NCSC-TG-024 a Guide to Procurement of Trusted Systems

7/30/2019 NCSC-TG-024 a Guide to Procurement of Trusted Systems

1/69

;

-."i_. { y-SJ/li i n -' sUh ^ . : . \ -:.. .

n ! ;s . ' !n

llTiM;

IIIi![{01

>

1 9 9 8 0 3 0 92 1 5 W A S H I N G T O N O . C .0301-7i0r^. '' ':' ,'! ':;--. '!.' o '?;*


2/69

AccessionNumber :4832Publication Date:Jun30,1993Title:Guideto Procurementof TrustedSystems:Language fo r R FPSpecificationsan dStatementsofWork- A nA id to ProcurementInitiators PersonalAuthor:Johnson,H .CorporateAuthorO rPublisher:NationalSecurity Agency ,98 00Savage R oad ,Ft.Mead e ,M D 20755- 6000 Report Number :N C S C - T G - 0 2 4 ,V olume2/4,Report N u m b e rAssigned by ContractMonitor :Library No.,S-239,689 Descriptors, Keywords:Compute rSecurity Acquisition Requ i remen tTrustedSpecificationStatementW o r kS O W ProcurementGuideS y s tem R FPAIS Pages:0006 0 Cataloged Date:Ja n04,1 9 9 4D o cu men tType:H C N u m b e rof CopiesIn Library:000001 Record ID :28518


3/69

NCSC-TG-024Volume2/4 LibraryNoS-239,689VersionFOREWORD

Thisuideline,olume f nheProcurementGuidelineeries,swritteno helpacilitatethecquisitionfrustedomputerystemsnccordancewithoD 5200.28-STD,DepartmentofDefense rustedComputerSystemEvaluationCriteria.Itsesignedorewrxperiencedutomatednformationystemevelopers,purchasers,rrogramanagershoustdentifyndatisfyequirementsassociatedithecurity-relevantcquisitions.olume ddressesheayywhichrustedomputerystemvaluationriteriareranslatedntoanguageoruseintheRequestfo rProposalSpecificationsandStatementsofWork.InformationontainedithinherocurementuidelineeriesillacilitatesubsequentevelopmentfrocurementuidanceorheFederalCriteria."his serieslsoncludesnformationeingevelopedorertificationndccreditationguidance.Theusinessfomputers,ecurity,ndcquisitionssomplexndynamic.Ashe irector,ational omputerecurityenter, nviteourecommendationsfo revisionohisechnicaluideline.urtaffillorkoeephisuidelinecurrent.owever,xperiencefsersnheieldshemostmportantourceftimelyinformation. leasesendcommentsandsuggestionsto :

NationalSecurityAgency9800SavageRoadFortGeorgeG.Meade,MD20755-6000 ATTN:tandards,Criteria,andGuidelinesDivison

30June993PatrickR. DirectorNationalComputerSecurityCenter


4/69

ACKNOWLEDGMENTS Thisocumentaseenroducednderheuidancef.S .rmy ajor

Melvin. eVilbiss,ssistedyCaptainMichaelGold, aptainScottM. arlsonandMaryWhittaker,romheationalecuritygencyNSA).hisersionfhisdocumentwasevelopedyHoward.ohnson,nformationntelligenceciences,Inc.eviewingrganizationsupportinghisffort,esidesanySAorganizations,ncluded:ontelederalystems;TA,nc;CA;LA;OE;Grummanataystems;SA;ITRE;SA,ECOM;SA,SA;SAF,USCINCPAC/C3;SAF,FCC;SAF,FCSC;SMC;SN,TAC;SN,CTC ;andSN, ISMC.ndividualsnheserganizationsaveenerouslyftheirimeandexpertiseintheusefulreviewandcritiqueofthisdocument.


5/69

TABLEOFCONTENTS FOREWORD ACKNOWLEDGMENTSLISTOFF IGURES iLISTOFTABLES i

1.0GENERALINFORMATION1.1NTRODUCTION1.2PURPOSE1.2.1acilitatingtheContracting rocess1.2.2acilitatingairnessinCompetitiveAcquisition1.2.3inimizing rocurementCostandRisk1.2.4nsuringtheSolicitationisCompleteBeforeIssuance1. 3COPE

1.4ACKGROUND 2.0 PROCUREMENTPROCESS3 .0 REQUESTFORPROPOSAL

3.1ECTIONC- DESCRIPTIONS/SPECIFICATIONS3.2ECTION -STATEMENTSOFWORK(SOW)3 .3ECTION -DELIVERIESANDERFORMANCE 3 .4ECTION - SPECIALCONTRACTREQUIREMENTS 3 .5ECTIONJ-LISTOFDOCUMENTS,XHIBITS,ANDOTHER ATTACHMENTS3 .6ECTION -INSTRUCTIONS,CONDITIONS,ANDNOTICESTO .OFFERORS

3 .7 SECTIONM-EVALUATIONACTORSORAWARD 4 .0 OTHERCONSIDERATIONS 1

4.1ONMANDATORYREQUIREMENTSANDOPTIONS 1 4 .2VIDENCEAVAILABILITY 1 4 .3OCUMENTATIONCOST 1


6/69

4.4 INTERPRETINGTH ETCSEC 15 .0 STANDARDSOLICITATIONANGUAGE 3(TheremainderofChapter5isorganizedaccordingtoselectedapplicablesectionsoftheRequestfo rProposal(RFP)organization.)RFPSECTIONC -DESCRIPTIONS/SPECIFICATIONS/STATEMENTSOFWORK 5C.1 SCOPEOFCONTRACT(AUTOMATEDINFORMATIONSYSTEM-EQUIPMENT,SOFTWAREANDMAINTENANCE) 5 C.2 DETAILEDSPECIFICATIONS 5 C.2.1 DiscretionaryAccessControlSpecifications 5C.2.2 ObjectReuseSpecifications 6C.2 .3 LabelsSpecifications 7C.2 .4 LabelntegritySpecifications 8C.2.5 ExportationofLabeledInformationSpecifications 9

C.2.6 ExportationtoMultilevelDevicesSpecifications9C.2.7 ExportationtoSingle-LevelDevicesSpecifications 9C.2.8 LabelingHuman-ReadableOutputSpecifications 0 C.2.9 SubjectSensitivityLabelsSpecifications 1C.2.10eviceLabelsSpecifications 1C.2.11 MandatoryAccessControlSpecifications 2 C.2.12dentificationandAuthenticationSpecifications 2 C.2.13rustedPathSpecifications 4 C.2.14uditSpecifications 4 C.2.15ystemArchitectureSpecifications 6C.2.16ystemntegritySpecifications 7C.2.17overtChannelSpecifications 7C.2.18rustedFacilityManagementSpecif ications 8C.2.19rustedRecoverySpecifications 9C.2.20OperationalSecuritySpecifications 9

C.3 STATEMENTSOFWORK 1C.3.1 CovertChannelAnalysisStatementofWork 1C.3.2 TrustedRecoveryStatementofWork 2 C.3.3 SecurityTestingStatementofWork 2 C.3.4 DesignSpecificationandVerificationStatementofWork 3C.3.5 ConfigurationManagementStatementofWork 5C.3.6 TrustedDistributionStatementofWork 6C.3.7 SecurityFeaturesUser'sGuideStatementofWork 6C.3.8 TrustedacilityManualStatementofWork 7C.3.9 TestDocumentationStatementofWork 8C.3.10esignDocumentat ionStatementofWork 9

IV


7/69

RFPSECTION - DELIVERIESAND PERFORMANCE 1RFPSECTIONJ-LISTOFDOCUMENTS,EXHIBITS,ANDOTHER ATTACHMENTS 3 RFPSECTION - INSTRUCTIONS,CONDITIONS,ANDNOTICESTO OFFERORS 5 RFPATTACHMENTA- CONTRACTDATAREQUIREMENTSLIST(CDRL)FORMD1423 9 RFPATTACHMENTB- GLOSSARY1RFPATTACHMENTC- ACRONYMS 3 RFPATTACHMENTD- REFERENCES 5 (ThiscompletesChapter5an dorganizationaccordingtoth eRFP.)APPENDIXA BIBLIOGRAPHY 7


8/69

LISTOFFIGURESFigure2-1 SecurityRelatedAreas 5

LISTOFTABLESTable1-1 ProcurementGuidelineSeriesTable3-1 RFPOrganization 7TableF - 1 DataDeliverables 1

VI


9/69

1.0ENERALINFORMATION1.1NTRODUCTION

TheationalecuritygencyNSA)antsolarifyheomputerecurityaspectsfheepartmentfefenseDoD)utomatednformationystemAlb)acquisitionrocess.herefore,tsroducing ourolumeuidelineeries(referencednable-1ndoreompleteitlesnheibliography).hisdocumentisthesecondvolume.heseuidelinesarentendedfo rederalgencyuseinacquiringtrustedsystems.

Table-1 ProcurementGuidel ineSeriesAnIntroductiontoProcurementInitiatorsonComputerSecurityRequirements,December992 .LanguageforRFPSpecificationsandStatementsofWork-AnAidtoProcurementInitiators(thisguideline). ComputerSecurityContractDataRequirementsListandDataItem Descr ipt ions Tutorial(tobepublishedin993) .H owtoEvaluateaBidder ' sProposalDocument-AnAid toProcurementInit iatorsandContractors(tobepubl ishedin993) ._

DoDirective200.28,ecurityequirementsorutomatednformationSystemsAISs),rovidesecurityrequirementsconcerningllrotectionspectsfautomatednformationystems.tpecifiesoD200.28-STD,oDrustedComputerSystemEvaluationCriteria(TCSEC),stherequirementsourcefo rtrustedcomputersystems.heecondagef oD200.28 -STDtates:Thisocumentissedorovide asisorpecifyingecurityequirementsncquisitionspecifications."1.2 PURPOSE

Thentendedserfheocumentsheprocurementnitiator,"oncludeProgramManagers,sers,ndsecuritymanagers.heseindividualsmustwritetheRequestorroposalRFP),pecificallyection;ndhepecificationnd StatementfWorkSOW).olumefhisuidelineeriesiscussesheresponsibilitiesofdifferentrolesinprocurementinitiation.Theurposefhisocumentsoacilitateheontractingrocess,rovide

uniformitynompetitivecquisitions, inimizerocurementostndisk,voiddelaysinthesolicitationprocess,ndelpensurethesolicitationscompleteeforeitsissuance.1.2.1 FACILITATINGTH ECONTRACTINGROCESS

Thisuidelinerovidespecificationnd tatementfWorkontractanguagetorocure rustedystem,opefullyatisfiedy roductromheSA EvaluatedProductListEPL). (Note: ThePLsfoundnthenformationSystems


10/69

LANGUAGEFO RRF PSPECIFICATIONSANDSOWS

Securityroductsndervicesatalogue.)hisuidelineoesotddressGovernmentcertificationndccreditationasks.heuidelineswrittentonsuretheelectedystemwillrovidedequateecurity,whilevoiding ostlyolution.Thisdocumenthasnointentbeyondthesecurityaspectsofthesystem.DoDagenciesshouldusethisdocumentwheneverconsideringtheacquisitionf

trustedomputerystems.ystemecurityequirementsrerovidednontractlanguageorirectncorporationntonFP.heanguageuplicateshewordsandintentoftheCSEC.1.2.2ACILITATINGFAIRNESSINCOMPETITIVEACQUISITION

TheuidelinesnhisocumentupportherocurementfPLroductsnd cannlyemplementedfheequirementsorairompetitionreatisfiedftheserequirementsaveotbeenatisfied,herocurementcanesultn rotestandtheselectionmaypossiblybenullified. Theserequirementsinclude:a.ublicL aw98-369,CompetitioninContractingActof1984."b.itle41, nitedStatesCode,Section418,AdvocatesforCompetition."c.itle0, nitedStatesCode,Section2318,Advocatesfo rCompetition."d.oDnstruction000.2 ,DefensecquisitionanagementPolicy,ebruary23,991,p.5-A-2through4.e.oD 5000.2-M, Defense Acquisition Managementocumentation andReports,ebruary,991,.4-D-1-3d.(1).

1.2.3INIMIZINGROCUREMENTCOSTANDRISK VersionfhisrocurementuidelineeriessrittenolelyocquireproductsonthePL ,thatis,toenabletheprocurementinitiatortoobtainthosePL productsvailableorntegrationntonpplication,spposedoevelopinasystemthroughspecification.ForolutionshatsePLroducts,otnlyavehepecificationsfheevaluatedivision/Classeenatisfied,uthessuranceasksaveeencompletedndheequiredocumentationroduced.ertificationvidenceanalyses,ndperationalocumentsreviouslyroducedornSAvaluationmayevailableonsurerustworthinessndsedirectlyorertificationnd satisactionfequiredroposalndontractata.heesultsreessdevelopmentisknd owerverallostoheiddernd .onsequentlyoheGovernment.For efinedntityf ystemoeegardedsecurenheCSECensemeanshat,t inimum,llfheequirementsfomepecifiedCSECDivision/Classmustemet.hissiscussedurthernolume,Chapter3o callhatntity,orxample, lass2ntity,ouldequireSAvaluationsproductsatisfyingheClass2criteria.Thisonventionasevolvedvertheas tseveralearsohatroductsouldotemisrepresentednheirvaluationstatus.)


11/69

GENERALINFORMATION

AsuccessfulertificationvaluationfnntitywhichasoteenlacedntheSAEPL)annlystatethatvaluationndpprovalaveeenompletedspartofacertificationprocessagainsttheClassB2se tofrequirements.Therationaleforthisapproachisasfollows:al though Division/ClassftheCSECssedsheasisortheecurepartf ystem,herocurementnduildrocessanntroduceew ,conflictingrequirementsandrelax,einterpret,rchangetheintentofsomeofth existingCSECequirements.nlynxactvaluationaneterminethis.bheertificationvaluationrocessddressesheeedsf ingleimplementation.tasenerallyotxperiencedheinelyonedxpertiseofheSAvaluationrocessndersonnelndoesotaveheameassurancefo radditionalapplicationsasdoesanPLproduct.IfherereewerhanivetemsnhePLmeetinghetatedequirements(notjustsecurityrequirements),heFPwillotdictatethatantemomefromhe

EPLlso,therocessorlacementnthePListselfaestricted,Governmentcontrolledrocess.otateuch equirementnheFPouldonstitutediscriminationgainsttherendorsesiringoid.tlsoannotetatedhat,forxample,a2ystemsequired"ecausehatmpliesheolutionmustetakenromhePL .herefore,hepecificCSECequirementsecessaryomeetacertain ivision/Classatingmustepelledut,withouttatinghatthe2productsesired.owever,heesireorecreasediskndostcommono EPLproducts)isnormallyastrongfactorfo rsourceselection.1.2.4 ENSURING TH E SOLICITATION IS COMPLETE BEFORE

ISSUANCE IfwetrytousetheCSECcriteriaasRFPequirementsnxistentform,tisfoundthatthoseCSECcriteriaareno tpresentednthesameformndrderrequiredytheRFPheCSECmixessystemspecifications,workstatementsandroductsto bedelivered.hisguidelineorganizestheCSECrequirementsintoanRFPformat. 1.3 SCOPE

Thisuidelineeformatsndeordersheequirementsnto ormuitableorusenontractualocumentsndoesotevisehewordsnoD200.28-STD. Thisdocumentmightbethoughtofasndaptationfth eCSECfo rrocurement.Procurementonsiderationsreocumentedithinheuidelineodviseheprocurementnitiatorfactorsthatmaynfluencerocurementecisions,ncluding costontrol.llfheactorsreddressedsossibleugmentationsohespecificationlanguageprovided.ThissetoffouracquisitionocumentssottoemisunderstoodsoDolicywhentcomestoddressingheituationfcquiringomplexystemsomposedofmanyeterogeneousomponents.heeasonshatheoDolicyasotbeenfinalizedthataddressesystemswithombinationsofPLproductsndbuilt


12/69

LANGUAGEFO RRFPSPECIFICATIONSAND SOWS

andertified"ystemntities,whichmayrmayotse ivision/ClassriteriasrequirementsfromDoD5200.28-STD. Whatilleequiredororeomplicatedystemsille olicyorintegratingentities,toncludeeterminingnterfacerequirementsandglobaloliciestoeupportedcrossntities.soonsheseompositionoliciesressued

byth eoD,hisuidelineeries illepdatedoeflectolicyhanges.nhemeantime,orrogramManagersaced ithhemoreomplicatedituationsotcurrentlyealtwithnhiseries,tsopedhatherinciplesftheseuidelinescanextrapolated,singuidanceromheCSC-TG-005 ,rustedetworkInterpretationTNI)fherustedComputerSystemvaluationriteriaTCSEC);NCSC-TG-021 ,rustedDatabaseanagementSystemnterpretationTDI)fheTrustedComputerSystemEvaluationCriteria;andCSC-TG-009 ,ComputerSecuritySubsystemnterpretationCSSI)fherustedomputerystemvaluationCriteria.1.4 BACKGROUND

AederalGovernmentwarenessfheackfuidancenheecurityrenaledoheormationfheoDComputerecurityvaluationenterlaterheNationalomputerecurityenter).herustedroductvaluationrogram(TPEP)astartedorovidenindependentaboratory"ssessmentfcommercialproducts.TheCSECwasublishedn983ndevisedoecome oDtandardnDecember985orovideriteriaorvaluatingecurityeaturesndssurancerequirementsvailablentrusted,ommerciallyvailable,utomaticataprocessingsystems."Therocessorcquiringrustedystemsslightlyifferenthantheracquisitions.heajorifferencesrehat)heecurityequirementsay

become majoronstrainingactorneterminingheolutioneededomeettheremainingequirementsnd)herexists oidfcquisitionuidanceorIS security.Thehallengeorherocurementnitiatorsopecifyheequirements ith sufficientlarityndlexibilityochieveheesiredecurityunctionsi thoutlimitingth eingenuityandabilityoftheofferorstosupplyacompliantoverallsolution.


13/69

2.0 PROCUREMENTPROCESSTherocurementrocesssovernedyolicy.erethreetypesfpolicyre distinguished.heirstindfolicyseferredoimplysecurityolicyrregulatorypolicy.hisssecuritypolicythatappliestoalloDystems,ersonnel, andperations.ext,omputerecurityolicyrOMPUSEColicysrepresentedbytheDivision/ClasscriteriaintheCSEC.inally,perationalecuritypolicyshatecurityolicyssociated ith ivenpplicationncludingangefclassifications,angeofclearances,ategories,mode,andotherspecificoperationalsecurityecisionshatreade.perationalecurityolicyetermineshichDivision/Classshouldbeused.Therocurementrocesseginsithariousovernmentersonneldeterminingperationalequirements.ersonnelnclude,utreotimitedo,missionsers,rogram anagers,ndcquisitionepresentatives.herimarygoalsuringhishasencludeeterminingheivision/Classndodefoperation,aswellasidentifyingtherequiredsecurityfeaturesandassurances.Selectionfheseecuritypecificationsequires learnderstandingfhesystemsers'perationalndmissioneeds,heelevantoDecurityolicies,availableechnologies,ndheystem'sperationalnvironment.rocurementinitiatorsndfferorsmustlsoonsiderheecurity-relatedreasistednigure2-1elow.oredetailednformationconcerningthesesecurityareascanefoundin oD5200.1-R, oDDirective5200.28,and oD5200.28-M.

PhysicalSecurityCommunicat ionsSecurityProceduralSecurityEmiss ionSecurityPersonnelSecurity

Figure2-1 SecurityRelatedAreasTheesignatedApprovinguthorityDAA)sesponsiblendernclosure fDoDirective200.28oeterminehe inimumISomputer-basedecurityrequirementsfo rthemissionrofileoftheystemeingcquired.nyadjustmentstoomputerecurityvaluation ivision/Classpertep fnclosure) illave beenompletedriorosinghisuideline.he ivision/Classhatesultsrom thisssessmentmayehangedasedntheractorsonsideredyheAA.Theinal Division/Class assigned to the system will be used to isolatehe


14/69

LANGUAGE FO RRFPSPECIFICATIONSAN D SOWS

appropriateectionfthevaluationriterianheCSEC,whichsorqanizedvDivision/Class).LaterinChapter5ofthisdocument,wewilladdressspecificprotectiontopicsintheCSEC.hearagraphillesedhatorrespondsoheivision/Classbeingsupportedinthisprocurement.hapter5willidentifyboth ivision/Classand

theorrespondingCSECaragraphumbertossisttherocurementnitiatornconstructionoftheRFP.Workingwithacquisitionpersonnel,theprocurementinitiatorsshouldconsultthisguidelinesingheivision/Classelectedorheystem.hepecificationlanguageontainednreferencedyhisuidelineaneppliedirectlyoselectedeaturesndssurances.hetatementsanemplifiedoeetspecificoperationalequirements.rocurementnitiatorsandcquisitionersonnelmustensurethatthesecurityspecificationsandworkstatementsinSectionCoftheRFPallowEPLsolutions,donotprecludeothersolutions,andarecompliantwiththeDAA'saccreditationrequirements.SAiseagertohelpinthisdetermination.he requirementsoftheTCSECwillbecarriedthroughthedevelopmentlifecycleofthesystem:RFP,contract,test,certification,andaccreditation.


15/69

3 .0 REQUESTFORPROPOSALTheRFPsthefocusofthisrocurementguidelineeries.standardFPas thirteenections,achesignatedyaetterofthelphabetseeable-1).heprocurementnitiatorrovidesnputondeviewfllfheseections.hemajorityfheroceduralnformationsontrolledirectlyyherocurementactivity.ecurityelevantectionsmportantoherocurementnitiatornd addressedintheremainderofthisdocumentarehighlighted.

Table3-1 RFPOrganizat ionLetterAB C DEFGH IJ K

LM

SectionTitle Solicitation/ContractForm,StandardForm33SuppliesorServiceswithPricesandCostsDescriptions/Specifications/StatementsofWork PackagingandMarkingInspectionandAcceptanceDeliveries andPerformanceContractAdministrationDataSpecialContractRequirementsContractClausesListofDocuments,xhibitsandOtherAttachmentsRepresentations,CertificationsandOtherStatementsofOfferorsorQuotersInstruct ions,Condi t ions ,andNoticestoOfferorsEvaluationactorsfo rAward


16/69

LANGUAGE FO R RFPSPECIFICATIONSAND SOWS

3.1ECTIONC-DESCRIPTIONS/SPECIF ICATIONSTheirstar tfection escribesheechnicalequirementsohefferor,includingheecurityequirements.heectionsmissionser-oriented,nd illnormallyontain SpecificationrRequirementsectionhataysutheeaturesandapabilitiesoencludednheystemoatisfyissionecurityrequirements.hisuidelineasonsolidatedheecurityunctionalityrequirementsoftheTCSEC. ThiswillbeaddressedindetailinChapter5.3 .2ECTIONC-STATEMENTSOFWORK( SOW)Theecondartfection dentifieshepecificasksheontractor illperformuringheontracteriodndncludeecurityelatedasking.heOW couldncludeasksuchsystemngineering,esign,nduild.orecurity,StatementsfWorkncludeontractoraskingecessarytochievepecificevelsofssurance,ncludingtudiesndnalyses,onfigurationmanagement,ecuritytestandevaluationsupport,delivery,andmaintenanceofthetrustedsystem.heseworkstatementslsopecifytheevelopmentftheequiredocumentationoeprovidednderheontractataRequirementsistsCDRLs) .hisilleaddressedindetailinChapter5.3 .3ECTION -DELIVERIESANDPERFORMANCE Thisectionoverseliveryndnstallationequirements.pecialeliveryrequirements,specifiednheCSEC,eedoencluded.erformancerequirementsorherustedystemilllsoeiscussed.hisectionilleaddressedfurtherinChapter5ofthisguideline.

3 .4ECTIONH-SPECIALCONTRACTREQUIREMENTS Thisectionfheolicitationontainslauseshatrepeciallyailoredoreachcquisition.ypicaltopicsoverednclude:iteccessndreparation,atarights,aintenance,iquidatedamages,ndrainingesponsibilities.l thoughthesereotddressedpecificallynhisuideline,heyreftenopicsfconcerntotheprocurementinitiatoroftrustedsystems.

3 .5ECTION ISTFOCUMENTS, EXHIBITSNDTHER ATTACHMENTS Thissectionontains istofdocuments,xhibits,ttachments,ndtherformsusedtobuildandexecutetheRFP.hereareusuallyaseriesofattachments,ach

oneedicatedo istfpecifictems.ttachmentsddressedythisuidelineseriesincludethefollowing:a.heontractDataequirementsistCDRL).teferencespecificataItemescriptionDID)equirements,hichrerovidednolume fheProcurementGuidelineeriesndlsoreeferencednFPAttachmentcontainednChapter.achOWasksinkedonermoreDRLs;eachDRLdentifies ocumentorotherdatathatthefferorisequiredo deliver,long ithpecificnformationbouthatocumente.g.chedule,numberandfrequencyofrevisions,istribution). AssociatedwithachDRL 8


17/69

REQUESTFOR PROPOSAL

is a DIDhat specifieshe document's content and format. Whererequirementsdiffer,thereareuniqueDiDsfo reachDivision/Class.blossary.venhoughtsresentedeparately,helossarysnimportantar tfhepecificationsndhe tatementsfWorkecausetpreciselydefinestermsandfurtherclarifiesthelanguageintent.heglossary

isincludedasRFPAttachmentBinChapter5ofthisguideline. ccronyms.cronymssedntheFPmusteefinedntheirfirstsendmustlsoedentifiednheccompanyingcronymist.cronymsre includedasRFPAttachmentCinChapter5ofthisguideline.deferences.eferencesaveeendentifiedorncorporationntoheFP. Termsupportndreompatible ithhepecificationanguage,ndssuch,ecomenntegralart.heeferencesreorechnicalupportinginformationndhouldotenterpretedsequirements.eferencesre includedasRFPAttachmentDinChapter5ofthisguideline.

3 .6ECTION -NSTRUCTIONS,ONDIT IONS,NDOTICESO OFFERORS

Thissectioncontainstheinstructionsandconditionsofth eacquisition.tinformsofferorsfheirctionsndesponsibilities,fheyrelanningoubmitproposaltoversuchhingssroposalormat,ra lresentations,ndheproposalreparationnstructions.roposalreparationnstructionsanesedoandvantageyequiringhefferorsoubmitutlinesfowhey illonductSOWtasking.hiswillssistinnderstandingtheofferor'stechnicalpproachnd allowassessmentoftheirunderstandingfthetechnicalequirements.hiswilleaddressedindetailinChapter5ofthisguideline.3 .7ECTIONM-EVALUATIONFACTORSFORAWARD Thisresentsoheidderheasisfwardndowroposalsilleevaluated.thouldeakenromheGovernment'sroposalvaluationriteria,addressedinVolume4ofthisguidelineseries.


18/69

LANGUAGEFORRFPSPECIFICATIONSAN D SOWS

THISPAGEI NTENT IONALLYLEFTBLANK

10


19/69

4.0THERCONSIDERATIONSThererethermportantactorsoonsidereforeheFPanguagespresented.

4.1ONMANDATORYREQUIREMENTSANDOPTIONSAnalternativeforprocurementinitiatorsistospecifynonmandatoryrequirements.TheseequirementsrelacednheFP.heiddermayespondoheserequirementsrhooseotoespond.heidder illoteenalizedorotrespondingrfo rroposingnnacceptableesponse.heidderan,owever,gainpointsiftheapproachisdeemedacceptablebytheevaluators. NonmandatoryrequirementsandolutionscanlsoeroposedytheidderifthissllowedyheFP.gainidders illoteenalizedorotroposingnonmandatoryequirements,orroposingnacceptableequirements,orproposingnacceptableolutions,rorroposingnacceptableesirableptions orfeatures.heycanainointsyroposingcceptableolutionstocceptable

requirements,whethertheserequirementsbecomepartofthecontractornot.OptionsarerequirementsthatmaybeproposedytheGovernment,utthatare notecessarilyntendedoeurchasedtheameimesheestfhefeatures.heGovernmentmaytillwanttheseptionsddressednheroposalandevaluatedasiftheyweremandatoryrequirements.4 .2VIDENCEAVAILABILITY

Though endoruppliesSA ithvidenceoupport roductvaluation,theGovernmentdoesno tnecessarilyhaverightstothatdocumentation.norderto obtainertificationvidence,venhedenticalocumentsrovidedorroductevaluation,heGovernmentmusttasktheevelopmentofth eocumentationntheStatementfWorkndeliverynheDRL .fourse,nlyhatocumentationthatisrequiredfo rcertificationandoperationshouldbespecified.4.3OCUMENTATIONCOST

Theostorperationalecurityocumentatione.g.ecurityeatureUser'sGuideandTrustedacilityManual)aneincurredwithinth econtractordirectlybytheGovernment.ontractostsncurredfheperationalecuritydocumentationspecificallyalledutnheFPndhereforeeneratedoGovernmenttandardsyhefferor.heostwouldencurredirectlyyheGovernmentfhecquiringgencyrogramanagerntendsoevelophedocumentationnternally.hisakesheystemppearessxpensive.Unfortunately,serseldomavehexperiencendxpertiseecessaryogeneratehisniqueypefocumentation.hisaneadoostrowthmanifestedincontractEngineeringChangeProposals(ECPs).4 .4NTERPRETINGTH ETCSEC

ThehilosophyofthisdocumentistoresentthewordsftheCSECandthenplacetheesponsibilityfo rchangesntheandsfth erocurementnitiator,llthe1 1


20/69

LANGUAGEFO R RFPSPECIFICATIONSAND SOWS

whilearningfheitfalls.heestpproachsorhenitiatororoposechangesndavehemeviewedySA,rometherquivalentecurityorganization,ossessmpact.aremusteakenottoestrictotentiallyvalidsolutionswhenwritingthespecificationorStatementofWorksectionsofth eRFP.Thefeaturesndssurancesor ivenCSECDivision/Classrenseparable.Ifequirementsraskingsreliminatedrom pecificevelfrust,henhatlevelcannotbecertified.frequirementsareadded,xistingPLsolutionscouldbeeliminated.TherustedComputingaseTCB)sheotalityfrotectionmechanisms,hardware,oftwarend/orirmware,heollectionfwhichsesponsibleorenforcingecurity.heTCBsthetrustedart,utno tnecessarilythetotal,ftheofferor'ssolution.

12


21/69

5 .0 STANDARDSOLICITATIONLANGUAGE Tossistheeader,hearagraphumberinghatollowsssnemightexpecttofindtintheFP.hishapterdentifiestheanguageoesednheRFP.Certainconventionsareusedinthischapter.hewordsinoldareeitherwordsintendedforuseintheRFPorreferencestowordsintendedfo ruseintheRFP.orexample,oldaragraphsormallyeferencepecificaragraphsfoD200.28 -STDhatreuggestedorseerbatimnheFPocument.aragraphsapplicabletoonlyaDivision/Classrangewillavethatrangenarenthesesriorto thearagraphrgroupfaragraphs.aragraphsnwhichheDivision/Classre absentareapplicabletoallDivisions/Classes(C2-A1).TopicsinSectionCaredividedintoparagraphsasfollows:a.ex tfhepecificationrtatementfWork.heserewordsrreferencestowordssuggestedfo rinclusionintheRFP.b.mportantReferences.heseeferenceshouldencludednheFP. TheyaregenerallyguidelinesntendedtoexplainndnterprettheCSECfo rtheidder.heseeferencesilleedundantlyontainednheistfreferencesaccompanyingtheRFP.tisimportanttoemphasizethateventhoughthesereferencesareboldndwillecontainedntheFP,theyarenotRFPrequirements.c.rocurementConsiderations.eressuesreiscussedhataverisennpreviousrocurementsrreptorisenuturerocurements.heseissueshouldeonsideredyherocurementnitiatornheontextfhis/herarticularrocurementoircumventossibleaterontractualrcertificationroblems.heseonsiderationsreotomplete,utfferguidanceasednnownxperiences.heyreotnoldndhereforeweootutomaticallyntendheirnclusionnheFP.nlyfheprocurementnitiatorecidesomakehemequirementsillheyeincludedintheRFP.

Thetandardanguagendormorherustedlementsf ecureystem,alongithmportantiscussion,rerovidednheemainderfhishapter,organizedaccordingtoasubsetofthesectionsoftheRFP.

13


22/69

LANGUAGE FO RRFPSPECIFICATIONSAND SOWS


14


23/69

STANDARD SOLICITATIONLANGUAGE

RFPSECTIONC-DESCRIPTIONS/SPECIFICATIONS/STATEMENTSOFWORKC.1 SCOPE FCONTRACTAUTOMATEDNFORMATIONYSTEM-EQUIPMENT,SOFTWAREANDMAINTENANCE)

Theontractorhallurnishhequipment,oftware,ocumentat ion,nd othercontractorworkrequiredfo rinstallationandsupportofalli temssuppliedunderhisontract.uchtemshalleuppliednonformancewithhetermsandconditionsofth econtract.C.2 DETAILEDSPECIFICATIONS

Detailedechnicalpecif icationsreoundnhisection.helossaryandcronymseferencednection ndt tachedoh isFPre consideredtobepartofthisspecif ication.C.2.1 DISCRET IONARYACCESSCONTROLSPECIFICATIONS TextoftheSpecification

Whereth eiven ivision/Classspplicable,heorrespondingectionfth eCSEChouldeepeatednhepecificationortionfheFPverbatim:ForClassC2,repeatTCSECSection2.2.1ForClassB1,repeatTCSECSection3.1.1ForClassB2,repeatTCSECSection3.2.1ForClassB3,repeatTCSECSection3.3.1ForClassA1,repeatTCSECSection4.1.1

ImportantReferencesNote:eferencesarefo rinformationonlyand,nlessspecifiedlsewhere,arenottobetakenasrequirements. NCSC-TG-003, GuideonderstandingDiscretionaryAccessControinTrustedSystems,September30,1987.

DiscretionaryAccessControlProcurementConsiderationsUnauthorizedsersncludeothhoseotuthorizedoseheystemndlegitimatesersotuthorizedoccess pecificiecefnformationeingprotected. "Users"onotinclude"operators,"systemprogrammers,"SecurityOfficers,"andtherystemupportersonnel. Theatterreistinctromsersndre

1 5


24/69

LANGUAGEFO RRFPSPECIFICATIONSAND SOWS

subjecto the Trusted Facility Management and the System Architecturerequirements.Deletionfubjectse.g.,sers)ndbjectse.g.,ata)s otentialroblem.Themechanismhouldandletheeletionffectively,makingertainhatanglingreferencesdono tgrantunintendedaccess.Thebilityossignccessermissionsonbjecty serhouldecontrolledwithheamerecisionshebilitytoccesshebjectshemselves.Fourbasicmodelsfo rcontrolexist:hierarchical,onceptofownership,aissez-faire,andcentralized. ThesearediscussedinCSC-TG-003 . TheTCBshouldenforceneed-to-knowaccessrestrictionsplacedonnformationmanagedythenformationystem.heeed-to-knowccessestrictionsortheinformation,henreatedrhanged,houldeeterminedyhefficefprimaryesponsibilityortheriginatorofthenformation.nlyserseterminedtohaveappropriatelearancesndditionoequiredneed-to-know"ornformationshouldbeallowedtoaccesstheinformation.Theesignmustonsiderhatiscretionaryccessontrolssuallysedorbothuseraccesscontrolandsystemaccesscontrol.orexample,th eystemmaycontaineveralypesfbjectsknownsublicbjects)hatreesignedoereadyllsers,rxecutedyllsers,utllowingnlyrustedubjectsmodificationprivileges.DiscretionaryaccesscontrolwillotstopTrojanorses.nttackercantrickmorerivilegedsertoun programontaining Trojanorsethatinturnopiestheuseraccessfilestotheattackersaddressspace.rojanorsesreddressedinCSC-TG-003 . Theommercial-off-the-shelfCOTS)ystemsayaryithespectohegranularityfbjectsohichiscretionaryccessontrolspplied.enerally,

theyarerganizedtorovideiscretionaryaccessontrolDAC)ttheileevelrathepplicationevel.atabaseesignanftenandleheaseshendifferentlevelofgranularityisdesiredytheprocuringagencysothatPLproductscanapply.heprocuringgencyshouldtakeparticularcare,wheneverpossible,to writeFPpecificationsorAChataneetyteastomexistingcommerciallyvailableroducts.ThissurtherddressednVolume,Chapter3.) C.2.2 OBJECTREUSESPECIFICATIONS TextoftheSpecificationWhereheiven iv is ion/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFPverbatim: ForClassC2,repeatTCSECSection2.2.1 .2 .ForClassB1,repeatTCSECSection.1.1.2.

16


25/69


ForClassB2,repeatTCSECSect ion3.2.1 .2 .ForClassB3,repeatTCSECSect ion3.3 .1 .2 .ForClassA1,repeatTCSECSect ion4.1.1 .2 .

ImportantReferencesNote:Referencesare fornformationn lynd ,nlesspecifiedlsewhere,are nottobe takenasrequirements.NCSC-TG-025 , uideonderstandingataemanencenutomated

InformationSystems,September991 .NCSC-TG-018 , GuideoUnderstandingObjectReusenTrustedSystems,

July,1992 .ObjectReuseProcurementConsiderations

Theurposefbjecteusemechanismssoreventisclosurefensitiveinformationynsuringhatesidualnformationsoongervailable.hisobjectivecanbeachievedbyclearingobjectseitheruponallocationordeallocation.Objecteuses oncernhennbjectsotullyllocated,hatshegranularitysargerthantheata.hebjecteuseequirementmusteatisfiedbasedontheobjectsize,otthedataallocation.C.2.3 LABELSSPECIFICATIONS TextoftheSpecif icationWhereheiven iv is ion/Classsppl icable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFPverbatim:ForClassB1,repeatTCSECSection3.1.1 .3 .ForClassB2,repeatTCSECSection3.2.1.3. ForClassB3,repeatTCSECSection3.3 .1 .3 .ForClassA1,repeatTCSECSection4.1.1 .3 .

ImportantReferences(None)

LabelsProcurementConsiderationsThetranquilityrincipletatesthattheecurityevelfnbjectannothangewhilehebjectseingrocessedy ystem.heameanetatedboutchangestoecuritylearances.hiss riticalrea,othromhetandpointfchangesnlybeingnvocableyanuthorizedndividualndertheirectcontrolf

17


26/69


theTCBandensuringth esystemannotbepoofedwhenuchhangesareeingmade.Labelingfatasotsedolelyoontrollassifiednformation.hemandatorypolicycanalsobeusedfo runclassifiedsensitiveorprivacyapplications.Adistinctionmustbemadeetweenobjectsthatareexplicitlylabeledandthosethatremplicitlyabeled.orxample, abeledilemayontainmanytuplesrrecordsmediatedbythereferencemonitor.InternalCBariableshatreotisibleontrustedubjectseedotelabeled,providedtheyareno tdirectlyorindirectlyaccessiblebysubjectsexternalto theCB.owever,tsmportantonderstandhatuchnternalariablesan functionsovertignalinghannelshenntrustedubjectsrebleoetectchangesinthesevariablesbyobservingsystembehavior.

C.2.4 LABELINTEGRITYSPECIFICATIONSTextoftheSpecificationWhereheiven ivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFPverbat im:ForClassB1,repeatTCSECSection3.1 .1 .3 .1 .ForClassB2,repeatTCSECSection3.2 .1 .3 .1 .ForClassB3,repeatTCSECSection3.3 .1 .3 .1 .ForClassA1,repeatTCSECSect ion4.1 .1 .3 .1 .

ImportantReferencesNone

LabelIntegrityProcurementConsiderationsCareisneededwhenpecifyingthemeansofbindingnbjectandtslabel.cryptographicechanismsnefmanypproachesdequateorovideassuranceofthebindingsinceth erelationshipandcontentarepreserved,andthereisprotectionfromdisclosure.Theormfnternalensitivityabelsmayifferromheirxternalexported)

form,utthemeaningmustberetained.C.2.5 EXPORTATIONOFLABELEDINFORMATIONSPECIFICATIONS TextoftheSpecificationWhereheiven iv is ion/Classspplicable,heorrespondingectionf

18


27/69


theCSEChouldeepeated inhepecification portion ofhe RFPverbatim:ForClassB1,repeatTCSECSection3.1.1.3.2. ForClassB2,repeatTCSECSection3.2.1 .3 .2 .ForClassB3,repeatTCSECSection3.3 .1 .3 .2 .ForClassA1,repeatTCSECSection4.1.1.3.2.


ExportationofLabeledInformationProcurementConsiderationsChangesnesignationhouldemadey roperlyuthorizedndividual,normallyth eystemAdministratorortheecurityOfficer,onsideringhetranquility

principle.uchchangesareauditable. C.2.6 EXPORTATIONTOMULTILEVELDEVICESSPECIFICATIONS TextoftheSpecif icationWhereheiven ivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFP verbatim: ForClassB1,repeatTCSECSection3.1.1.3.2.1. ForClassB2,repeatTCSECSection3.2 .1 .3 .2 .1 .ForClassB3,repeatTCSECSection3.3 .1 .3 .2 .1 .ForClassA1,repeatTCSECSection4.1.1.3.2.1.


ExportationtoMultilevelDevicesProcurementConsiderationsTheensitivityabelfnbjectmportedo multilevelevicemustewithin

therangeofthedeviceandconsideredtobeaccuratebytheTCB.tisconsideredtoeccurateecausetaseenrotectedyheecuritymechanismsfheenvironmentthroughwhichithastraversedbeforeitreachesth emultileveldevice.C.2.7 EXPORTATIONTOSINGLE-LEVELDEVICESSPECIFICATIONS TextoftheSpecification

19


28/69

LANGUAGEFORRF PSPECIFICATIONSANDSOWS

Whereth egiven ivision/Classspplicable,th eorrespondingectionfth eCSEChouldeepeatednhepecificationortionfheFPverbatim:ForClassC2,repeatTCSECSection2.2.1.3.2.2.ForClassB1,repeatTCSECSection3.1.1.3.2.2.ForClassB2,repeatTCSECSection3.2.1.3.2.2.ForClassB3 ,repeatTCSECSection3.3.1.3.2.2.ForClassA1,repeatTCSECSection4.1.1.3.2.2.


ExportationtoSingle-LevelDevicesProcurementConsiderationsSometimesoperationalseofasingleleveldeviceisactuallytobeatonelevelfo raperiodoftimeandthentowitchonotherevel.eretswisetomploylabels.flabelsarenotused,thentranquilitymustbeobservedduringconfiguration changewithapositiveactiontoensurethelevelofthedeviceisknowntousersandobservedbythereferencevalidationmechanism.

C.2.8 LABELINGHUMAN-READABLEOUTPUTSPECIFICATIONS TextoftheSpecification

Whereth eiven ivision/Classspplicable,th eorrespondingectionfth eCSEChouldeepeatednhepecificationortionfheFPverbatim:ForClassB1,repeatTCSECSection3.1.1.3.2.3.

ForClassB2,repeatTCSECSection3.2.1.3.2.3.ForClassB3 ,repeatTCSECSection3.3.1.3.2.3.ForClassA1,repeatTCSECSection4.1.1.3.2.3.


20


29/69


LabelingHuman-ReadableOutputProcurementConsiderationsTheystemdministratorsheuser"esignatedopecifyherintedrdisplayedensitivityabelhatsoessociated ithxportednformation.heTCBisrequiredtomarkthebeginningndendofallumaneadable,aged,ard-copyutputithensitivityabelshatroperlyepresentheensitivityfhe

output.hishelpsusersprotectdatatheyareusing.C.2.9UBJECTSENSITIVITYLABELSSPECIFICATIONSTextoftheSpecif icationWheretheiven ivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheI-Hverbat im:ForClassB2,repeatTCSECSect ion3.2 .1 .3 .3 .ForClassB3,repeatTCSECSect ion3.3 .1 .3 .3 .ForClassA1,repeatTCSECSection4.1 .1 .3 .3 .


SubjectSensitivityLabelsProcurementConsiderationsNone

C.2.10 DEVICELABELSSPECIFICATIONS TextoftheSpecificationWhereheiven ivision/Classspplicable,heorrespondingectionf

theCSEChouldeepeatednhepecificationortionfheFP verbatim:ForClassB2,repeatTCSECSection3.2.1.3.4. ForClassB3,repeatTCSECSection3.3 .1 .3 .4 .ForClassA1,repeatTCSECSection4.1 .1 .3 .4 .


DeviceLabelsProcurementConsiderationsNone

21


30/69

LANGUAGEFO RRFPSPECIFICATIONS AND SOWS

C.2.11 MANDATORYACCESSCONTROLSPECIFICATIONSTextoftheSpecification

Wheretheiven ivision/Classspplicable,theorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFPverbatim:

ForClassB2 ,repeatTCSECSection3.2.1.4.ForClassB3 ,repeatTCSECSection3.3.1.4.ForClassA1,repeatTCSECSection4.1.1.4.TCSECSection9.0,AGuidelineonConfiguringMandatoryAccessControlFeatures."


MandatoryAccessControlProcurementConsiderationsNone

C.2.12 IDENTIFICATIONANDAUTHENTICATIONSPECIFICATIONS TextoftheSpecification

Wherethegiven ivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFPverbatim:ForClassC2,repeat7CSECSection2.2.2.1.ForClassB1 ,repeatTCSECSection3.1.2.1.ForClassB2,repeatTCSECSection3.2.2.1.ForClassB3,repeatTCSECSection3.3.2.1.ForClassA1,repeatTCSECSection4.1.2.1.

ImportantReferencesNote:Referencesareforinformationonlyand,nlessspecifiedlsewhere,arenottobetakenasrequirements.CSC-STD-002-85,DepartmentfefenseDoD)asswordanagementGuideline,April12,985.

22


31/69


NCSC-TG-017, GuideoUnderstandingdentificationandAuthenticationinTrustedSystems,September1,991 .IdentificationandAuthenticationProcurementConsiderations

Thisubjectsiscussednolume,Chapter ftheProcurementGuidelineSeries.Technologyasrovidedechniquesndroductshataryreatlynermsfreducingttackiskwhileatisfyingheseequirements.herocurementnitiatorshouldnsurethattheolutionhatatisfiesheequirementsslsotate-of-the-artnevelfrotectionndonsistentithheequirementsfhisarticularapplication.

Toeffective,uthenticationmechanismsustniquelyndnforgeablyidentifynndividual.dentificationnduthenticationatasulnerableointerceptionynntrudernterposedetween serndheCB.ompromisemayesultrommishandlingff-lineersionsfheatae.g.,ackupiles,aultinducedystemumps,ristings).ven ne-wayncryptedileanecomparedithnncryptionictionaryfrobableuthenticationata,fheencryptionalgorithmandkeyareknown.

(ClassesB1-A1)uthorizationsncludeunctionalolesssignedondividuals. Mostrolescanonlybeoccupiedyonepersonatatime. rolehasitsownetofauthorizationshatreormallyifferenthanheuthorizationsivenoheindividualshoanssumeheole.nndividualhouldotellowedoassumearoleandoperateasanindividualatthesamet ime.Ifasswordsreoesed,nutomaticasswordeneratorstronglyrecommended.fsersrellowedoicktheirwnpecificuthenticators,heirbehaviorstereotypicalnoughoermituessingreproducing.asswordgeneratorsreavailablethataveeenndorsedySAandanebtaineds

Governmentoff-the-shelfitems.Passwordgingsnmportantonsiderationhatanenforcedadministrativelyorbytheidentification/authenticationfunction.Smartardsndiometricpproachesreffective,speciallywhenheyaugmentapasswordapproach.Wheneverheubjectsnperatingomputerrogrami.e., rocess),hatprocesshalleirectlyssociated ithustnendividualser,.e.,heersonbeingervedyherocess.fherocesss ystem-ownedrocesse.g.,backgroundrocessuchs rintpooler),heersonssociatedithhe

processisgenerallyconsideredtobetheecurityOfficer,th eSystemAdministrator,ortheoperatorwhonitiatedtherocess.heecurityevelndtherubjectata thatannfluenceccessecisionshallewithinheangefersonnelecurityclearancesassociatedwithth eindividualuser.

23


32/69

LANGUAGE FO RRFPSPECIFICATIONS AN D SOWS

C.2.13RUSTED PATH SPECIFICATIONS TextoftheSpecificationWhereheiven iv is ion/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFP

verbatim:ForClass2,repeatTCSECSection3.2.2.1.1. ForClassB3,repeatTCSECSection3.3 .2 .1 .1 .ForClassA1,repeatTCSECSection4.1 .2 .1 .1 .


TrustedPathProcurementConsiderationsItismportanttootethatthententistorotectidentificationnduthenticationdataatthe2evel,whiletthe3nd1evelsllntercommunicationsetweentheTCBandtheusercanbeprotected.Technologyisrovidingroductsthatgreatlyreducetheossibilityofsuccessfulattacksnvolvingthetrustedath.herocurementnitiatorhouldnsurethatthesolutionthatsatisfiestherequirementsisalsostate-of-the-artinlevelofprotection.

C.2.14UDITSPECIFICATIONS TextoftheSpecificationWhereheiven iv is ion/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFPverbatim:ForClassC2,repeatTCSECSection2.2.2.2. ForClass1,repeatTCSECSection3.1.2.2. ForClassB2,repeatTCSECSection3.2.2.2. ForClassB3,repeatTCSECSection3.3.2.2. ForClassA1,epeatTCSECSection4.1.2.2.

ImportantReferencesNote:Referencesrefornformationn lynd ,nlesspecifiedlsewhere,arenottobetakenasrequirements.

24


33/69


NCSC-TG-001, GuideoUnderstandingAuditnTrustedSystems,June,1988 .AuditProcurementConsiderations

TheptionhouldxisthatitheromemaximumfecurityelatedctivitiesbeuditedrhatheystemAdministratorelectventsoeuditedasednoverheadconsiderations.

AnuditcontrolwitchvailabletotheSystemAdministratorcanllowselectionofauditlevels,utevertollowessthanomeequiredminimumseterminedbytheDAA.Aequirementxistshatuthorizedersonnelhallebleoeadllventsrecordednheuditrail.electionptionsequiredhatmayitherepreselectionorapostselectionoption.hepreselectionoptionimitsth eauditdatarecorded.hepostselectionoptionreducesthedataanalyzedfromthatrecorded.Switchesandoptionsmustno tviolatetherequirementsandintentoftheTCSEC.Theauditinformationhouldesufficienttoeconstructacompletesequenceofsecurityelatedvents. Auditnalysisoolsanreatlynhancehefficiencytheuditontrolunctionorheystemdministrator. (SeeNCSC-T-uui tor

furtherdiscussion.)TheapabilityhoulderovidedoreventystemAdministratorndSecurityOfficerfunctionsfromturningoffauditingormodifyingthoseresults.Onlyth eSystemAdministratororSecurityOfficershouldbeabletoselectwhatistobeauditedfromotherevents.(ClassesB3-A1)heequirementomonitorheccurrencerccumulationofecurityuditableventshatmayndicatenmminentiolationfecuritypolicy"subjectonterpretation.tsheopicfnntireubfieldfecurityknownsntrusionetection.heAAmusteterminehatseasonablennecontextoftheparticularapplication.(ClassesB3-A1)Iftheccurrencerccumulationfheseecurityelevanteventsontinues,heystemhallakeheeastisruptivectionoerminateheevent."hepproachtakenserypplicationeculiarndheAAmustfurtner

specifyth eactiontobetaken.

25


34/69

LANGUAGE FO R RFPSPECIFICATIONSAND SOWS

C.2.15YSTEMARCHITECTURESPECIFICATIONS TextoftheSpecificationWhereheiven iv is ion/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFP

verbatim:ForClassC2,repeatTCSECSection2.2.3.1.1. ForClassB1,repeatTCSECSection3.1 .3 .1 .1 .ForClassB2,repeatTCSECSection3.2 .3 .1 .1 .ForClassB3,repeatTCSECSection3.3 .3 .1 .1 .ForClassA1,repeatTCSECSection4.1 .3 .1 .1 .


SystemArchitectureProcurementConsiderations"Domain"ssednheCSECefersoheetfbjects ubjectasheabilitytoaccess.tis,fo rexample,theprotectionenvironmentinwhichaprocesssexecuting. Domainissometimesalsocalledcontext"r"addressspace."Protectionranularityanenssue.inerranularitye.g., ewytes)sidealorrovidingreciseontroldownoheyterwordevel),utequiressignificantamountofcomputeroverheadtomaintain.hetrade-offusuallymades

toaveoarserranularitye.g.,024ytelocks)oeduceardwareomplexityandetaincceptableerformance.SeeVolume,Chapter fhisuidelineseries.)Anmportantonsiderationsensitivityabelmappingorotectionomainmechanisms.ardwarefeaturesusuallycalledkeys")llowtheTCBtossociatespecificardwareregisters"ithheainmemoryreasdomains)heyre protecting.herehouldeufficientypesndumbersfregisters"onsuretheumberfensitivityabelsornformationnheystemanedequatelymapped.ommonwaystoachievethesecapabilitiesarethroughDescriptorase Registers,"BoundsRegisters,"ndVirtualMemoryMappingRegisters,"lthoughotherapproachesmayalsobeused.Asynchronousventsreotredictablee.g.,rrivalf message,herinterrunningutfaper,rommunicationsinkrrors).synchronousventmechanismsreardwareeatureshatandlehenpredictable,suallyy"interrupting"herocessor.ncenterrupted,herocessorheneals ithheevent.nterpretationfoD200.28 -STD illrobablyequireardwareeaturesthat illauseherocessoroecognizendespondopecificsynchronousevents,uchssecurityolicyiolations"inoD200.28-STDhrasing,violationsfheimpleecurityropertyrta rroperty).nlessardwarefeaturesupportheseroperties, software mustnterpretheesultsfvery

26


35/69


operation,ausing evereerformanceenalty. Theenaltymayomentoconflictwithmissionperformancerequirements.C.2.16YSTEMINTEGRITYSPECIFICATIONS Textofth eSpecif icationWhereheiven iv is ion/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFP verbat im:ForClassC2,repeatTCSECSection2.2.3.1.2. ForClassB1,repeatTCSECSection3.1.3 .1 .2 .ForClassB2,repeatTCSECSection3.2.3.1.2. ForClassB3,repeatTCSECSection3.3.3.1.2. ForClassA1,repeatTCSECSection4.1.3.1.2. ImportantReferencesNone

SystemIntegrityProcurementConsiderationsSystemntegrityequirementsmusteatisfiednheperationalystem,otjustdemonstratedaspartoftest.heAAshallstablishthefrequencywithwhichsystemntegrityvalidationmusteccomplishedndtshouldencorporatednto

proceduralsecurity. C.2.17 COVERTCHANNELSPECIFICATIONS TextoftheSpecif ication(Classes2-A1)hereverossible,overthannelsdent i f iedyhecoverthannelnalys iswithandwidthshatxceed atefneitnen secondsshouldbe el iminatedortheTCBshouldprovidethecapabilityto audit

theiruse.ImportantReferences

Note:Referencesrefornformationn lynd ,nlesspecifiedlsewhere,arenottobetakenasrequirements.ForClassB2,TCSECSection3.2 .3 .1 .3 .

ForClassB3,7CSECSection3.3 .3 .1 .3 .ForClassA1,TCSECSection4.1 .3 .1 .3 .TCSECSect ion8.0,"AGuidel ineonCovertChannels."

27


36/69

LANGUAGEFOR RFP SPECIFICATIONSANDSOWS

CovertChannelProcurementConsiderationsTheCSECnlyequireshenalysisfoverthannels,radeoffsnvolvednrestrictingthehannels,nddentificationftheuditableventshatmayesed intheexploitationofknownchannels.ereitrequiresthatsomeactionbetakenforcorrectinghem.herocurementnitiatorhouldlearlypecifynheFPwhatwillbeexpectedfacontractor.roposalvaluationhouldfurtherdeterminewhatisntendedyheidder.hisssueustelearlynderstoodyheGovernmentandthebidderandocumentednth especificationeforeanawardsmade.Coverthanneluditingndontrolmechanismsanarywidelyromne systemonother.neneral,hebilityomeetotherformancendecurityrequirementsncreasessheecurityrotectionmechanismsecomemoreflexible.

C.2.18 TRUSTEDFACILITYMANAGEMENTSPECIFICATIONSTextoftheSpecification

Whereheiven ivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednhepecificationortionfheFPverbatim:ForClassC2,repeatTCSECSection2.2 .3 .1 .4 .ForClass1,repeatTCSECSection3.1 .3 .1 .4 .ForClassB2,repeatTCSECSection3.2 .3 .1 .4 .ForClass3,repeatTCSECSection3.3 .3 .1 .4 .ForClassA1,repeat7CSECSection4.1 .3 .1 .4 .

ImportantReferencesNote:Referencesrefornformationn lynd ,nlesspecifiedlsewhere,arenottobetakenasrequirements.NCSC-TG-015, uideonderstandingrustedacilityManagement,October18 ,989 .

TrustedFacilityManagementProcurementConsiderationsTheCSECddressesystemdministratorunctionsndperatorunctionsandpecificallydentifiesheutomatedatarocessingADP)ystemAdministrator.heolesndndividualsustepecificallydentifiedorhis particularpplicationndheFPhouldhowthemappingfarticularolesnd thosealledutnheCSEC.orxample,fheSecurityOfficerndheDPSystemAdministratorrenendheame,thouldetatedrnlyneitleshouldeusedconsistentlythroughouttheRFP.ftheresmorethanneperatorrole,thisshouldbeidentified.

28


37/69


ThecquisitionuthoritymustarefullyonsiderheivisionfunctionsbetweenheperatorndheystemAdministratorecauseheostfhangingthemisoftenhigh.C.2.19 TRUSTEDRECOVERYSPECIFICATIONSTextoftheSpecification

(ForB3throughA1)asedntheecommendationsfatrustedecoverydecis ion,mechan isms shal leprovidedtoassurethat ,alongwithprocedures,recoveryi thout rotect ionompromisesbtainedfter omputersystemfailureorotherdiscont inuity .ImportantReferences

Note:Referencesrefornformationn lynd,nlesspecifiedlsewhere,arenotto betakenasrequirements.ForClassB3,TCSECSection3.3 .3 .1 .5 .ForClassA1,TCSECSection4.1 .3 .1 .5 .NCSC-TG-022, uideonderstandingrustedecoverynrustedSystems,December30,991 .

TrustedRecoveryProcurementConsiderationsSatisfactoryecoveryanaveignificantlyifferentmeaningoifferentapplicationsbecauseofdifferencesinth etimeriticalityofoperationalesults.heprocurementnitiatormusteertainhatherueperationalequirementsorthisparticularapplicationarereflectedintheRFP.Notehatatisfactionfhisequirementoesotuaranteeataecovery.tkeepsheystemromlindlyompromisingatandllowsheystemAdministratoroeach nownoodointnherocessherethermissionmechanismse.g.,ackup)anafelyproceed.rustedecoverydoesotbviatetheneedfo rresponsiblebackupproceduresandpractices.

C.2.20 OPERATIONALSECURITYSPECIFICATIONSTextoftheSpecif ication

Thei dde rshal lonsiderednd/orrecommendecuritysupportotherthan COMPUSEC,speciallyhysicalecurity,missionecurity,ndcommunicat ionssecurity,thatshal lalsobeusedtoprotectthesys tem.Theystemhal lehownoeompatiblewithlloperationalecurityrequirementsdent i f ied,nsur inghatheresothingnhees ignfheproposedsolutiontoprecludetheirsatisfaction.

29


38/69

LANGUAGEFOR RFP SPECIFICATIONSANDSOWS


OperationalSecurityProcurementConsiderationsTherocurementnitiator,orkingithheAA,hallpecifyheperationalsecurityspecificationsinthissectionoftheFP.hefollowingandidatelistshouldbeconsideredalongwithanyothersidentified:

ivision/Classtobesatisfied.ecuritylevelssupported.ecurityclearancessupported.ecuritymode(s)tobesupported.ategories,ompartments,ndcaveatssupportedwithulesofsupport.tatementofallinterfacesandanyinterfacepolicyrequiredtobesupported.tatementfperationalositionsndesponsibilitiesfachssociated ith security. tatementoncerninghentendedrequencyfmechanismntegrityheckingduringoperations.inimumuditunctionalityoeupportedtllimes,lustherncreasinglevelsofauditsupportandrulesfo rtheiruse.aximumnumberofusers.ntendedhoursofoperations.ardcopyoutput. nvironmentfo rsoftwaredevelopment.

30


39/69

STANDARD SOLICIT A >TIONLANGUAGE

C.3 STATEMENTSOF WORK DetailedtatementsfWorkaneoundnhisection.helossaryndacronymseferencednection ndttachedohisFPreonsideredoepartofthisStatementofWork.Foreachtask,heequirementsftheOWdescribetheworkt'heontractorsexpectedtodo .hepecificationfthedeliverablesaccomplishedwithin CDRLandtsssociatedID .ereeaverovidedampleDRLumberso correspondwithSectionF.

C.3.1 COVERTCHANNELANALYSISSTATEMENTOFWORKTextoftheStatementofWorkWhereheiven iv is ion/Classsppl icable,heoirrespomdingectionftheCSECshouldeepeatednheStatementfWorkortionfheFPverbat im:ForClassB2,repeatTCSECSect ion3.2 .3 .1 .3 .ForClassB3,repeatTCSECSect ion3.3 .3 .1 .3 .ForClassA1,repeatTCSECSect ion4.1.3.1.3.

(ClassesB2-A1)Theontractorhal lonductnnalys isflluditableventshatmayoccurintheexploitationoftheidentifiedcovertchannels.Theontractorhallonductnnalys isfdentif iedoverthannelsnd bandwidthshatreonetectableyheuditingmechanisms.hecontractorhal letermineheuditabilityfhannelshathave andwidth inexcessofonebitintenseconds . Areportoftheesultsfthesenalysesshal leprovidedntheormfaCovertChanne lAnalys isReport ,writteninaccordancewitlhDRL010.

ImportantReferencesNote:Referencesrefo rnformationn lynd ,nlesspecif iedlsewhere,arenotto betakenasrequirements.TCSECSection8 .0"AGuidel ineonCovertChannels."CovertChannelAnalysisProcurementConsiderationsNone

3 1


40/69

LANGUAGEFORR F SPECIFICATIONS AN D SOWS

C..3.2RUSSEDRECOVERYSTATEMENTOFWORK TextoftheStatementofWork(ClassesB3-A1 ) Thecontractorshallconductananalysisofthecomputersystemesigntodetermineproceduresand/ormechanismsthatneedtobeactivatedincaseofasystemfailureorotherdiscontinuity.WhereroceduresreecommendedheyhouldehoroughlydocumentedinCDRL 002,TrustedFacilityManual.Whe^edesignsrecommendedtisdeliveredntheformfsystemesigninccordance/ithDRL05,ormalecurityolicyModel;DRL06,Descriptiveopevelpecification;DRL08,esignpecification;ndCDRL0 12,SecurityTestPlan.

ImportantReferencesNote:Referencesareforinformationnlyand,nlesspecifiedlsewhere,arenottob > etakensequirements. ForClass3,TCSECSection3.3.3.1.5. ForClass1,TCSECSection4.1.3.1.5.NCSC-TG-022, uideonderstandingrustedecoverynrusted Systems,December30,991.TCSECSection5.3.3,"AssuranceControlObjective,"p.63.

TrustedRecoveryrocurementConsiderationsNone

C.3.3 SECURITYTESTINGSTATEMENTOFWORK TextoftheStatement'ofWork

Wheretheivenivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednheStatementfWorkortionfheFPverbatim:ForClassC2,repeatTCSECSection2.2.3.2.1ndTCSECSection0.1.ForClassB1 ,repeat7CSCSection3.1.3.2.1ndTCSECSection0.2.ForClassB2 ,repeatCSECSection3.2.3.2.1ndTCSECSection10.2.ForClassB3 ,repeatrCSECSection3.3.3.2.1ndTCSECSection0.2.

32


41/69


ForClassA1,repeatTCSECSect ion4.1.3.2.1ndCSECSection0.3.TheontractorhalleliverestesultsnheormfesteportsnaccordancewithDRL14.finalummaryTest eportsalledutnde rSectionC.3.9 ,"TestDocumentat ionStatementofWork ."

ImportantReferencesNote:Referencesrefo rnformationn lynd ,nlesspecifiedlsewhere,arenottobetakenasrequirements.NCSC-TG-002,rustedProductEvaluations:AGuideorVendors,June2,1990 .NCSC-TG-019 ,TrustedProductEvaluationQuestionnaire,May2,992 .NCSC-TG-028 ,AssessingControlledAccessProtection,May25 ,992 .

SecurityTestingProcurementConsiderationsManyfhetatementsnheecurityestingequirementsreubjectointerpretation,e.g.,relativelyesistantoenetration,"consistencywithopevelspecifications,"noorehaneworrectablelaws,"ndreasonableconfidencethatfewremain").heprocurementinitiatorintheFPmustattemptto conveynnymannerossiblewhatwillexpectedytheGovernment,otnlyinsatisfyingthesecuritytestingequirement,utintermsofmeetingthecertificationevaluation.imilarly,nvaluationftheidder'sesponsetoestingequirementsoftheFP,heGovernmentmusteeryarefulonderstandhattheontractorunderstandshatsequired.snxample,heres reatdvantagenidentifyingho illonductheenetrationnalysisB2ndbove)ndowheresultsfthatenetration illeealtwith.learnderstandingmustxistnd bedocumentedbeforeanawardismade.

C.3.4 DESIGNPECIFICATIONANDVERIFICATIONTATEMENTOF WORK TextoftheStatementofWork

Whereheiven iv is ion/Classspplicable,heorrespondingect ionftheCSECshouldeepeatednheStatementfWorkortionfheFPverbat im:ForClassB1,epeatTCSECSect ion3.1.3.2.2. ForClass2,repeatTCSECSect ion.2 .3.2.2.ForClass3,repeatTCSECSection3.3.3.2.2. ForClassA1,repeatTCSECSection4.1.3.2.2.

(Class B1)

33


42/69

LANGUAGEFORRFP SPECIFICATIONSANDSOWS

DocumentationevelopednderCDRL004,nformalSecurityPolicyModel,andDRL08,DesignSpecification,hallemaintaineds esultfhiseffortwithupdatesdeliveredaccordingtotheCDRL.InitialdeliveryofCDRL004,nformalSecurityPolicyModel,ndCDRL008,DesignSpecification,sddressednSection .3.10,DesignDocumentation

StatementofWork."ubsequentdeliveriesshallbedeliveredunderthistask.(ClassB2)DocumentationevelopednderCDRL05,ormalSecurityPolicyModel;CDRL06,escriptiveopevelpecification;ndDRL08,esignSpecification;hallemaintaineds esultfhisffortwithpdatesdeliveredaccordingtotheCDRL .InitialeliveryfDRL05,ormalecurityolicyModel;DRL06,Descriptiveopevelpecification;ndCDRL08,DesignSpecification;saddressednection.3.10,DesignDocumentationtatementfWork."Subsequentdeliveriesshallbedeliveredunderthistask.

(Class3)DocumentationevelopednderCDRL05,ormalSecurityPolicyModel;CDRL06,escriptiveopevelpecification;ndDRL08,esignSpecification;hallemaintaineds esultfhisffortwithpdatesdeliveredaccordingtotheCDRL .DocumentationesultingromhisfforthallerovidednccordancewithCDRL009,TrustedComputingBaseVerificationReport.InitialeliveryfCDRL05,ormalecurityolicyModel;DRL06,DescriptiveopevelSpecification;ndCDRL08,DesignSpecification;saddressednection.3.10,DesignDocumentationtatementfWork."Subsequentdeliveriesshalledeliveredunderthistask.

(ClassA1)DocumentationevelopednderCDRL05,ormalSecurityPolicyModel;CDRL06,DescriptiveTopevelSpecification;CDRL07,ormalTopevelSpecification;ndCDRL08,DesignSpecification;hallemaintainedsresultofthiseffortwithupdatesdeliveredaccordingtotheCDRL.DocumentationesultingromhisfforthallerovidednccordancewithCDRL009,TrustedComputingBaseVerificationReport.InitialeliveryfDRL05,ormalecurityolicyModel;DRL06,DescriptiveTopeveiSpecification;CDRL007,FormalTopevelSpecification;andDRL08,DesignSpecification;sddressednSection .3.10,DesignDocumentationStatementfWork."ubsequenteliverieshalleeliveredunderthistask.

ImportantReferences

34


43/69


Note:Referencesrefo rnformationn lynd ,nlesspecifiedlsewhere,arenottobetakenasrequirements.NCSC-TG-014,GuidelinesforFormalVerificationSystems,April,989 .

DesignSpecificationandVerificationProcurementConsiderationsIfheres ultifacetedolicye.g.,othmandatoryccessontrolnd discretionaryaccesscontrolpolicies),thenallfacetsmustberepresentedintheTopLevelSpecificationandSecurityModel.(Classes2-A1)oroadenheudience,heresftenndvantageorequiringaninformalpolicymodelaswellasaformalone.

C.3.5ONFIGURATIONMANAGEMENTSTATEMENTOFWORK TextoftheStatementofWork

Whereheiven ivision/Classspplicable,heorrespondingect ionftheCSECshouldeepeatednheStatementfWorkortionfheFPverbat im:ForClassB2,repeatTCSECSection3.2 .3 .2 .3 .ForClass3,repeatTCSECSection3.3 .3 .2 .3 .ForClassA1,repeatTCSECSection4.1.3.2.3. (ClassesB2-A1)reparendeliverheCBConfigurationanagementPlaninaccordancewithCDRL011.nesect ionofthisdocumentisoriginated underSectionC.3.6,"Trusted istributionStatementofWork ."

ImportantReferencesNote:Referencesrefornformationn lynd ,nlesspecifiedlsewhere,arenottobe takenasrequirements.NCSC-TG-006, uideonderstandingonfigurationanagementn TrustedSystems,March28 ,988 .

ConfigurationManagementProcurementConsiderationsMastercopiesshouldbeprotectedattheleveloftheoperationalatafo rwhichitwillbeused.(ClassesB2-A1)hemaintenancef onsistentmappingetweenodend documentationmayequireurtherefinitione.g.,ncludingheesponseimeorbringingocumentationpoate ithhangesndhexactmountffforto gointothisrequirement).

35


44/69

LANGUAGEFORRF PSPECIFICATIONSANDSOWS

C.3.6RUSTEDDISTRIBUTION STATEMENTOFWORK TextoftheStatementofWork

Wheretheiven ivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednheStatementfWorkortionfheFPverbatim:

ForClassA1 ,repeatTCSECSection4.1.3.2.4.TheseproceduresshallbedeliveredasasectionontrusteddistributionsaartfherustedomputingaseConfigurationanagementlannaccordancewithDRL11.heestfheocumentsevelopednderSectionC.3.5,"ConfigurationManagementStatementofWork."

ImportantReferencesNote:Referencesareforinformationnlyand,nlesspecifiedlsewhere,

arenottobetakenasrequirements.NCSC-TG-008, uideonderstandingrustedistributionnrustedSystems,December15,1988.TrustedDistributionProcurementConsiderations

NoneC . 3 . 7SECURITY FEATURES USER'S GUIDE STATEMENT OF WORKTextoftheStatementofWork

Wheretheiven ivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednheStatementfWorkortionfheFP verbatim:ForClassC2,repeatTCSECSection2.2.4.1ForClassB1,repeatTCSECSection3.1.4.1ForClassB2 ,repeatTCSECSection3.2.4.1ForClassB3 ,repeatTCSECSection3.3.4.1ForClassA1,repeatTCSECSection4.1.4.1(Classes2-A1)heontractorhallroducendeliverheecurityFeaturesUser'sGuideinaccordancewithCDRL001.

ImportantReferencesNote:Referencesareforinformationnlyand,nlessspecifiedlsewhere,arenottobetakenasrequirements.

36


45/69


NCSC-TG-026, uideoritingheecurityeaturesser'suideorTrustedSystems,September991 .SecurityFeaturesUser'sGuideProcurementConsiderations

Thecontractorshouldconductaecurityengineeringnalysistoetermineserfunctionalityelatedoecurity.hisnalysishouldlsoevelopheserguidelinesfo rconsistentandeffectiveuseoftheprotectionfeaturesoftheproposedsolution.hisanalysisshouldddress descriptionfexpectedystemeactionto security-relatedevents.C.3.8 TRUSTEDFACILITYMANUALSTATEMENTOFWORK TextoftheStatementofWork

Whereheiven ivision/Classsppl icable,heorrespondingectionftheCSECshouldeepeatednheStatementfWorkortionfheFPverbat im:ForClassC2,repeatTCSECSect ion2.2.4.2. ForClassB1,repeatTCSECSect ion3.1.4 .2 .ForClassB2,repeatTCSECSect ion3.2.4.2. ForClassB3,repeatTCSECSect ion3.3 .4 .2 .ForClassA1,repeatTCSECSect ion4.1.4.2. (Classes C2-A1)hecontractorshal lelivertheTrustedacilityManualnaccordancewithCDRL002.

ImportantReferencesNote:Referencesrefo rnformationn lynd ,nlesspecif iedlsewhere,arenottobetakenasrequirements.NCSC-TG-027,InformationSystemSecurityOfficerGuideline,June991 .

TrustedFacilityManualProcurementConsiderationsThecontractorshouldconductannalysistodentifytheunctionserformedytheolefheystemdministrator.hisnalysishoulddentifyllonsecurityfunctionshataneerformednheystemAdministratorole.heontractor

shouldconductananalysistodetermine,ortheoperatorandystemAdministrator,thepecificautionsboutunctionsndrivilegeshathouldeontrolledhilerunningasecurefacilityandthepecificnteractionsoftherotectionfeatures.hecontractorhouldlsoonductnngineeringnalysisftheystemodentifyllinformationndventsoeudited,ncludingationalei.e.,ost,onformanceto requirements,ecurity,nderformancempacts)orheelectionfachtem.Theontractorshouldlsodentifytheypesfeventsthatccurwithinheystem thatarenotaudited,longwithreasonsfo rno tauditingthem.37


46/69

LANGUAGEFOR RF PSPECIFICATIONSANDSOWS

C.3.9ESTDOCUMENTATIONSTATEMENTOFWORK TextoftheStatementofWork

Whereheiven iv is ion/Classspplicable,heorrespondingectionftheCSECshouldeepeatednheStatementfWorkortionfheFPverbatim:

ForClassC2,repeatTCSECSection2.2.4.3. ForClassB1,repeatTCSECSection3.1.4 .3 .ForClassB2,repeatTCSECSect ion3.2 .4 .3 .ForClassB3,repeatTCSECSection3.3 .4 .3 .ForClassA1,repeatTCSECSect ion4.1.4.3.

(Classes C2-A1)Thecontractorshal ldelivertheSecurityTestPlaninaccordancewithCDRL 012.

TheontractorhalleliverheTestProcedurenccordancewithDRL 013.

TheontractorhallelivertheTest eportnccordancewithDRL14 usingsnputesteportseneratednection.3 .3,Securityest ing StatementofWork ."ImportantReferences

NoneSecurityTestingProcurementConsiderations

Theontractorhouldnalyzeheensitivityfnformationrocessednhedeliveredystem,heesiredodefperation,ndheAAsertificationrequirementstoassistindevelopingthetestapproach.Ifanentityotherthan contractoristodotheSecurityTestingndTestReport,thishouldelarifiednhetatementfWork.heestlanwhichsmanagementtooletailingwhooes hatnd hen)ndrocedureswhichs

step-by-stepestingcript)houldereparedyheontractoronsurehat specificknowledgeoftheCBmplementationanencludedntheevelopment.Thesemayatereugmentedrmodifiedyhentityoingheestingnderseparatecontractoragreement.

For2ndbove,enetrationestingmustonsiderhepecificperationalenvironmentandthreatmodelofthisparticularapplication.

38


47/69


C.3.10 DESIGNDOCUMENTAT IONSTATEMENTOFWORK TextoftheStatementofWorkWhereheivenDivision/Classspplicable,heorrespondingectionftheCSEChouldeepeatednheStatementfWorkortionfheFP

verbatim:ForClassC2,repeatTCSECSection2.2.4.4. ForClassB1,repeatTCSECSection3.1.4.4.ForClassB2,repeatTCSECSection3.2.4.4. ForClass3,repeatTCSECSection3.3.4.4.ForClassA1,repeat7CSECSection4.1.4.4.

(ClassC2)DocumentationesultingromhisfforthallerovidednccordancewithDRL03,hilosophyfrotectioneport,ndDRL08,esignSpecification.

(ClassB1)DocumentationesultingromhisfforthallerovidednccordancewithCDRL03,PhilosophyfProtectionReport;CDRL04,nformalSecurityPolicyModel;andCDRL008,DesignSpecification.InitialeliveryfCDRL04ndCDRL08sddressednderhisask.

Subsequenteliverieshalleeliverednderection.3.4,DesignSpecificationandVerificationStatementofWork."InitialeliveryfCDRL08sddressednderhisask.ubsequentdeliverieshalleeliverednderSection.3.4,DesignSpecificationndVerificationStatementofWork."

(ClassB2)DocumentationesultingromhisfforthallerovidednccordancewithCDRL03,PhilosophyfProtectionReport;CDRL05,ormalSecurityPolicyModel;CDRL06,DescriptiveTopevelSpecification;ndCDRL08,DesignSpecification.InitialeliveryfCDRL05,CDRL06,ndCDRL08sddressednderthisask.ubsequenteliverieshalleeliverednderection.3.4,"DesignSpecificationandVerificationStatementofWork."

(ClassB3)DocumentationesultingromhisffortftallerovidednccordancewithCDRL03,PhilosophyfProtectionReport;CDRL05,ormalSecurity

39


48/69


PolicyModel;DRL06Descriptiveopevelpecification;ndDRL08 ,Des ignSpeci f icat ion.InitialeliveryfDRL05 ,DRL06,ndCDRL08sddressednderthisask .ubsequenteliverieshalleeliverednde rection.3.4,"Des ignSpecif icationandVerification StatementofWork ."

(ClassA1)Documentat ionesultingromh isfforthallerovidednccordancewithCDRL03,h i losophyfrotectioneport;CDRL05 ,ormalecurityPolicyodel;DRL06,escriptiveopevelpecification;DRL07 ,FormalTopLevelSpecification;andCDRL008, es ignSpecification.InitialeliveryfDRL05 ,DRL06,DRL07 ,ndDRL08s addressednde rh isask .ubsequenteliverieshalleeliverednde rSect ionC.3.4,"Des ignSpecificationandVerification StatementofWork ."

ImportantReferencesNote:eferencesareforinformationn lyand ,nlessspecifiedlsewhere,arenottobetakenasrequirements.NCSC-TG-007 , GuideoUnderstandingDesignDocumentationnTrustedSystems,October2,988 .

DesignDocumentationProcurementConsiderationsTheontractorhouldonductnnalysisftheensitivityfnformationoeprocessednth eeliveredystem,heesiredmodefperation,ndheAA'S certificationequirementsoetermine hilosophyfrotectionorheystem.Thishouldlsonalyzeowhathilosophyfrotectionsranslatedntohe

specificsystemTCB.TheontractorhouldnalyzeheCBnforcementfheecurityolicyspecifiedinthephilosophyofprotectiondocument.

40


49/69

STANDARD SOUCITATKWLANGUAGE

RFPSECTIONF-DELIVERIESANDPERFORMANCE TextofSectionF

(Class1)ProcedureseneratednderrustedDistribution tatemntfWorkhalleollowedorCBoftware,irmwarendardwares ellsupdates.(SeeSectionC.3.6,"TrustedDistributionStatementofWork.")Data eliverables.heollowingataeliverablesnheormf onractDataRequirementsistsreoundeferencednection fhisFPndcontainedinAttachmentA. CLASSRANGE CDRL* DOCUMENT SOWSC2-A1 CDRL001 SecurityFeatureUser'sGuideDI-MCCR-81349 C.3.7C2-A1 CDRL002 TrustedFacilityManualDI-TMSS-81352 C.3.2,C.3.8 C2-A1 CDRL003 PhilosophyofProtectionDI-MISC-81348 C.3.10

B1 CDRL004 InformalSecurityPolicyModelDI-MISC-81341 C.3.4,C.3.10 B2-A1 CDRL005 FormalSecurityPolicyModelDI-MISC-81346 C.3.2,C.3.4 .C.3.0B2-A1 CDRL006 DescriptiveTopLevelSpecificationDI-MISC-81342 C.3.2,C.3.4,C.3.0

A1 CDRL007 FormalTopLevelSpecificationDI-MISC-81347 C.3.4,C.3.10 C2-A1 CDRL008 DesignSpecification

DI-MCCR-81344C.3.2, .3.4,C.3/I0

B3-A1 CDRL009 TrustedComputingaseVerificationReportDI-MISC-81350 C.3.4B2-A1 CDRL010 CovertChannelAnalysisReportDI-MISC-81345 C.3.1 B2-A1 CDRL011 TrustedComputingBaseConfigurationManagementPlanDi-CMAN-81343

C.3.5,C.3.6

C2-A1 CDRL012 SecurityTestPlanDI-NDTI-81351 C.3.2, .3.9 C2-A1 CDRL013 TestProcedure

DI-NDTI -80603 C.3.9

C2-A1 CDRL014 Test InspectionReportsDI-NDTI-80809A C.3.3,C.3.9 *ThesearesampleDRL'ssedtofacilitatetheresentationsfthisuideline.rocurementnitiatorswillaveheirwnDRL's ,ndillhereforeeedoross-referenceheitedOWaragraphnumberslistedaboveandinserttheirownCDRL numbersinthoseparagraphs.

4 1


50/69

LANGUAGEFC)RRFP SPECIF)CATIONSANDSOWS

Importer< i tReferencesNCfiC-TG-006, Auideonderstandingonfiguration Managementn TrustsdSystems,March28 ,9 8 8 .NC;sC-TG-008, uideonderstandingrustedistributionnrustedSystems,December5 ,988 .

SectonFProcurementConsiderationsDE IJVERIES

Theeferencedocument,CSC-TG-008,iscussesrotectiveackaging,couriers,egisteredail,messageuthenticationodes,ncryption,nditevalidation.PERFORMANCEApplicationpecificerformanceequirementsusteevelopedyheprocurementnitiatorndlacednection fheFPsequirements.hefollowings ampleistfuchequirementshateedoeuantifiedorheapplication:Performanceequirements must be satisfied underoth typical and peak

Donditions.erformance requirements should be such that both mission and auditrequirementscanbemetwithoutperformanceconflict.heidderhalldentifytheimetonitialize,ecover,ndhutdownheysteminasecurestate,consistentwithRFPrequirements.Thi3idderhalldentifyhe aximum, inimumndverageimeoerformre frenceerificationnce ubjectequestaseenmade,onsistentwithFPrec uirements.heiddershalldentifythemaximum,minimum,ndveragetimetoreatenauditrecordassociatedwithanauditableevent.he*iddershalldentifytheamountoftimerequiredfauserfo rsecurityduringaestase,ypicalase,ndworstaseseression,onsistentithFPrequirements.

' heidderhalldentifyhemaximum,verage,ndminimummountfimerequiredtoeekut pecificuditecord,heuditecordsssociatedwithsingleubjectver ay,ndheuditecordsssociatedwith inglebjectovertheday,onsistentwithRFPrequirements.heidderhalldentifyheaximum,verage,ndminimumercentageoverheadueoecuritynhentendedperationalnvironmentverhecourseofaday,consistentwithRFPrequirements.

42


51/69


RFPECTION ISTFOCUMENTS, EXHIBITSANDOTHERATTACHMENTSTextofSectionJ

Thefollowingisalistingofallattachmentstothecontract:ATTACHMENTNO . ITLE

A ONTRACTDATAREQUIREMENTSLIST B LOSSARY C CRONYMS D EFERENCES

ImportantReferences(None)

SectionJProcurementConsiderationsRFPections hrough,henombinedithhettachmentseferencedabove,onstituteheontract.ections discussedext)nd discussednVolume ofthisuidelineeries)ervenlytoupporttheFPndreiscardedoncethecontracthasbeenawarded.

43


52/69

LANGUAGEFO R RFPSPECIFICATIONSAN D SOWS


44


53/69


RFPECTION -NSTRUCTIONS,ONDITIONS,ND NOTICESTOOFFERORSTextofSectionL

(ThesestatementsshallbeincludednderGENERALI NSTRUCT IONSFORTHE PREPARATIONOFPROPOSALS-SPECIFICI NSTRUCT IONS. )Offerorshalldentifynheechnicalroposalheommerciallyvailableproductsroposedoeethecquisition'sperationalndecurityrequirementsnd/oreasonshatonewerehosensartfhefferor'ssolution.esponsesmusteupportedyppropriateublishedechnicalspecificationsandtechnicaldocuments.Offerorsshalldentifytests,nalyses,ndocumentsreviouslyroducedfortheevelopmentndvaluationfnyroposedEPLroducttoesedinatisfyingheequirementsfhisontract.fferorshalllsorovidereasonswhysuchinformationisnotavailableorisnotbeingroposedaspart

ofthesolution,ifthisisthecase.TECHNICALheidderhallreciselydentifyllecurityelatedardware,irmware,andsoftware.heidderhallresent escriptionfthehilosophyofrotectionndanexplanationofhowthisphilosophywillbetranslatedintotheTCB.ftheTCBsomposedfdistinctmodules,henterfacesetweenhesemodulesshallbedescribedbythebidder.heidderhallrovideroceduresorxaminingndmaintaininguditfiles.heidderhalldescribethetestplan.heiddershalldescribetheapproachtoconfigurationmanagement.hebiddershalldescribetrustedinitializationandshutdown.heidderhallescribeherocessfreating,aintaining,ndprotectingrommodificationrnauthorizedccessrestructionfnaudittrailofaccessesandobjectstheTCBprotects.Classes1-A1)heidderhallescribeheperatorndystemadministratorfunctionselatedtoecurity,toncludechangingheecuritycharacteristicsofauser.ClassesB1-A1)hebiddershallstateasecuritymodeleitherinformallyorformallyandrovidenxplanationohowthattissufficienttoenforcethesecuritypolicy.

45


54/69


Classes1-A1)heidderhalldentifypecificCBrotectionmechanismswithanexplanationgiventoshowthattheysatisfythemodel.Classes2-A1)TheiddershallescribethepproachocovertchannelanalysisClasses2-A1)heidderhallrovide escriptiveopevelspecificationClassA1) formaltoplevelspecificationshallbeprovided.Classes3-A1)heidderhallefineystemecoveryroceduresrmechanismswithanexplanationastohowthesystemwillecoverwithoutaprotectioncompromise.Classes3-A1)heiddershalldentifythefunctionserformedytheSystemAdministrator.Class1)heidderhallescribeechniquesohowhatheormal

TopLevelSpecification(FTLS)isconsistentwiththemodel.heidderhallhownnderstandingfhemissionequirementsndreflectthesecurityrelevantaspectsintheproposedsolution.heiddershallshowannderstandingfthenvironmentofthesystemasstatedintheRFPandthesystemproposedshalladdressandmeetalloftheenvironmentalrequirements.MANAGEMENTecuresystemsdeveloped,tested,andplacedintooperationalsagehavenotoriouslyhighcostrisk,scheduleisk,ndtechnicaliskbecauseoftheeasenmisunderstandingheullmplicationsfheGovernmentrequirementsascontainedintheTCSEC.hebiddershallprovide,notonlyanticipatedrogramlantems,utalsowheredeviationscouldccur,theworsthoseeviationsouldecome,ndhepproachoeakenorecoverfromsuchanomalies.

Theidderhallummarizeecurityxperiencepplicableohisroject,majoruccesses,roblemsndheirolutions,ndxplainowuchexperiencewillbebroughttobear.TheidderhallxplainheelationshipetweenheeniorecurityspecialistndherogramanagerndowtwillessuredhattechnicalssueswilleesolvedoeduceecurityiskndostoheGovernment .Theidderhalldentifyeyndividualsnhisroject;ummarizeheirapplicableeducation,training,ndworkxperience;pecificallystatetheirexperience ithrustedystemesign,evelopment,ndestncludingDivision/ClassndwhetherSAvaluationrcertificationvaluationweresuccessfullyachieved.

46


55/69


heidderhalldentifywhopecificallysesponsibleornyecuritymodeling,ecurityesting,onfigurationmanagement,CBesign,ndTCBbuild,asapplicable.hebiddershallshowhowthesecurityorganizationoperatesasacohesiveentitywithinheverallrojectrganizationohatecurityeceivesheappropriatettentionndontinuityhroughevelopmenthases,sapplicable.

heidderhallhowowhemanagementlansrganizeduchhattimendffortsotwastednroblemshatanrisenesignnd developmentofatrustedsystem.hebiddershallshowhowpotentialroblemsaredentifiedarlyandow theyrereatedt ighevelwithheppropriateevelfxpertisebeforetheyresultinahighcostorincreasedrisksituation. heidderhallhowpecificersonnelontinuityuringheriticalstagesfesign,evelopment,est,ertificationndccreditation,s

applicable.heidderhalldentifywhowilleherimarynterfaceuringcertification.hechedulehalleasilyndreciselyssociatedwithheworklanwithheeliverablesdentifiednhemanagementroposalndnhetechnicalproposal.

Itemsthatareschedulecriticaltotheprojectanditemswherethereishighscheduleiskhalleelineatedoheppropriateetailevelnheschedule. heidderhalldentifyromis/herxperiencewherehereasfgreatestcheduleiskxistnis/herroposedpproachoatisfyherequirementsoftheRFPforthissecuresystem.orhereasfighcheduleisk,heidderhallhowowe/sheintendsodentifytheituationf chedulelippagendhenwhatwillbedonetominimizetheimpactofthedeviation.COST ommercialff-the-shelftemshallerokenownoheegreehattheywilleescribednheurchaserder.therniquelydentifieddeliverablese.g.,manuals,omputerrograms,ervices)halleidentifiabletolevel-of-effort,schedule,andoverallcost.

ostsflltemsssociatednnywaywithecurityndheacquisition/developmentfheecureystemhalledentifiablenhecostbreakdown.

47


56/69


hei dde rhalldent i fyromis /herxperienceherehereasfgreatestostis kxistnis/herroposedpproachoatisfyherequirementsoftheFPfo rthissecuresys tem.ortheareasofhighcos trisk,thei dde rshal lshowhowhe/shein tendsto identifyheituationf os tverrunndhenhatil leoneo

minimizetheimpactofth edeviat ion.GENERAL ingleworkreakdowntructurehallesednllhreeroposals ,allowing reciserosseferencingetweenost,ffort,chedule,individuals,andelementsofth etechnicalworkplan. Tradeoffsmaybepurelytechnicalrtheymaybedecidedbecauseofcost ,scheduleorr iski ssues .hebiddershal ldent i fys ignif icanttradeoffsalong withtheresultsandrat ionalefo rthedecis ion . Thebiddershal lidentifywhatsigni f icanttradeoffsareyettobemadealong

withthefactorsinvolvedinthedecis ion .ImportantReferences

(None)SectionLProcurementConsiderations

InrocuringPLroducts,oalsosesuchfhexistingdocumentationndertificationvidencesossiblenatisfactionfherequirementsofth econtract.suallythisatadoesotbelongtoth eGovernment.Thusiddersrencouragedoeekutndttemptouyrtherwisebtainexistingdocumentationfromthedevelopingendorinnttempttoeduceth ecostandiskfheidndnsuingontract.hispproachanlsorovidesignificantcompetitiveadvantagefo rEPLsolutions.

48


57/69

STANDARDSOLICITATIONLANGUAGE

RFPATTACHMENTA-CONTRACTDATA REQUIREMENTSLIST(CDRL)FORMDD1423 ContractDataRequirementsListDiscussion

CDRLswillerovidedortheollowingocumentssartfVolume fthisquidelineseries.heDRLshouldeattachedtothissectionnddaptedtotheprocurement.orachocumentndorach ivision/Classhere illlsoeDIDNumberand IDsourcereference.ecurityFeatureUser'sGuiderustedacilityManualhilosophyofProtectionReportnformalSecurityPolicyModelormalSecurityPolicyModelescriptiveTopLevelSpecificationormalTopLevelSpecificationesignSpecificationrustedComputingBaseVerificationReportovertChannelAnalysisReportCBConfigurationManagementPlanecurityTestPlanestProcedureestReports

49


58/69

LANGUAGEFO R RFPSPECIFICATIONSAND SOWS


50


59/69


RFPATTACHMENTB-GLOSSARYTextoftheGlossary

(TheGlossarySectionofth eTCSECshouldberepeatedhereverbatim.)TheADPsystemdefinitionusedinth eTCSECalsoshouldbetreatedas th edefinitionofAIS.

ImportantReferencesNCSC-TG-004,GlossaryofComputerSecurityTerms,October21,1988.

GlossaryProcurementConsiderationsAnyonflictsetweenecurityermsndystemermsusteoundndresolved.reciseaccuracyofinterpretationequirementsnthepecificationsndStatementsfWorkependsreatlynheseefinitions.hangesmustote

madethatmightinvalidatethesecurityspecificationsandStatementsofWork.

5 1


60/69


THISAGEI NTENT IONALLYLEFTBLANK

52


61/69


RFPATTACHMENTC-ACRONYMS ADP AutomatedDataProcessingAIS AutomatedInformationSystem CDRL ContractDataRequirementsListCOTS Commercial-Off-The-Shelf DAA DesignatedApprovingAuthorityDAC DiscretionaryAccessControlDID DataItemDescriptionDoD DepartmentofDefenseDTLS DescriptiveTop-LevelSpecificationECP EngineeringChangeProposalEPL EvaluatedProductsListFTLS FormalTop-LevelSpecificationNCSC NationalComputerSecurityCenterNIST NationalInstituteofStandardsandTechnologyNSA NationalSecurityAgencyRFP RequestforProposalSOW StatementofWorkTCB TrustedComput ingBaseTCSEC TrustedComputerSystemEvaluationCriteria

53


62/69



54


63/69


RFPATTACHMENTD-REFERENCES TextoftheReferencesDoD200.1-R,nformationecurityrogramegulation,ugust982,une1986,changeJune27,988.DoD5200.2-R,DoDPersonnelSecurityProgram,January1987.DoDDirective200.28,ecurityequirementsorutomatednformationSystems(AISs),March21,988.DoD5200.28-M,Draft)AutomatednformationSystemSecurityManual,"April29,991.DoD5200.28 -STD,DoDTrustedSystemEvaluationCriteria,December26,985.CSC-STD-002-85, Departmentfefense (DoD) PasswordanagementGuideline,April2,985.NCSC-TG -001 , uideonderstandinguditnrustedystems,une,1988.NCSC-TG -002 ,Version,rustedroductvaluation, uideorendors,April29,990.NCSC-TG-003 ,AGuidetoUnderstandingDiscretionaryAccessControl(DAC)inTrustedSystems,September30,987.NCSC-TG -004 ,GlossaryofComputerSecurityTerms,October21,1988. NCSC-TG-006 ,AGuidetoUnderstandingConfigurationManagementinTrustedSystems,March28,988.NCSC-TG-007 , uideonderstandingesignocumentationnrustedSystems,October2,988.(A1 Only) NCSC-TG-008, uideonderstandingrustedistributionnTrustedSystems,December5,988.NCSC-TG -010 ,ersion 1, Guideo UnderstandingecurityodelingnTrustedSystems,October,992.(A1Only) NCSC-TG -014 ,GuidelinesorFormalVerificationystems,pril,1989.NCSC-TG-015 ,AGuidetoUnderstandingTrustedFacilityManagement,October18 ,989.NCSC-TG-016 ,ersion 1, Guidelinesorriting Trusted Faciltyanuals,October,992.

55


64/69

LANGUAGEFORRFP SPECIFICATIONSANDSOWS

NCSC-TG-017, GuideoUnderstandingdentificationandAuthenticationnTrustedSystems,September1,991 .NCSC-TG-018 , uideonderstandingbjecteusenrustedystems,July,992 .NCSC-TG-019 ,TrustedProductEvaluationQuestionnaire,October6,989 .NCSC-TG-022,AGuideoUnderstandingTrustedRecoveryinTrustedSystems,December30,991 .NCSC-TG-024,ers ion,olume/4 ,Draft )AuideorocurementfTrustedys tems :owovaluate idder 'sroposalDocumentAn ido ProcurementInitiators andContractors."NCSC-TG-025 , uideonderstandingataemanencenutomatedInformationSystems,September1991 .NCSC-TG-026 , uideoritingheecurityeaturesser'suideorTrustedSystems,September991 .NCSC-TG-027,InformationSystemSecurityOfficerGuideline,June991 .NCSC-TG-028 ,Assess ingControlledAccessProtection,May25 ,992 .

As ingleomplimentarycopyofSAuidel inesCSC-STD-ndNCSC-TG-)mayebtainedromepartmentfefense,NFOSECwarenessOperationsenter,orteorge.eade,D0755 -6000 .yhone ,all(410)766 -8729 .DoDocumentsndorehaningleopiesfSAuidel inesaye obtainedromheuperintendentfocuments ,.S .overnmentrinting Office,Wash ing ton ,C0402.astercardr ISAmayesed .yhone ,call(202)783 -3238 .


ReferencesProcurementConsiderationsDoDndSAcontinuetoublishuidesndthersupportiveocuments.heinitiatorhouldontinueoheckheocumentistonsure ompleteetfreferencesreeinguppliedndhemostpoateersionsreeing

referenced.(ThisshendfhetandardFP.heollowingAppendixertainsnlyothisVolume2guideline.)

56


65/69

APPENDIXA BIBLIOGRAPHYThisstheibliographyforthisuidelinendsotntendedoeartfthes tandardFPprovidedinprevious sect ions .

AGuidetoStandardSolicitationDocumentsforFederalinformationProcessingResources,GeneralServicesAdministration,June30 ,991."CompetitioninContractingActof1984"CICA) .

CSC-STD-002-85 ,DepartmentofDefense(DoD)PasswordManagementGuideline,April2,985.CSC-STD-003-85 ,ComputerSecurityRequirements-GuidanceforApplyingtheDepartmentofDefenseDoD)rustedomputerSystemvaluationriteria(TCSEC)oSpecificEnvironments,une5,985Updatedsnclosure fDoDDirective5200.28). CSC-STD-004-85 ,TechnicalRationaleBehindCSC-STD-003-85:ComputerSecurityRequirements-Guidanceorpplyinghe Departmentfefense (DoD)Trusted Computer System Evaluation Criteria (TCSEC) to SpecificEnvironments,June25,985.DoDInstruction5000.2 ,DefenseAcquisitionManagementPolicy,ebruary23,991.DoD5000.2-M,DefenseAcquisitionManagementDocumentationandReports,February,991.DoD5010.12-L ,AcquisitionManagementSystemsandDataRequirementsControlList,October1,990.DoD5200.1-R,InformationSecurityProgramRegulation,June986,ChangeJune27,988.DoD5200.2-R,DoDPersonnelSecurityProgram,January1987.DoDDirective5200.28,SecurityRequirementsforAutomatedInformationSystems(AISs),March21,988.DoD5200.28-M,Draft)AutomatednformationSystemSecurityManual,"pril29,1991.DoD5200.28-STD,DoD rustedComputerSystemEvaluationCriteria,December26,985.DoDDirective5215.1,ComputerSecurityEvaluationCenter,October25,982 DoDDirective5220.22,ndustrialSecurityProgram,December8,980.DoD5220.22-M,IndustrialSecurityManualforSafeguardingClassifiedInformation,January1991.

57


66/69

LANGUAGEFO R RFPSPECIFICATIONAND SOWS

DoD5220.22-R,ndustrialSecurityRegulation,December,985.ExecutiveOrder12356,NationalSecurityInformation,"pril6,982."FederalAcquisitionRegulation"FAR)Title48,990editionissuedbyGeneralServices Administration, DoD, and National Institute of Standards andTechnology(theseorganizationsalsoissueth eDoDFARSupplement").FederalInformationResourcesManagementRegulation(FIRMR),GeneralServicesAdministration(41FRCh201).FIPSPUB31,GuidelinesforADPPhysicalSecurityandRiskManagement,U.S.DepartmentofCommerce, ationalureauofStandards,June974.FIPSPUB39,GlossaryforComputerSystemSecurity,U.S.DepartmentofCommerce, ationalureauofStandards,ebruary15,976.FIPSPUB41,ComputerSecurityGuidelinesforImplementingth ePrivacyActof1974,U.S.DepartmentofCommerce, ationalBureauofStandards.FIPSPUB48,GuidelinesonEvaluationofTechniquesforAutomatedPersonalIdentification,.S .epartmentf

Date post:	14-Apr-2018
Category:	Documents
Upload:	robert-vale
View:	221 times
Download:	0 times