This preview shows page 1. Sign up to view the full content.
Unformatted text preview: curity.” This is what they’re talking about. For more information on this, read . The computer security model used in these criteria is called the Bell-LaPadula model [100,101,102,103]. The NCSC has published a whole series of books on computer security, sometimes called the Rainbow Books (all the covers have different colors). For example, Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria , sometimes called the “Red Book,” interprets the Orange Book for networks and network equipment. The Trusted Database Management System Interpretation of the Trusted Computer System Evaluation Criteria —I can’t even begin to describe the color of that cover—does the same for databases. There are now over 30 of these books, some with hideously colored covers. For a complete set of the Rainbow Books, write Director, National Security Agency, INFOSEC Awareness, Attention: C81, 9800 Savage Road, Fort George G. Meade, MD 20755-6000; (410) 766-8729. Don’t tell them I sent you. 25.3 National Institute of Standards and Technology (NIST)
The NIST is the National Institute of Standards and Technology, a division of the U.S. Department of Commerce. Formerly the NBS (National Bureau of Standards), it changed its name in 1988. Through its Computer Systems Laboratory (CSL), NIST promotes open standards and interoperability that it hopes will spur the economic development of computer-based industries. To this end, NIST issues standards and guidelines that it hopes will be adopted by all computer systems in the United States. Official standards are published as FIPS (Federal Information Processing Standards) publications. If you want copies of any FIPS (or any other NIST publication), contact National Technical Information Service (NTIS), U.S. Department of Commerce, 5285 Port Royal Road, Springfield, VA 22161; (703) 487-4650; or visit gopher://csrc.ncsl.nist.gov. When Congress passed the Computer Security Act of 1987, NIST was mandated to define standards for ensuring the security of sensitive but unclassified information in gove...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10