* sec rating
@ 2002-03-19 18:22 Tom
2002-03-19 18:52 ` Howard Holm
0 siblings, 1 reply; 2+ messages in thread
From: Tom @ 2002-03-19 18:22 UTC (permalink / raw)
To: SE Linux
I heard someone claim today that SE Linux has a security rating of B1 -
but I can't remember reading anything about certification and unless
I'm mistaken it would've to be a specific software + hardware
configuration. Can someone shed light on this?
--
http://web.lemuria.org/pubkey.html
pub 1024D/D88D35A6 2001-11-14 Tom Vogt <tom@lemuria.org>
Key fingerprint = 276B B7BB E4D8 FCCE DB8F F965 310B 811A D88D 35A6
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: sec rating
2002-03-19 18:22 sec rating Tom
@ 2002-03-19 18:52 ` Howard Holm
0 siblings, 0 replies; 2+ messages in thread
From: Howard Holm @ 2002-03-19 18:52 UTC (permalink / raw)
To: Tom; +Cc: selinux
SELinux has not been evaluated against any security criteria as far as
I'm aware, and I'd expect to be among the very first to know. B1 is a
rating of the Trusted Computing System Evaluation Criteria (TCSEC) which
is no longer used. It has been replaced by the Common Criteria. In the
US, CC evaluations are done by the Common Criteria Evaluation and Validation
Scheme (CCEVS) of the National Information Assurance Partnership (NIAP).
See <http://niap.nist.gov/cc-scheme/> and <http://naip.nist.gov/>. What
may have been said, and would be true, is that SELinux includes features
that would have been expected in B1 systems and not expected in systems
rated against lower levels of the TCSEC. That does NOT imply that SELinux
has all the features and assurances necessary for that or any other
particular level.
As Tom correctly pointed out, an actual evaluation or certification
would (in general) have to take into account an entire system configuration
of both hardware and software.
On Tue, Mar 19, 2002 at 07:22:57PM +0100, Tom wrote:
> I heard someone claim today that SE Linux has a security rating of B1 -
> but I can't remember reading anything about certification and unless
> I'm mistaken it would've to be a specific software + hardware
> configuration. Can someone shed light on this?
--
Howard Holm <hdholm@epoch.ncsc.mil>
Secure Systems Research Office
National Security Agency
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-03-19 18:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-03-19 18:22 sec rating Tom
2002-03-19 18:52 ` Howard Holm
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.