Trusted Computer Systems Evaluation Criteria (TCSEC) - used to evaluate products, apps, and operating systems. Developed by the US Department of Defense.
These criteria are published in what is known as the "Orange Book". Used for customers to compare different products, as well as for manufacturers so that they have direct access to specs used to build. It os broken down into seven different categories:
-Security Policy
-Identification
-Labels
-Documentation
-Accountability
-Life-cycle Assurance
-Continuous protection
*Moving to Common Criteria instead of the Orange Book, but Orange Book is still important
Trusted Network Interpretation (TNI) - a.k.a. the "Red Book". Discusses the eval. of security of networks and what makes up the network. Compares how things really work compared to how they should theoretically. Includes:
-Communication integrity
-Denial of service prevention
-Compromise protection
No comments:
Post a Comment