Re: DOD 5200.28-STD capable OS?
From: Mike (michael.owen@hushmail.com)
Date: 03/14/03
- Previous message: Alun Jones: "Re: DOD 5200.28-STD capable OS?"
- In reply to: Alun Jones: "Re: DOD 5200.28-STD capable OS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: michael.owen@hushmail.com (Mike) Date: 14 Mar 2003 09:34:12 -0800
alun@texis.com (Alun Jones) wrote in message news:<6k2ca.610$iY2.470730965@newssvr11.news.prodigy.com>...
> Do you have cites to back up that claim?
Yup - the quote is "underlying network protocols and architecture are
excluded for source code level logical analysis but they are included
in the evaluated configuration and penetration testing."
>From http://www.cesg.gov.uk/assurance/iacs/itsec/cpl/media/certreps/crp121.pdf
The report goes through all the usual crud about domains, etc.
Networking is definitely part of the evaluated product.
>My own recollection is that even
> Microsoft were clear in not claiming any kind of network connectivity with
> their "C2 Security" rating. Remember that Microsoft didn't just give itself a
> C2 rating for NT4, they received it from an independent entity, and they had
> to make several changes to the basic installation before they passed.
Indeed they did - just as most do - I've worked on certification
projects, and bear the mental scars to prove it. ;)
Windows NT3.51 was evaluated with no network functionality and no
floppy - that might be what you're thinking of.
-- Mike
- Previous message: Alun Jones: "Re: DOD 5200.28-STD capable OS?"
- In reply to: Alun Jones: "Re: DOD 5200.28-STD capable OS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
