Handbook for the Computer Security Certification of Trusted Systems

摘要

Penetration testing is required for National Computer Security Center (NCSC) security evaluations of systems and products for the B2, B3, and A1 class ratings of the Trusted Computer System Evaluation Criteria (TCSEC). This guideline is a definitive statement of what constitutes good penetration testing, where it fits in the DoD Standard Software Engineering and TCSEC life cycles, and how it is done according to the best available practice, the Flaw Hypothesis Methodology (PHM). A review of the TCSEC assurance products is presented, as they form evidence of a chain of reasoning on the compliance of the target system to a given evaluation class, and against which penetration testing is mounted. Flaws in the evidence are the products of penetration testing. To exemplify the methodology, results of past experience are provided throughout. The guideline concludes with a short review of new R&D approaches broadly considered penetration testing. An extensive bibliography is provided of work in the field, as are a set of Appendices that provide practical management guidance in planning and performing penetration testing.