The Orange Book itself is not that useful for evaluating or assessing NT 4.0; the TCSEC guidance solely exists to give a broad overview of what an organization should examine when determining the security level compliance of a given system. The Orange Book is therefore necessarily vague, and the terms and conditions may or may not apply to NT 4.0. There are four general divisions of security criteria, A, B, C, and D, with A being the most rigorous standard. divisions B and C are further broken into classes C1, C2, B1, B2, and B3, and there is an unnamed category "beyond A1." It is readily apparent that C2 is a relatively low security criteria class.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
