Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following list includes some of the most important requirements of C2-level security, as defined by the U.S. Department of Defense:
- It must be possible to control access to a resource by granting or denying access to individual users or named groups of users.
- Memory must be protected so that its contents cannot be read after a process frees it. Similarly, a secure file system, such as NTFS, must protect deleted files from being read.
- Users must identify themselves in a unique manner, such as by password, when they log on. All auditable actions must identify the user performing the action.
- System administrators must be able to audit security-related events. However, access to the security-related events audit data must be limited to authorized administrators.
- The system must be protected from external interference or tampering, such as modification of the running system or of system files stored on disk.