NCSC

(redirected from National Computer Security Center)
Also found in: Medical, Acronyms, Wikipedia.

NCSC

(National Computer Security Center) The arm of the U.S. National Security Agency that defines criteria for trusted computer products, which are embodied in the Orange Book and Red Book. Published in the 1980s and 1990s and known as the Rainbow Series because of their colored covers for each topic, they have been largely superseded by the Common Criteria. See also NCSA.

Orange Book
The Orange Book contains the "Trusted Computer Systems Evaluation Criteria" (TCSEC), DOD Standard 5200.28.

Red Book (for networks)
The Red Book contains the "Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria" (NCSC-TG-005) and "Trusted Network Interpretation Environments Guideline: Guidance for Applying the Trusted Network Interpretation" (NCSC-TG-011).

Level D
Systems are rated on a scale starting from D, which is not secure, to A, which is the most secure.

Level D is a non-secure system.

Level C
Level C provides discretionary access control (DAC). The owner of the data can determine who has access to it.

C1: Requires user login, but allows group ID.

C2: Requires individual user login with
password and an audit mechanism.

Levels B and A
Levels B and A provide mandatory access control (MAC). Access is based on standard DOD clearances. Each data structure contains a sensitivity level, such as top secret, secret and unclassified, and is available only to users with that level of clearance.

B1: DOD clearance levels.

B2: Guarantees path between user and the
security system. Provides assurances
that system can be tested and clearances
cannot be downgraded.

B3: System is characterized by a mathematical
model that must be viable.

A1: System is characterized by a mathematical
model that can be proven. Highest
security. Used in military computers.

European Ratings


The European Information Technology Security Evaluation Criteria (ITSEC) is similar to TCSEC, but rates functionality (F) and effectiveness (E) separately.

OrangeBookTCSEC   ITSEC
        D       E0
        C1      F-C1, E1
        C2      F-C2, E2
        B1      F-B1, E3
        B2      F-B2, E4
        B3      F-B3, E5
        A1      F-B3, E6
References in periodicals archive ?
Nasdaq: NOVL), today announced that on August 4, 1995, NetWare(R) 4 formally entered C2 evaluation at the National Computer Security Center (NCSC), part of the National Security Agency.
A Boeing-developed local area network (LAN) component providing advanced capabilities for managing secure computing needs has been given a top-level A1 security rating by the National Computer Security Center (NCSC).
Falde said, a final evaluation report will be issued by the NSA's National Computer Security Center (NCSC) and Trusted UNICOS is now included in the Evaluated Products List (EPL).
2 /PRNewswire/ -- AT&T Federal Systems is now offering AT&T System V/MLS, the first National Computer Security Center B1-rated secure UNIX(R) product, to commercial users of NCR 3450 and 3550 computers.
0 Secure is developed in accordance with the Trusted Computer System Evaluation Criteria (TCSEC) published by the Department of Defense, and is targeted at the C2 level of trust, as defined by the TCSEC and the National Computer Security Center.

Encyclopedia browser ?
Full browser ?