Department of Defense systems that process sensitive (including classified) information must undergo formal technical assessment and approval before they are allowed to operate. The technical assessment and approval processes are called certification and accreditation, respectively. The author presents issues involved in certifying and accrediting networks with respect to the two network views, the Single Trusted System (STS) view and the Interconnected Accredited AIS (IAA) view, presented in the Trusted Network Interpretation of the Trusted Computer Security Evaluation Criteria, NCSC-TG-005. Certification and Accreditation procedures differ significantly between the STS view and the IAA view of networks.
展开▼