Computer Security Requirements -- Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments [open pdf - 406KB]
"This document establishes computer security requirements for the Department of Defense (DoD) by identifying the minimum class of system required for a given risk index. The classes are those defined by CSC-STD-001-83, Department of Defense Trusted Computer System Evaluation Criteria (henceforth referred to as the Criteria). (1) A system's risk index is defined as the disparity between the minimum clearance or authorization of system users and the maximum sensitivity of data processed by the system. The recommendations in this document are those that the DoD Computer Security Center (DoDCSC) believes to be the minimum adequate to provide an acceptable level of security. These recommendations are made in part due to the fact that there is no comprehensive policy in effect today which covers this area of computer security. Where current policy does exist, however, this document shall not be taken to supersede or override that policy, nor shall it be taken to provide exemption from any policy covering areas of security not addressed in this document. Section 2 of this document provides definitions of terms used. Risk index computation is described in Section 3, while Section 4 presents the computer security requirements."
Defense Technical Information Center (DTIC): http://www.dtic.mil/dtic/