ITSEC (Information Technology Security Evaluation Criteria)

ITSEC / TCSEC

DESCRIPTION

TCSEC / ITSEC (F+E)

ITSEC / (E) EAL

EAL =

Eval Assurance Level

(Highest)

F6-10 / EAL7

F10

• Networks with high demands on Integrity and Confidentiality.

F9

• Systems that provide high Confidentiality (like crypto devices).

F8

• Systems that provide data Integrity during communication.

F7

• Systems that provide high Availability.

F6

• Systems that provide high Integrity.

EAL 7

• Formally verified DESIGN and TESTED.

A = VERIFIED PROTECTION

A1 / F5 + E6

• Top level security, systems designed to handle TS data.
• Every step is formally DOCUMENTED and VERIFIED.

o         Classification: Capable of handling TS information.

o         (Trusted Distribution) – Delivered and installed in a secure manner.

o         Covert channels addressed – formally tested and documented.

• Semi-formally verified design and tested.

B = MADATORY PROTECTION

B3 / F5 + E5

• Uses Security Labels of B1 and B2, based on Bell-LaPadula.
• Secure Domains:

o         Classification: Supports sufficient security to house classified data.

o         (Trusted Recovery) – Secure state must be addressed during initial boot process.

o         Covert timing channels addressed – for processing trasactions.

o         Security Admin functions must be clearly identified by System.

o         Requirement for Security Domains.

o         Very difficult to successfully attack and provide sufficient secure controls for very sensitive or Secret data.

o         Compartmented Securiy-Mode of Operation in most cases.

EAL 5

• Semi-formally designed and tested.

B2 / F4 + E4

• Uses Security Labels for Data and system design, (including storage devices), based on Bell-LaPadula.
• Structured:

o         Classification: Supports sufficient security to house classified data.

o         (Trusted Facility Management) required

o         Covert storage channels addressed – for data and/or storage devices.

o         Requires SEPARATE Operator and Administrator ROLES.

o         Change Control is required.

EAL 4

• Methodically designed, tested, and reviewed.

B1 / F3 + E3

• Uses Security Labels for Data only, based on Bell-LaPadula.
• Labeled:

o         Classification: Supports sufficient security to house classified data.

o         Grants access by matching subject and object labels and comparing their permission compatibility.

EAL 3

• Methodically tested and checked.

C = DISCRETIONARY PROTECTION

C2 / F2 + E2

• Based on individuals and groups, separates users and information.
• Controlled Access Protection:

o         Enforce strict logon procedures.

o         Media cleansing.

o         Auditing mechanisms.

o         OBJECT REUSE.

EAL 2

• Structurally tested.

C1 / F1 + E1

• Based on individuals and groups, separates users and information.
• Discretionary Secure Protection:
• Provide only weak protection mechanisms – NO true individual accountability.

EAL 1

• Functionally tested.

D = MINIMAL SECURITY

D / E0

(Lowest)

• Reserved for systems that have been evaluated but failed to meet security criteria.

EAL 0

• Inadequate assurance.
• TCSEC was developed by the NCSC (National Computer Security Center)
• TCSEC’s goal was to provide standard methodology for measuring the amount of trust you can place in a system, produce standards as to what security features for manufacturers to include when developing new commercial products, and to provide government user personnel with a basis for the specific security requirements they were demanding when purchasing products.
• ITSEC (Information Technology Security Evaluation Criteria) was written to address integrity and availability which the Orange Book did not address.