September 1988
·
8 Reads
X-LOCK 50 Version 2.0, has been evaluated by the National Computer Security Center (NCSC). X-LOCK 50 is considered to be a security subsystem rather than a complete trusted computer system. Therefore it was evaluated against a relevant subset of the requirements from the Department Of Defense trusted computer system evaluation criteria (Criteria), dated December 1985. The features included in this evaluation were Identification and Authentication (I&A), a limited form of Discretionary Access Control (DAC), and a limited form of Object Reuse (OR). The NCSC evaluation team has determined the X-LOCK 50 when configured as tested, is capable of applying these security features on an IBM PC/XT or PC/AT. I&A is maintained on the protected computer by requiring that user's wanted a valid user identification, and password prior to gaining access to the system. The discretionary access control is implemented on a limited scale by allowing or denying an individual user access to the system or hard disk. Privileges assigned to users are determined by the superuser, (the system security administrator) when user accounts are being established. Object reuse, which is implemented at the user's discretion, only writes over specified files and does not take into consideration other locations (e.g., memory buffers) which could contain residual data. Object reuse implemented in this manner does not meet the Department Of Defense trusted computer system evaluation criteria.