 - Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests. A C2 rating ensures the minimum allowable levels of confidence demanded for government agencies and offices and other organizations that process classified or secure information. TCSEC standards were established in the 1985 DoD document, Department of Defense Trusted Computer System Evaluation Criteria, known unofficially as the "Orange Book" (evaluation criteria for networks, the Trusted Network Interpretation is known as the "Red Book"). NCSC's objectives in publishing the document were: to provide DoD users with a means of ensuring the security of sensitive information; to provide manufacturers with guidelines to be followed; and to provide those involved in acquisitions with criteria for specifications.
According to TCSEC, system security is evaluated at one of four broad levels, ranging from class D to class A1, each level building on the previous one, with added security measures at each level and partial level. Class D is defined as Minimum Security; systems evaluated at this level have failed to meet higher level criteria. Class C1 is defined as Discretionary Security Protection; systems evaluated at this level meet security requirements by controlling user access to data. Class C2, defined as Controlled Access Protection adds to C1 requirements additional user accountability features, such as login procedures. Class B1 is defined as Labeled Security Protection; systems evaluated at this level also have a stated policy model, and specifically labeled data. Class B2, defined as Structured Protection, adds to B1 requirements a more explicit and formal security policy. Class B3, defined as Security Domains, adds stringent engineering and monitoring requirements and is highly secure. Class A1 is defined as Verified Design; systems evaluated at this level are functionally equivalent to B3 systems, but include more formal analysis of function to assure security.
| CONTRIBUTORS: |
Rossi Kwan |
| LAST UPDATED: |
29 May 2007
|
 |
Read more about Class C2:
|
|
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
 |
 |
| |
RELATED CONTENT
 |
Protecting data in a merger and acquisition
Upheaval in the financial-services industry has put the spotlight on financial information security. Experts share ways to keep sensitive information...
|
|
This May Day, banks wave the Red Flags
The Red Flags Rule, which mandates companies develop methods by which they will identify, detect and respond to identity theft incidents, is set to go...
|
|
IT security pros face challenge during economic crisis
In this Q&A, Steven Katz, a former CISO at Citigroup Inc., JP Morgan Chase & Co., and Merrill Lynch & Co., Inc., explains the role of IT security...
|
|
|
|
| |
RELATED GLOSSARY TERMS
| Terms from Whatis.com − the technology online dictionary |
|
FFIEC compliance
(SearchFinancialSecurity.com)
FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination...
|
|
|
