Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests. A C2 rating ensures the minimum allowable levels of confidence demanded for government agencies and offices and other organizations that process classified or secure information. TCSEC standards were established in the 1985 DoD document, Department of Defense Trusted Computer System Evaluation Criteria, known unofficially as the "Orange Book" (evaluation criteria for networks, the Trusted Network Interpretation is known as the "Red Book"). NCSC's objectives in publishing the document were: to provide DoD users with a means of ensuring the security of sensitive information; to provide manufacturers with guidelines to be followed; and to provide those involved in acquisitions with criteria for specifications.Content Continues Below
According to TCSEC, system security is evaluated at one of four broad levels, ranging from class D to class A1, each level building on the previous one, with added security measures at each level and partial level. Class D is defined as Minimum Security; systems evaluated at this level have failed to meet higher level criteria. Class C1 is defined as Discretionary Security Protection; systems evaluated at this level meet security requirements by controlling user access to data. Class C2, defined as Controlled Access Protection adds to C1 requirements additional user accountability features, such as login procedures. Class B1 is defined as Labeled Security Protection; systems evaluated at this level also have a stated policy model, and specifically labeled data. Class B2, defined as Structured Protection, adds to B1 requirements a more explicit and formal security policy. Class B3, defined as Security Domains, adds stringent engineering and monitoring requirements and is highly secure. Class A1 is defined as Verified Design; systems evaluated at this level are functionally equivalent to B3 systems, but include more formal analysis of function to assure security.