File:Configuration management evaluation guidance for high robustness systems (IA configurationman109451190).pdf
Original file (1,275 × 1,650 pixels, file size: 1.06 MB, MIME type: application/pdf, 87 pages)
Captions
Captions
Summary
[edit]Configuration management evaluation guidance for high robustness systems
(   ) |
|
|---|---|
| Author |
Gross, Michael E. |
| Title |
Configuration management evaluation guidance for high robustness systems |
| Publisher |
Monterey, California. Naval Postgraduate School |
| Description |
Configuration Management (CM) plays a vital role in the development of trusted computing systems. The Common Criteria (CC) provides a framework for performing Information Technology (IT) security evaluations of these systems and further emphasizes CM's role in the development and evaluation process by specifying a minimum set of CM qualities for each Evaluated Assurance Level (EAL). As an evaluation guide, the Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology (CEM), recommends a set of minimum CM guidelines which can be used by evaluators in the performance of a CM evaluation at the lower Evaluated Assurance Levels. Evaluators and developers will quickly note the CEM's lack of recommended CM guidelines at the higher assurance levels. Thorough study of the listed references supports the hypothesis for this work: Configuration Management guidelines are useful in the evaluation of trusted computing systems. As an assurance mechanism, complete CM guidance helps users of high assurance products obtain a degree of confidence the system security requirements operate as intended and do not contain clandestine code. Complete CM guidance provides evaluators with a \"completed assurance scale\" and ensures only authorized changes were made to the TOE during development. Useful CM guidelines at the higher assurance levels (EAL5, 6, and 7) will help developers and evaluators ensure products meet the minimum requirements needed for high assurance systems. Subjects: Configuration management; Information theory; Methodology; Examinations; Evaluation; Common criteria; Common evaluation methodology guidelines; High assurance; IT product evaluation |
| Language | English |
| Publication date | March 2004 |
| Current location |
IA Collections: navalpostgraduateschoollibrary; fedlink |
| Accession number |
configurationman109451190 |
| Source | |
| Permission (Reusing this file) |
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, may not be copyrighted. |
Licensing
[edit]
|
This work is in the public domain in the United States because it is a work prepared by an officer or employee of the United States Government as part of that person’s official duties under the terms of Title 17, Chapter 1, Section 105 of the US Code.
Note: This only applies to original works of the Federal Government and not to the work of any individual U.S. state, territory, commonwealth, county, municipality, or any other subdivision. This template also does not apply to postage stamp designs published by the United States Postal Service since 1978. (See § 313.6(C)(1) of Compendium of U.S. Copyright Office Practices). It also does not apply to certain US coins; see The US Mint Terms of Use.
|
 |
| This file has been identified as being free of known restrictions under copyright law, including all related and neighboring rights. | ||
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Thumbnail | Dimensions | User | Comment | |
|---|---|---|---|---|---|
| current | 06:51, 16 July 2020 |  | 1,275 × 1,650, 87 pages (1.06 MB) | Fæ (talk | contribs) | FEDLINK - United States Federal Collection configurationman109451190 (User talk:Fæ/IA books#Fork8) (batch 1993-2020 #12147) |
You cannot overwrite this file.
File usage on Commons
The following page uses this file: