Title :
Successful acquisition of certifiable application systems (or: How not to shake hands with the tar baby)
Author :
Froscher, J.N. ; McDermott, J.P. ; Payne, C.N. ; Lubbes, H.O.
Author_Institution :
Center for Secure Inf. Technol., Naval Res. Lab., Washington, DC, USA
Abstract :
The authors have investigated how to certify the trustworthiness of application systems built to satisfy stringent security requirements and have undertaken the certification analysis of two command and control systems targeted at the B3 class of the DoD Trusted Computer System Evaluation Criteria (TCSEC). Based on these experiences, the authors have gained many insights into the certification and procurement of trusted application systems. Certifying a trusted application system in a contractual environment presents both technical and programmatic challenges. The procurement policy must to some extent take into account the certification approach. This paper documents some of the lessons learned during the authors´ investigations
Keywords :
command and control systems; fault tolerant computing; security of data; B3 class; DoD Trusted Computer System Evaluation Criteria; certifiable application systems; certification analysis; command and control systems; contractual environment; procurement policy; security requirements; systems acquisition; trustworthiness; Application software; Certification; Command and control systems; Computer security; Information security; Information technology; Military computing; National security; Pediatrics; Procurement;
Conference_Titel :
Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-8186-2105-2
DOI :
10.1109/CSAC.1990.143817
