[Security_sig] Conf. call minutes 6/10
ereed at novell.com
Sun Oct 24 11:24:49 PDT 2004
hmmmm...remember, Makan - EAL4 and MAC are completely
MAC is a feature, support for some security policy.
EAL4 is an assurance level associated with the design, development,
delivery, installation, and support of the system, whatever
For instance, it's quite common for systems supporting the
Controlled Access Protection Profile (CAPP) to support either
EAL3 or EAL4 levels of assurance, though they only have
Discretionary, not Mandatory, Access Controls.
CGL may well require EAL4 and still not support MAC.
>>>Makan Pourzandi <Makan.Pourzandi at ericsson.com> 06/10/04 6:07 pm >>>
>Emily: MAC is in CGL spec w/ priority level 3. Is this required?
I remember in the Market Requirement Document (MRD) for CGL 3.0 which
was sent to the cgl-specs mailing list several months ago, there was a
requirement to support EAL 4 for cgl 3.0. What happened to that
requirement? Am I right to think that if we want to support that
requirement we should have MAC?
I believe that requirement has been added to MRD because many
governments ask for EAL 4 compliance for "important" systems (included
many carrier grade servers). Am I right to think so or it's not yet
implemented in the facts?
Ericsson Research Canada
*This email does not represent or express the opinions of Ericsson Inc.
security_sig mailing list
security_sig at lists.osdl.org
More information about the security_sig