Definition

Class C2

Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests. A C2 rating ensures the minimum allowable levels of confidence demanded for government agencies and offices and other organizations that process classified or secure information. TCSEC standards were established in the 1985 DoD document, Department of Defense Trusted Computer System Evaluation Criteria, known unofficially as the "Orange Book" (evaluation criteria for networks, the Trusted Network Interpretation is known as the "Red Book"). NCSC's objectives in publishing the document were: to provide DoD users with a means of ensuring the security of sensitive information; to provide manufacturers with guidelines to be followed; and to provide those involved in acquisitions with criteria for specifications.

According to TCSEC, system security is evaluated at one of four broad levels, ranging from class D to class A1, each level building on the previous one, with added security measures at each level and partial level. Class D is defined as Minimum Security; systems evaluated at this level have failed to meet higher level criteria. Class C1 is defined as Discretionary Security Protection; systems evaluated at this level meet security requirements by controlling user access to data. Class C2, defined as Controlled Access Protection adds to C1 requirements additional user accountability features, such as login procedures. Class B1 is defined as Labeled Security Protection; systems evaluated at this level also have a stated policy model, and specifically labeled data. Class B2, defined as Structured Protection, adds to B1 requirements a more explicit and formal security policy. Class B3, defined as Security Domains, adds stringent engineering and monitoring requirements and is highly secure. Class A1 is defined as Verified Design; systems evaluated at this level are functionally equivalent to B3 systems, but include more formal analysis of function to assure security.

Contributor(s): Rossi Kwan
This was last updated in September 2008
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: