Category Index: /pub/doc/standards

No Pointing!

Canadian Systems Security Centre, The Canadian Trusted Computer Product Evaluation Criteria
Abstract: This criteria have been developed to provide the Government of Canada with metric wth which to evaluate the degree of assurance that can be placed in computer products used for the processing of sensitive information. It is a guide to manufacturers as to what security services to build into their commercial products in order to produce widely available products that satisfy requirements for sensitive applications; and a guide which may be used in procurements of trusted products.

Department of Defense, Department Of Defense Trusted Compvtel System Evaluation Criteria
Abstract: This publication, DoD 5200.28-STD, "Department of Defense Trusted Computer System Evaluation Criteria," is issued under the authority of an in accordance with DoD Directive 5200.28, "Security Requirements for Automatic Data Processing (ADP) Systems," and in furtherance of responsibilities assigned by DoD Directive 52l5.l, "Computer Security Evaluation Center." Its purpose is to provide technical hardware/firmware/software security criteria and associated technical evaluation methodologies in support of the overall ADP system security policy, evaluation and approval/accreditation responsibilities promulgated by DoD Directive 5200.28.

Department of Defense, Department Of Defense Password Management Guideline
Abstract: This publication, "Department of Defense Password management Guideline," is being issued by the DoD Computer Security Center (DoDCSC) under the authority of and in accordance with DoD Directive 5215.1, "Computer Security Evaluation Center." The guidelines described in this document provide a set of good practices elated to the use of password-based user authentication mechanisms in automatic data processing systems employed for processing classified and other sensitive information. Point of contact concerning this publication is the Office of Standards and Products, Attention: Chief, Computer Security Standards.

Department of Trade and Industry, Information Technology Security Evaluation Criteria ( ITSEC )
Abstract: Following extensive international review version 1.2 of the ITSEC is issued, with the approval of the (informal) EC advisory group, SOG-IS (Senior Officials Group - Information Systems Security), for operational use within evaluation and certification schemes, for a provisional period of two years from the date of issue. The practical experience acquired will be used to review and further develop the ITSEC at the end of this period. In addition, considerations arising from further international harmonization will also be taken into account.

National Computer Security Center, A Guide to Understanding Audit in Trusted Systems
Abstract: This publication, is being issued by the National Computer Security Center (NCSC) under the authority of and in accordance with Department of Defense (DoD) Directive 5215.1. The guidelines described in this document provide a set of good practices related to the use of auditing in automatic data processing systems employed for processing classified and other sensitive information.

National Computer Security Center, A Guide To Understanding Discretionary Access Control In Trusted Systems
Abstract: The guidelines defined in this document are intended to be used by computer hardware and software designers who are building systems with the intent of meeting the requirements of the Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD.

European Commission, Green book on the Security of Information Systems v3.6
Abstract: European Strategic policy on Security for Information Systems. The "Green Book" represents an intermediate step towards the formulation of the Action Plan foreseen in the Council Decision. It is to state the main issues related to the security of information systems in its context. A deliberate effort has been made to present the subject matter in as objective a fashion as possible. By progressively widening the consultation in the preparation of the document the wish is, to obtain a representative and balanced view of the issues and the nature and implications of the options for action one may wish to consider.

Unknown, Foundations For The Harmonization of Information Technology Security Standards
Abstract: This paper is the first work product of Joint Task 1 (JT01) defined in the Joint Workplan for cooperation on Security of Information System [1]. This paper also provides a base for common understanding of critical terms and concepts. In addition, this paper looks at the terms and concepts used in the development of International Standards Organization(ISO) standards for Open System Interconnection(OSI)

European Commission, The Information Technology Security Evaluation Criteria (A related WWW homepage exists for this item)
Keywords: recommendations, european, criteria, evaluation
Abstract: The Information Technology Security Evaluation Criteria, more commonly known as the ITSEC, were formally endorsed by the European Council on 28 March 1995 in the form of a Recommendation. Originally published by the European Commission in June 1991, and subsequently used throughout Europe and elsewhere, these European Criteria provide a different approach to that of the US Orange Book whilst still retaining the essential requirement for an appropriate level of confidence to be achieved in the security features of the product or system under evaluation. The Recommendation also addresses the need for broader international harmonization of Criteria as well as the need for mutual recognition of the associated evaluation certificates.

Object Management Group, OMG Object Services RFP3
Abstract: The Object Management Group's central mission is to establish an architecture and set of specifications, based on commercially available object technology, to enable distributed integrated applications . Primary goals are the reusability , portability and interoperability of object-based software components in distributed heterogeneous environments.To this end, the OMG adopts interface and protocol specifications that define an Object Manage ment Architecture (OMA) that supports applications based on distributed interoperating objects.

OMG Security Working Group, OMG White Paper on Security
Abstract: This White Paper describes the requirements for security in Object Systems conforming to the Object Management Architecture. It will be an appendix to Request for Product 3.

Department of Defense, Department of Defense Trusted Computer System Evaluation Criteria
Abstract: This publication, "Department of Defense Trusted Computer System Evaluation Criteria," is being issued by the DoD Computer Security Center under the authority of and in accordance with DoD Directive 5215.1, "Computer Security Evaluation Center." The criteria defined in this document constitute a uniform set of basic requirements and evaluation classes for assessing the effectiveness of security controls built into Automatic Data Processing (ADP) systems. These criteria are intended for use in the evaluation and selection of ADP systems being considered for the processing and/or storage and retrieval of sensitive or classified information by the Department of Defense. Point of contact concerning this publication is the Office of Standards and Products, Attention: Chief, Computer Security Standards.

Department of Defense, Department of Defense Trusted Computer System Evaluation Criteria
Abstract: This publication, DoD 5200.28-STD, "Department of Defense Trusted Computer System Evaluation Criteria," is issued under the authority of an in accordance with DoD Directive 5200.28, "Security Requirements for Automatic Data Processing (ADP) Systems," and in furtherance of responsibilities assigned by DoD Directive 52l5.l, "Computer Security Evaluation Center." Its purpose is to provide technical hardware/firmware/software security criteria and associated technical evaluation methodologies in support of the overall ADP system security policy, evaluation and approval/accreditation responsibilities promulgated by DoD Directive 5200.28.

D Ferbrache, Posix Framework
Abstract: This directory contains working documents and minutes of the IEEE Portable application standards committee (PASC) security framework working group (POSIX 1003.22).

D Ferbrache, Posix Security
Abstract: This directory contains documents and minutes of the IEEE Portable application standards committee (PASC) security working group (POSIX 1003.6).

Deptartment of Defense, Department Of Defense Password Management Guideline
Abstract: This publication, "Department of Defense Password management Guideline," is being issued by the DoD Computer Security Center (DoDCSC) under the authority of and in accordance with DoD Directive 5215.1, "Computer Security Evaluation Center." The guidelines described in this document provide a set of good practices elated to the use of password-based user authentication mechanisms in automatic data processing systems employed for processing classified and other sensitive information. Point of contact concerning this publication is the Office of Standards and Products, Attention: Chief, Computer Security Standards.

Unknown, Relating Functionality Class And Security Sub-Profile Specifications
Abstract: This Document describes methods for relating security functionality classes being proposed by various security evaluation criteria standardization efforts and security sub-profile specifications stemming from profiling of Open System standards.

National Computer Security Center, Trusted Distribution
Abstract: This publication is issued by the National Computer Security Center(NCSC) as part of its program to promulgate technical computer security guidelines. The interpretations extend the evaluation classes of the Trusted Systems Evaluation Criteria (DOD 5200.28-STD) to trusted network systems and components.

National Computer Security Center, A Guide to Understanding Trusted Distribution in Trusted Systems
Abstract: This document is the latest in the series of technical guidelines that are being published by the National Computer Security Center. These publications are designed to provide insight to the Trusted Computer Systems Evaluation Criteria requirements and guidance for meeting each requirement.

Built by Mark Crosbie and Ivan Krsul.

Security Archive Homepage.

COAST Project (CERIAS)Page.

Purdue CS Dept page.