|
Short Name: PP_MLOS-MR_V1.68
Technology Type: Operating System
Version: 1.68
Date: February 9, 2004
Conformance Claim: Medium
Protection Profile: 
Validation Report: Not available
|
Related Profiles: None
Key Words: operating system, COTS, medium robustness,
multilevel, mandatory access control, MAC, discretionary
access control, DAC, labels, integrity, cryptography, mandatory
integrity control, MIC, cryptography
Please forward any questions or comments to pp-comments@niap-ccevs.org |
PP Overview
National Security Directive 42 delegates to NSA the authority
to approve information technology products and cryptography
implementations for use in protecting national security information.
This “U.S. Government Protection Profile for Multilevel
Operating Systems in Environments Requiring Medium Robustness” specifies
security requirements for commercial-off-the-shelf (COTS)
general-purpose multilevel operating systems in networked
environments and uses Department of Defense (DoD) and National
Information Assurance (IA) guidance and policies as a basis
to establish the requirements for National Security Systems.
Products meeting this protection profile become candidates
for use in National Security Systems. However, compliance
to this protection profile is not, by itself, sufficient.
Compliance alone does not offer sufficient confidence that
national security information is appropriately protected
in the context of a larger system in which the TOE is integrated.
Designers of such large systems must apply appropriate systems
security engineering principles and defense-in-depth techniques
to afford acceptable protection for national security information.
Conformant products support Identification and Authentication
(I&A), Discretionary Access Control (DAC), Mandatory
Access Control (MAC), Mandatory Integrity Control (MIC),
an Audit Capability, and Cryptographic Services. These products
provide adequate security services, mechanisms, and assurances
to process unclassified information and are also candidates
for processing national security information.
PP conformant
systems are suitable for use in unclassified environments
which process administrative, private, and sensitive/proprietary
information and are candidates for classified environments
that utilize appropriate systems engineering and defense-in-depth
strategies. However, when an organization’s most sensitive/proprietary
information is to be sent from the TOE to another system
across a publicly accessible network, the organization should
also apply additional protection at the network boundaries.Operating
Systems evaluated against this PP, and approved for protecting
national security information, will associate sensitivity
and integrity labels with all objects. All its users will
have an associated clearance level identifying the maximum
security level of data that they may access. These operating
systems can operate in the following multilevel environments:
- processing
data up to the Secret level with uncleared authorized users,
- processing
data up to the Top Secret level with minimum user clearances
of Secret, and
- processing data up to the Top Secret/Sensitive
Compartmented Information (TS/SCI) level with minimum
user clearances of Top Secret.
|
![[X]](/assets/images/button_close.gif){kind=small}