and functioning as intended. The scope of these criteria is to be applied to the set of components comprising a trusted system, and is not necessarily to be applied to each system component individually. Hence, some components of a system may be completely untrusted, while others may be individually evaluated to a lower or higher evaluation class than the trusted product considered as a whole system. In trusted products at the high end of the range, the strength of the reference monitor is such that most of the components can be completely untrusted. Though the criteria are intended to be application-independent, the specific security feature requirements may have to be interpreted when applying the criteria to specific systems with their own functional requirements, applications or special environments (e.g., communications processors, process control computers, and embedded systems in general). The underlying assurance requirements can be applied across the entire spectrum of ADP system or application processing environments without special interpretation.

I'm filing the DEPARTMENT OF DEFENSE STANDARD: DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (DECEMBER l985) as a library reference to this blog site.

Update on Tuesday, August 11, 2009 at 8:46AM by

Steve Holcombe

See also the NSA Rainbow Series at http://www.fas.org/irp/nsa/rainbow.htm.

Steve Holcombe |

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Source: Public Domain Image (2006)

by Luis F. Gonzalez

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Copyright © 1994-2024, Pardalis Inc. All rights reserved. This is the company blog of Pardalis, Inc. All publicly available, unrestricted information found within The @WholeChainCom™ Blog may be liberally quoted with attribution. Φ Pardalis®, @WholeChainCom™, @WholeChainWeb™, Whole Chain Communications™, Whole Chain Traceability Consortium™, @WholeChainTrace™ and Common Point Authoring™ are trademarks of Pardalis, Inc. The @WholeChainCom™ Blog was formerly known as the Pardalis Data Ownership Blog.