Why stop at B2? <grin>
Unless I'm viewing outdated information
(http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html), the highest is an
A1, but the problem is that there are no operating systems certified. Of
course this means B3, but there's only one op/sys (XTS-300) certified. If we
drop to a B2, there's still only one op/sys (XENIX) certified. If we drop
even lower to a B1, we've opened up the possibilities to about six. And
finally at a C2, we've opened the door to a cumulative 15 or so...
In keeping the above in mind, are you implying that the all businesses
should be using XENIX? (Side note: It's kind of funny that XENIX was
originally developed by Microsoft in 1980...)
Regardless, it all comes down to the security-related requirements being
directly impacted by the needs of the business. If the needs of the business
demand B2, then so be it. If the needs of the business can be met with C2,
then just as well.
Best Regards,
Donald Kelloway
Escalations Engineer
Elron Software, Internet Products Division
One Cambridge Center, 11th Floor
Cambridge MA 02142
800-767-6683 or 617-914-5000
-----Original Message-----
From: Paul D. Robertson <[EMAIL PROTECTED]>
To: Don Kelloway <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, June 03, 1999 7:55 AM
Subject: Re: Why not NT?
snipped...
>
>I have a much higher general assurance of the TCSEC at B2 and above.
>
>Paul
>---------------------------------------------------------------------------
--
>Paul D. Robertson "My statements in this message are personal opinions
>[EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
PSB#9280
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
