Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1999-q4

NTBugtraq And NTSecurity Archives: Re: Alert: Windows NT 4.0 no

Re: Alert: Windows NT 4.0 now C2 certified in 6 configs - minor n it

Subject: Re: Alert: Windows NT 4.0 now C2 certified in 6 configs - minor n it
From: Russ (Russ.CooperRC.ON.CA)
Date: Fri Dec 03 1999 - 15:22:31 CST

Next message: Russ: "Administrivia #30725 - Out of Office Agents"
Previous message: Arvel Hathcock: "Apologies to USSRLABS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

It has been pointed out to me that using the term "certified" or
"certification" is incorrect.

The TPEP process results in what's termed an "evaluation". The
configuration, hardware, software, environment, and processes are
"evaluated" against the TCSEC, issues were found, corrected, and the
evaluation was eventually produced.

The resulting reports (not yet publicly available) qualify the
configurations to be put on the EPL, or Evaluated Products List, at
the evaluation level evaluated (C2 in this case).

*I* used the term "certified" and "certification" because the process
is more akin to such an acknowledgement than the rather blase
"evaluation" definition folks would have me use.

I offer you this quote from the MS page;
<http://www.microsoft.com/security/issues/deployingc2.asp>

"Please keep in mind that there is a difference between deploying a
system in a C2-evaluated configuration and having a C2-certified
system. A C2 evaluation considers whether a particular product (in
this case, Windows NT) can be part of a C2 certification, when
configured appropriately. A C2 certification indicates the degree of
security that an actual deployment provides, and considers physical
security, administrative procedures and other factors in addition to
how Windows NT is configured. There can be considerable value in
deploying Windows NT in one of the evaluated configurations, not the
least of which is that doing so makes it eligible for certification.
However, only an accredited certification facility can grant
certification."

Cheers,
Russ - NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQCVAwUBOEg1ahBh2Kw/l7p5AQFWSAP+J2GrZ/L5Ar9zog9SenovaQZFDo0wgPQ5
PyQl47kAxMFeiL0aEpgsIRDB5ltDqSc/48OGPdY5xX1iGSkfd/XoL9RPivIX5kXj
QEn+zcbt83zWDGHtsLC/GNdl+dyCIF24JxxXFte25lhYNjmxBQVRvkFqxEQaa4nB
ZVcPCz3vSmw=
=Opea
-----END PGP SIGNATURE-----

Next message: Russ: "Administrivia #30725 - Out of Office Agents"
Previous message: Arvel Hathcock: "Apologies to USSRLABS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Fri Dec 03 1999 - 15:38:01 CST