![]() ![]() ![]() Of these two essential components of objective robustness benchmarks, only EAL levels were faithfully preserved. The Common Criteria is based on this science and it intended to preserve the Assurance Level as EAL levels and the functionality specifications as Protection Profiles. Both were specified with a degree of precision that warranted significant confidence in certifications based on these criteria. ![]() Two relatively independent components of robustness were defined: Assurance Level and Functionality. The result was documented in CSC-STD-004-85. To promote consistency and eliminate subjectivity in degrees of robustness, an extensive scientific analysis and risk assessment of the topic produced a landmark benchmark standardization quantifying security robustness capabilities of systems and mapping them to the degrees of trust warranted for various security environments. For example, more robustness is indicated for system environments containing classified Top Secret information and uncleared users than for one with Secret information and users cleared to at least Confidential. Since there can be various levels of data classification and user clearances, this implies a quantified scale for robustness. If individuals or processes exist that may be denied access to any of the data in the system environment, then the system must be trusted to enforce MAC. This is not necessarily true of a MLS system. To allow that, all users have clearances for all data. ![]() In some systems, users have the authority to decide whether to grant access to any other user. ![]()
0 Comments
Leave a Reply. |