Provides a set of good practices related to covert channel analysis of systems employed for processing classified and other sensitive information. Written to help vendors and evaluators understand covert channel analysis requirements. Contains suggestions and recommendations. Glossary. References. Illustrations

Designed for new or experienced automated information system developers, purchasers, or program managers who must identify and satisfy requirements associated with security-relevant acquisitions. Explains Contract Data Requirements Lists (CDRLs), and Data Item Description (DIDs), and their use in the acquisitions process. Charts and tables. References, glossary and acronyms.

The SSCP certification is the key to unlocking the upper ranks of security implementation at the world's most prestigious organizations. If you're serious about becoming a leading tactician at the front lines, the (ISC) Systems Security Certified Practitioner (SSCP) certification is an absolute necessity-demanded by cutting-edge companies worldwid

"One of the features of the Criteria that is required of a secure system is the enforcement of discretionary access control (DAC). DAC is a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a user or process given discretionary access to information is capable of passing that information along to another subject. This guide discusses issues involved in designing, implementing and evaluating DAC mechanisms. Its primary purpose is to provide guidance to manufacturers on how to select and build effective DAC mechanisms."--DTIC