 - The National Computer Security Center (NCSC) is a U.S. government organization within the National Security Agency (NSA) that evaluates computing equipment for high security applications to ensure that facilities processing classified or other sensitive material are using trusted computer systems and components. NCSC was founded in 1981 as the Department of Defense Computer Security Center and changed to its current name in 1985. The organization works with industry, education, and government agency partners to promote research and standardization efforts for secure information system development. The NCSC also functions in an educational capacity to disseminate information about issues surrounding secure computing, most significantly through its annual National Information Systems Security Conference.
The NCSC's computer evaluation program is carried out by another NSA organization, the Trusted Product Evaluation Program (TPEP), which tests commercial products against a comprehensive set of security-related criteria. NCSC issued the first Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) in August, 1983. The document, more commonly referred to as the "orange book," was reissued in 1985 as a DoD standard that included the stated goals of providing manufacturers with security-related standards regarding features for inclusion in products, and providing DoD components with information about security metrics for the evaluation of trust levels to be accorded various products used for processing sensitive material.
 |
Learn more about Web Application Security |
| Web Application Attacks Learning Guide: This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them. |
| Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads. |
| Quiz: Could you detect an application attack?: Test your application security awareness, review common application attacks and learn how to improve application layer logging to detect and protect against these attacks. |
| Web Application Attacks Learning Guide: This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them. |
| State-based attacks: Session management: This excerpt reviews session management techniques developers can use to protect against session hijacking and other Web application attacks. |
| Content Spoofing: This excerpt from "Preventing Web Attacks with Apache" explains how content spoofing attacks exploit vulnerabilities and how to use Apache to protect against them. |
| LAST UPDATED: |
13 Apr 2005
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
More resources from around the web:
|
|
Show me everything on 
