[Security_sig] Conf. call minutes 6/10

Ed Reed ereed at novell.com
Sun Oct 24 11:24:49 PDT 2004

hmmmm...remember, Makan - EAL4 and MAC are completely 
unrelated things.  

MAC is a feature, support for some security policy.

EAL4 is an assurance level associated with the design, development,
delivery, installation, and support of the system, whatever
its functionality.

For instance, it's quite common for systems supporting the
Controlled Access Protection Profile (CAPP) to support either
EAL3 or EAL4 levels of assurance, though they only have
Discretionary, not Mandatory, Access Controls.

CGL may well require EAL4 and still not support MAC.

>>>Makan Pourzandi <Makan.Pourzandi at ericsson.com> 06/10/04 6:07 pm >>> 
>Emily:  MAC is in CGL spec w/ priority level 3.  Is this required? 
I remember in the Market Requirement Document (MRD) for CGL 3.0 which 
was sent to the cgl-specs mailing list several months ago, there was a 
requirement to support EAL 4 for cgl 3.0. What happened to that 
requirement? Am I right to think that if we want to support that 
requirement we should have MAC? 
I believe that  requirement has been added to MRD because many 
governments ask for EAL 4 compliance for "important" systems (included 
many carrier grade servers). Am I right to think so or it's not yet 
implemented in the facts? 
Makan Pourzandi, 
Ericsson Research Canada 
*This email does not represent or express the opinions of Ericsson Inc. 
security_sig mailing list 
security_sig at lists.osdl.org 

More information about the security_sig mailing list