Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

We must evaluate security systems and components in order to attaina level of as

ID: 3612549 • Letter: W

Question

We must evaluate security systems and components in order to attaina level of assurance. In the past, the military would rely on theOrange Book which was highly influenced by the BLP model. However,the Orange Book is dead, dead, dead, … Why does Gollmannspend most of a chapter describing the Orange Book criteria? Why did the military move to the Common Criteria? Who has ownershipof the Common Criteria? The Orange Book and Common Criteria dealwith evaluation. How is evaluation different from accreditation?Give two references.

Explanation / Answer

The Orange Book criteria were originally published by the U.S.Department of Defense in December, 1985. Their use has been mostlysuperceded by the Common Criteria, which became an ISO standard(#15408) in June, 1999. The primary reason is that the Orange Bookcriteria do not apply well in distributed processing environments.However, the Orange Book criteria are still referenced in somemilitary circles and may still be applicable in some centralizedcomputer processing environments.

DoD is pushing very rapidly to get the latest major militaryprograms to move to embedded operating systems that meet certainlevels of security as defined by the Common Criteria. CommonCriteria defines seven different security levels called EvaluatedAssurance Levels (EAL), ranging from one to seven, with one beingthe lowest level and seven being the highest level. While CommonCriteria does not require the use of EALs, it is generally acceptedas the best means for defining the security level of OSs. EAL-7 isequivalent to security Level A in the DoD Orange Book, the highestlevel of security for government systems.

The Common Criteria represents the outcome of a series ofefforts to develop criteria for evaluation of IT security that arebroadly useful within the international community.

Related Questions

We learned about the concept of enumerations of functions. In practice, they cor
Question #647994
We learned from lecture slides how to read a UML (Unified Modeling Language) dia
Question #3845706
We learned in chapter 2 of the text book that any good security professional mus
Question #3538168
We learned that Apache is the most commonly used web server on the Internet. In
Question #3910802
We learned that E. coli terminates transcription using either the -dependent or
Question #208385
We learned that a large portion of your microbial flora on your skin are the gra
Question #238206
We learned that four new molecular orbitals are created from the p orbitals for
Question #797545
We learned that one of the key variables in determining the value of any cash fl
Question #2708933
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
We must develop programs and projects from evidence. Healthcare is an ever-chang
Next
We must show our work process 3. Twenty percent of the population in a Southwest

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.