1996-03-22 - Re: NT’s C2 rating

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: David Loysen <dwl@hnc.com>
Message Hash: 4663f9de6e2afe9cd6dfb4d2adfb1fe1d08bb63e2df599135b2abaa5cc6d67a3
Message ID: <9603212054.AA24580@portnoy.MIT.EDU>
Reply To: <199603211813.KAA15750@spike.hnc.com>
UTC Datetime: 1996-03-22 00:05:58 UTC
Raw Date: Fri, 22 Mar 1996 08:05:58 +0800

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 22 Mar 1996 08:05:58 +0800
To: David Loysen <dwl@hnc.com>
Subject: Re: NT's C2 rating
In-Reply-To: <199603211813.KAA15750@spike.hnc.com>
Message-ID: <9603212054.AA24580@portnoy.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> configuration can be certified as C2 compliant. The way I read the orange
> book, no system with a network connection can ever be C2. For that matter a
> system can't get C2 unless it is in an area where you can control and
> monitor physical access to the system.

This is incorrect -- you can have a C2 system which has a network
connection.  Indeed, you can get a B2 rating with a networked system,
c.f. Multics.

-derek






Thread