Class C2

According to TCSEC, system security is evaluated at one of four broad levels, ranging from class D to class A1, each level building on the previous one, with added security measures at each level and partial level. Class D is defined as Minimum Security; systems evaluated at this level have failed to meet higher level criteria. Class C1 is defined as Discretionary Security Protection; systems evaluated at this level meet security requirements by controlling user access to data. Class C2, defined as Controlled Access Protection adds to C1 requirements additional user accountability features, such as login procedures. Class B1 is defined as Labeled Security Protection; systems evaluated at this level also have a stated policy model, and specifically labeled data. Class B2, defined as Structured Protection, adds to B1 requirements a more explicit and formal security policy. Class B3, defined as Security Domains, adds stringent engineering and monitoring requirements and is highly secure. Class A1 is defined as Verified Design; systems evaluated at this level are functionally equivalent to B3 systems, but include more formal analysis of function to assure security.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Novell provides a page of "Class C2 Security Rating Questions and Answers." - The DoD Standard Trusted Computer System Evaluation Criteria are available online.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT FTC Red Flags Rules: How to create an identity theft prevention plan Under FTC's Red Flags Rules, all financial institutions and creditors with covered accounts are required to create an identity theft prevention plan. Protecting data in a merger and acquisition Upheaval in the financial-services industry has put the spotlight on financial information security. Experts share ways to keep sensitive information... This May Day, banks wave the Red Flags The Red Flags Rule, which mandates companies develop methods by which they will identify, detect and respond to identity theft incidents, is set to go...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary FFIEC compliance  (SearchFinancialSecurity.com) FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination...