[3430] in WWW Security List Archive
re:Comparison of ITSEC scheme to Orange/Red book
daemon@ATHENA.MIT.EDU (Myllymaki Sakari)
Fri Nov 1 12:02:44 1996
Date: Fri, 1 Nov 1996 15:31:00 +0200
From: Myllymaki Sakari <Sakari.Myllymaki@Tiimi.VNK.VN.mailnet.fi> (Tel
+358-0-160 2126)
To: www-security <www-security@ns2.rutgers.edu> (Receipt Notification
Requested) (Non Receipt Notification Requested)
Errors-To: owner-www-security@ns2.rutgers.edu
>Does anyone have any material or points which compares the ITSEC grades
>to the Orange/Red Book grades?
>
>I am specially interested in comparing "Discretionary Access Control" to its
>equavalent ITSEC.
>
>How equavalent is E-2 to C-2? Etc?
>
>Jon
This rough comparison is quoted from ITSEC criteria:
>1.39 The intended correspondence between these criteria and the TCSEC classes
is as follows:
>
>These Criteria TCSEC Class
>
>E0 <---> D
>
>F-C1, E1 <---> C1
>
>F-C2, E2 <---> C2
>
>F-B1, E3 <---> B1
>
>F-B2, E4 <---> B2
>
>F-B3, E5 <---> B3
>
>F-B3, E6 <---> A1
>
More detailed discussion can be found in ITSEC chapter "Relationship to the
TCSEC" paragraphs 1.35 to 1.42 available at
http://www.vn.fi/vn/vnk/sy/tpv/itsec.html
though we do not maintain this mirror anymore. Sorry, though I had a bookmark to
the original, but couldn't find it.
Sakari Myllym{ki
