Ditscap defense information technology security

Info icon This preview shows pages 7–9. Sign up to view the full content.

View Full Document Right Arrow Icon
DITSCAP – Defense Information Technology Security Certification Accreditation Process NIACAP - National Information Assurance Certification Accreditation Process DITSCAP – Defense Information Technology Security Certification Accreditation Process Establishes a standard process, a set activities, general task descriptions and a management structure to certify and accredit system will maintain its required security posture. Four Phases of DITSCAP n Definition – understanding of environment and architecture n Verification – Verify compliance with System Security Authorization (While evolving) n Validation - Validate compliance with System Security Authorization (final) n Post Accreditation – continuing operation NIACAP - National Information Assurance Certification Accreditation Process n Minimum national standards for accrediting national security system n Establishes a standard process, a set activities, general task descriptions and a management structure to certify and accredit system will maintain its required security posture. Three types of NIACAP accreditation n Site accreditation – evaluates application at self contained location n Type accreditation – evaluates application at number of locations n System accreditation - evaluates a major application or support system Information Security Models n Access control models n Integrity Models n Information Flow Models Access Control Models Access Matrix Take-Grant Bell-Lapadula Confidentiality State Machine Access Matrix Straight Forward provides access rights to subjects for objects. n Access Rights – Read, write and execute n Subject – can be a person or a program n Objects – file or storage device n Columns - are called Access Control Lists n Rows - are capability lists n Supports Discretionary Access Control n Triple - Subjects capability is defined by a triple (object, rights, random#) n The random number prevents spoofing Take-Grant Model Uses a directed graph to specify the rights a subject can transfer to an object or take from another subject.
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Bell-Lapadula – confidentiality model n Developed to formalize the US Department of Defense multilevel security policy n Only deals with confidentiality does not deal with integrity or availability n Based on Government Classification – Unclassified, Sensitive But Unclassified (SBU), Confidential, Secret, Top Secret n Must have need to know n A Trusted Subject can violate the *property n Does not address client/server model n Based on State Machine Concept n Starts at secure state and transitions from one state to another. n The initial state must be secure and the transitions result in a secure state Bell-Lapadula Security State Defined by three properties: 1. Simple Security Property (ss Property) – no reading from lower subject to higher object (No Read Up) 2. The * (star) security Property – No writing from higher subject to lower object (No write Down) n Trusted Subject can violate the star property but not its intent n
Image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern