[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WinNT C2?



> A NT machine to meet DOD 5200.28 C2 rating needs to be seriously crippled
> when comapired to normal operation. No removable media, No Modem, No
> Network Connection, hell pluging the dam thing and turning it on probably
> puts it's C2 rating in jepordy.
> 
> The reason M$ downplays their C2 rating is that in average day to day use
> of this OS it does not meet this rating.
> 
> NT has never had any RedBook rating and is not certified for use in a
> secure network.

In addition to the converstaion, MS says:
Microsoft has opted not to include certain components of Windows NT in the
evaluation process, not because they would not pass the evaluation, but to
save time by reducing the load on the NSA. Additionally, the
MS-DOS/Windows on Windows (WOW) system may be treated as a Win32
application and would therefore not need to be evaluated as part of the
Trusted Computer Base (TCB). Networking on NT may not have to go
through the "Red Book," or "Trusted Network Interpretation." It may be
enough to consider networking to be another subsystem, and therefore only
the Orange Book would apply. New or modified components and other hardware
platforms can go through a "RAMP" process to be included in the evaluation
at a later time. 

http://support.microsoft.com/support/kb/articles/q93/3/62.asp
[Isn't it great, you have to register for FREE support?]

-Jim