A set of good practices related to configuration management in Automated Data Processing systems employed for processing classified and other information. Provides guidance to developers of trusted systems on what configuration management is and how it may be implemented in the development and life-cycle of a trusted system.

A set of good practices related to design documentation in automated data processing systems employed for processing classified and other sensitive information. Helps vendor and evaluator community understand what deliverables are required for design documentation and the level of detail required of design documentation at all classes in the Trusted Computer Systems Evaluation Criteria.

Designed for new or experienced automated information system developers, purchasers, or program managers who must identify and satisfy requirements associated with security-relevant acquisitions. Explains Contract Data Requirements Lists (CDRLs), and Data Item Description (DIDs), and their use in the acquisitions process. Charts and tables. References, glossary and acronyms.

Provides a set of good practices related to trusted recovery. Helps the vendor and evaluator community understand the requirements for trusted recovery at all applicable classes. Includes: failures, discontinuities, and recovery; properties of trusted recovery; design approaches for trusted recovery; impact on trusted recovery; and satisfying requirements. Glossary and bibliography.

The SSCP certification is the key to unlocking the upper ranks of security implementation at the world's most prestigious organizations. If you're serious about becoming a leading tactician at the front lines, the (ISC) Systems Security Certified Practitioner (SSCP) certification is an absolute necessity-demanded by cutting-edge companies worldwid