NCSC security levels


NCSC security levels

Following are the security levels that were documented in the National Computer Security Center "Red Books" concerning trusted networks (see Rainbow Series). Systems are rated on a scale from A1 to C2, from most to least secure. A non-secure system is rated as D. See NCSC.

Levels A and B
Provide mandatory access control (MAC). Access is based on standard DOD clearances. Each data structure contains a sensitivity level, such as top secret, secret and unclassified, and is available only to users with that clearance level.

A1
Highest security (used in military computers). System characterized by a mathematical model that can be proven.

B1
DOD clearance levels.

B2
Guarantees path between user and security system. Provides assurances that system can be tested and clearances cannot be downgraded.

B3
System is characterized by a mathematical model that must be viable.

Level C
Provides discretionary access control (DAC). The owner of the data can determine who has access to it.

C1
Requires user login, but allows group ID.

C2
Requires individual user login with password and audit mechanism.


European Ratings


The European Information Technology Security Evaluation Criteria (ITSEC) is similar to TCSEC, but rates functionality (F) and effectiveness (E) separately.

OrangeBookTCSEC ITSEC A1 F-B3, E6 B1 F-B1, E3 B2 F-B2, E4 B3 F-B3, E5 C1 F-C1, E1 C2 F-C2, E2 D E0