I believe the National Computer Security Center certified MS Windows NT 3.5.1 as C2.....in a standalone system configuration. David Markle wrote: > > I really think MS wanted to certify 3.51 with the DoD so they could sell > the OS to DoD. The DoD was a large, available market and MS$ft wanted it > all. I also believe that it was an advertising scheme to bring more > customers into their monopoly. Even though the more technical engineering > person knew better, the decision maker was swayed by the term C2 - WOW. > > Just my thoughts, though, and I know we are digressing. > > -----Original Message----- > From: Michael.Owen [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, June 23, 1999 11:34 AM > To: David.Markle > Cc: Michael.Owen; firewalls; Peter.Kunz > Subject: RE: C2 Security > > > We are discussing the US government classification of security levels > > DoD levels pertaining to the "Orange Book", written by the US > > Department of > > Defense, and NSA criteria pertaining to the "Red Book". To be > > specific, > > Microsoft requested a C2 certifiable security level > > from-specifically-the > > DoD. > > Ah. I wasn't aware that in addition to the ITSEC E3 F-C2 certification, > they had gone to the DoD for another "possibility of" certification. > This strikes me as odd, given that I thought the US Gov't recognised > ITSEC classifications, but whatever. > > Actually, I just checked Microsoft's website, and if you look at > > http://www.microsoft.com/NTServer/security/exec/feature/c2_security.asp > > They say that they're currently having NT 4.0 evaluated for certification > in the TPEP program by SAIC. (This is a full evaluation, not any sort of > "hypothetical" one.) > (As I'm sure you know, the TPEP program is the NSA sponsored product > evaluation scheme which is used for all commercial products being sold > to the US government.) > > (I've read bits of the Orange book, btw, and I agree - it's boring.) > > > I, absolutely think that better, more robust, standards should > > be > > devised for the public sector regarding security. > > What you say may be true of other nations, however. > > ITSEC standards are recognied by most of Europe, Canada, and the United > States, and are fairly widely used. Trusted Solaris 2.5.1, for example, is > ITSEC certified. Checkpoint Firewall-1 is ITSEC certified. We're not > talking > exotic UK only specs here. ;-) > > None of this changes the fact that most people who understand > certification seem impressed by Microsoft's non-networked certificates. > (Which was the original point we've been saying over and over, I think..) > > cheers, > > Michael > > [EMAIL PROTECTED] > > << File: RE_ C2 Security.TXT >> > > ------------------------------------------------------------------------ > > Part 1.2 Type: application/ms-tnef > Encoding: base64
begin:vcard n:Lamb;Donald tel;fax:(703) 289-5829 tel;work:(703) 289-5421 x-mozilla-html:FALSE org:Booz-Allen & Hamilton, Inc. adr:;;3190 Fairview Park Drive;Falls Church;Virginia;22042;USA version:2.1 email;internet:[EMAIL PROTECTED] title:Associate x-mozilla-cpt:;-21792 fn:Donald Lamb end:vcard
