An approach for evaluating the security of an Air Force type network

An approach for assessing the security of an Air-Force-type network environment at the AFR 205-16 sensitive/unclassified Trusted Network Interpretation C2 levels is discussed. The first step in this approach was to assess the security for each stand-alone system. For the target network this was done using two separate assessment processes. The first was to assess the security profiles of functional area subsystems. Its main objective was to determine the necessary enhancements (in terms of internal hardware and software controls, physical, procedural, administrative, and Communications Security (COMSEC) controls) to bring these individual subsystems to the C2 level (as defined in DOD 5200.28-STD) and to provide protection for sensitive/unclassified systems as defined in AFR 205-16. The second process was to perform a similar security assessment of the ISDN (integrated services digital network) communications switch. In the second step, the information found from these two assessments was used to assess a target network