 |
» |
|
|
|
EPL entry for SEVMS VAX Version 6.0 |
------------------------------------------------------------------------
This is a new EPL entry for SEVMS VAX Version 6.0. This supercedes the
previous EPL entry. The new EPL entry is the result of an Addendum TRB
action that involved SEVMS VAX Version 6.0 prior to that product entering
RAMP.
------------------------------------------------------------------------
Serial No.: NCSC-EPL-93/003
EVALUATED PRODUCT: SEVMS VAX
VENDOR: Digital Equipment Corporation
VERSION: 6.0 with SEVMS_VAXSMUP03_060
EVALUATION DATE: 30 June 1994
[Note: The original evaluation date was
31 August 1993.
OVERALL EVALUATION CLASS: B1
PRODUCT DESCRIPTION:
Digital Equipment Corporation's SEVMS VAX Version 6.0 with
SEVMS_VAXSMUP03_060 is a general purpose multi-user operating
system running on Digital's Virtual Address Extension (VAX) processors.
The VAX processor hardware supports SEVMS protection
mechanisms by providing four hierarchical hardware access
modes and memory page protection based on those modes.
In addition, the VAX hardware architecture provides support for
process isolation through virtual memory management and process
context switching. The evaluated configuration includes both
standalone VAX systems and VAXclusters configured with a common
environment, where a single user authorization database is used by all
of the nodes of the cluster to enforce a unified security policy.
Basic discretionary access controls are provided by user categories
(system, owner, group, and world). In addition, access control lists
are supported that contain identifiers and the authorized access for
the identifier. A user may be associated with a number of different
identifiers, providing a flexible mechanism for grouping access
permissions based on identifiers.
Mandatory access controls support access mediation based on
sensitivity labels associated with both data and users. SEVMS
objects that can be shared among users are protected by mandatory
access controls.
Security administration features provided by SEVMS include support for
user registration with password management options and restricted user
environments, audit collection and analysis, and delegation of
administrative authority using SEVMS system privileges. Object reuse
features include memory initialization, disk and tape erasure options,
and printer reset sequences.
Features of SEVMS that provide security functionality extending
beyond the B1 requirements include display of subject sensitivity
labels, ranges for device labels, trusted path for login, and access
control lists.
PRODUCT STATUS:
SEVMS is developed, marketed, and supported by Digital Equipment
Corporation. SEVMS VAX Version 6.0 with SEVMS_VAXSMUP03_060 was released in
February, 1994. Digital is participating in the NCSC Rating Maintenance
Program (RAMP); future releases of SEVMS may appear on the EPL as a result
of a RAMP action.
SEVMS is marketed as part of Digital's Security Enhancement Service
(SES), a consulting service that includes a security review, security
planning, a user orientation, a security manager orientation, and the
installation of SEVMS VAX Version 6.0 with SEVMS_VAXSMUP03_060.
EVALUATION SUMMARY:
The security protection provided by SEVMS VAX Version 6.0 with
SEVMS_VAXSMUP03_060 has been evaluated by the National Computer
Security Center (NCSC) against the requirements specified by the
"Department of Defense Trusted Computer System Evaluation Criteria"
[DOD 5200.28-STD] (the Criteria) dated December 1985.
The NCSC evaluation team has determined that the highest class at
which SEVMS VAX Version 6.0 with SEVMS_VAXSMUP03_060 satisfies all
the specified requirements of the Criteria is class B1.
For a complete description of how SEVMS satisfies each
requirement of the Criteria, refer to the Final Evaluation
Report, OpenVMS VAX and SEVMS VAX Version 6.0 with SEVMS_VAXSMUP03_060 (Report
NCSC-EPL-93/xxx). In addition, the final evaluation report should be
consulted for the complete list of evaluated hardware and software, as
well as constraints on the hardware and software configurations that
have been evaluated.
The figure below indicates the requirements and corresponding
level that SEVMS VAX Version 6.0 with SEVMS_VAXSMUP03_060 satisfies.
TRUSTED COMPUTER SYSTEM
EVALUATION SUMMARY CHART
GOES HERE
ENVIRONMENTAL STRENGTHS:
SEVMS provides a flexible discretionary access control mechanism
that can be used to define complex controls for sharing access.
Account restrictions can be specified by an administrator to provide
flexible controls on the environment and system resources accessible
to individual users. The mandatory controls of SEVMS provide
access mediation using data sensitivity labels.
When used within the common VAXcluster environment, SEVMS provides a
distributed computing environment with a uniform security policy.
SEVMS also supports security features not required by the TCSEC,
including break-in detection mechanisms, password management options,
and data access control using application subsystems.
* SEVMS, SES, VAX, and VAXcluster are registered trademarks of Digital
Equipment Corporation.
|
