Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: Rick Smith <rick_smith () securecomputing com>
Date: Fri, 30 Oct 1998 17:23:20 -0600
At 10:42 AM 10/29/98 -0500, Gordon Greene wrote:
It seems like as tough as it is to get the OS evaluated, you have to go through at least as much to get a system that incorporates it through accreditation.
Accreditation and evaluation may both be fruit, but they're apples and oranges. Things pass evaluation and fail accreditation (Blacker was a poster child for this at the A1 level) while other things never get evaluated (or fail) and are still accredited for operation. The SMG was never "really" evaluated though it jumped through many hoops marked "A1." Accreditation is a risk assessment decision that is influenced by a variety of operational and even political conditions. Accreditation in one command or one application doesn't guarantee accreditation anywhere else. Evaluation is a very stringent technical assessment that's supposed to be objective. It's overseen by a single authority (the NCSC) and based on published criteria. Rick. smith () securecomputing com
Current thread:
- Re: Trusted Unices Aren't?, (continued)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? Gordon Greene (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? dreamwvr (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)
- Re: Trusted Unices Aren't? Paul D. Robertson (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)
- Re: Trusted Unices Aren't? Paul McNabb (Nov 02)
- Re: Trusted Unices Aren't? Rick Smith (Nov 02)