US Federal Information Technology Security Criteria
The Federal Criteria for Information Technology Security (Federal Criteria for Information Technology Security) were developed as one of the components of the American Federal Standard for Information Processing (Federal Information Processing Standard), designed to replace the Orange Book. The developers of the standard were the National Institute of Standards and Technology of the USA (Nationa Institute of Standards and Technology) and the National Security Agency of the USA (National Security Agency). This review is based on version 1.0 of this document, published in December 1992.
This document was developed based on the results of numerous studies in the field of information technology security in the 1980s and early 1990s, as well as on the basis of an analysis of the experience of using the Orange Book.
Federal Information Technology Security Criteria (hereinafter, simply Federal Criteria) cover almost the full range of problems related to protection and security, since they include all aspects of ensuring confidentiality, integrity and operability.
The main objects of application of the safety requirements of the Federal Criteria are:
Information Technology Products;
information processing systems (Information Technology Systems).
An information technology product (hereinafter simply an IT product) is understood as a set of hardware and/or software tools, which is a ready-to-use information processing tool supplied to the end user.
As a rule, an IT product is not operated autonomously, but is integrated into an information processing system, which is a set of IT products combined into a functionally complete complex designed to solve applied problems. In some cases, an information processing system may consist of only one IT product that provides solutions to all the tasks facing the system and meets security requirements. From a security point of view, the fundamental difference between an IT product and an information processing system is determined by their operating environment. An information technology product is usually developed with the expectation that it will be used in many information processing systems, and, therefore, the developer should focus only on the most general assumptions about the operating environment of his product, including application conditions and general threats. On the contrary, the information processing system is being developed to solve applied problems based on the requirements of end users, which allows us to fully take into account the specifics of impacts from a specific operating environment.
The federal criteria contain provisions related to individual information technology products. The issues of building information processing systems from a set of IT products are not the subject of consideration in this document.
The provisions of the Federal Criteria relate to proprietary means of ensuring the security of IT products, i.e. protection mechanisms built directly into these products in the form of appropriate software, hardware or special tools. To increase their effectiveness, external protection systems and security measures can be additionally applied, which include both technical means and organizational measures, legal and legal norms. Ultimately, the security of an IT product is determined by the combination of its own security tools and external tools.
The key concept of the information security concept of the Federal Criteria is the concept of a Protection Profile. The protection profile is a regulatory document that regulates all aspects of the security of an IT product in the form of requirements for its design, development technology and qualification analysis. As a rule, one Security Profile describes several IT products that are similar in structure and purpose. The main focus of the Protection Profile is on the requirements for the composition of protective equipment and the quality and implementation, as well as their adequacy to perceived security threats.
The federal criteria represent the process of developing information processing systems, starting with the formulation of requirements by consumers and ending with commissioning, in the form of the following main stages:
1. Development and analysis of the Protection Profile. The requirements set out in the Security Profile define the functionality of IT products to ensure security and the operating conditions under which compliance with the requirements is guaranteed. In addition to security requirements, the Protection Profile contains requirements for compliance with technological discipline in the process of developing, testing and qualification analysis of an IT product.
The security profile is analyzed for completeness, consistency and technical correctness.
2. Development and qualification analysis of IT products.
The developed IT products are subjected to an independent analysis, the purpose of which is to determine the degree of compliance of the product characteristics with the requirements and specifications formulated in the Protection Profile.
3. Layout and certification of the information processing system as a whole. Successfully qualified security level IT products are integrated into the information processing system. The resulting system must meet the requirements stated in the Protection Profile, subject to the operating conditions specified therein.
Federal criteria regulate only the first stage of this scheme - the development and analysis of the Security Profile, the process of creating IT products and the layout of information processing systems remain outside the framework of this standard.
Protection profile.
1) Description.
Information for its identification in a special file (characteristics of the security problem).
2) Justification.
Description of the operating environment, perceived threats and methods of using the IT product; a list of security tasks solved using this profile.
3) Functional requirements for the IT product.
Defining the conditions in which security is ensured in the form of a list of parried threats.
4) Requirements for the technology of IT product development.
Requirements for the development process itself, the conditions in which it is carried out, the technological means used, and the documentation of the process.
5) Requirements for the certification process. The certification procedure in the form of a standard testing and analysis methodology is the stages of developing a protection profile.
1) Analysis of the IT product application environment from the point of view of security.
2) Choosing a prototype profile.
3) Synthesis of requirements.
The selection of the most significant protection functions, their ranking by degree of importance in terms of ensuring the quality of protection.
After development, the protection profile is checked to confirm completeness, correctness, consistency and feasibility.
Classes of functional requirements for an IT product.
1) Security policy.
2) Monitoring of interactions.
3) Logical protection of the TSv.
requirements for the correctness of external subjects in relation to the subjects of the TSV;
requirements for interaction interfaces.
4) Physical protection of the TSv.
5) Self-control of the TSv.
6) Initialization and restoration of the TSv.
7) Limitation of privileges when working with TSv.
8) Ease of use of TSv.
Classification of functional requirements.
1. The breadth of the scope of application.
System users, access subjects and objects; TCB functions and interaction interface; hardware, software and special components; configuration parameters.
2. The degree of detail.
It is defined by a set of attributes of entities to which these requirements apply.
3. Functional composition of protective equipment.
It is determined by the set of functions included in the TCB to implement a group of requirements.
4. The level of security provided.
It is determined by the conditions in which the system components are able to withstand a given set of threats.
So, the Federal Information Technology Security Criteria is the first information security standard, which defines three independent groups of requirements: functional requirements for security tools, requirements for development technology and for the qualification analysis process. The authors of this standard for the first time proposed the concept of a Security Profile - a document containing a description of all security requirements for both the IT product itself and the process of its design, development, testing and qualification analysis.
The functional safety requirements are well structured and describe all aspects of the operation of the TSv. The requirements for the development technology, which first appeared in this document, encourage manufacturers to use modern programming technologies as a basis for confirming the safety of their product.
The requirements for the qualification analysis process are general in nature and do not contain specific methods for testing and researching the security of IT products.
The developers of the Federal Criteria abandoned the approach used in the Orange Book to assess the level of security of an IT product based on a generalized universal scale of security classes. Instead, an independent ranking of the requirements of each group is proposed, i.e., instead of a single scale, a variety of private scale criteria are used that characterize the level of security provided. This approach allows developers and users of an IT product to choose the most appropriate solution and accurately determine the necessary and sufficient set of requirements for each specific IT product and its operating environment.
The standard considers the elimination of deficiencies in existing security tools as one of the tasks of protection, along with countering security threats and implementing a security model.
This standard marked the emergence of a new generation of guidance documents in the field of information security, and its main provisions served as the basis for the development of Canadian Computer System Security Criteria and Unified Information Technology Security Criteria.
