Evaluation issues for an integrated 'INFOSEC' product

Abstract

In recent years it has been recognized that the protection of classified and sensitive information in an distributed, automated processing environment requires a total 'information security' (INFOSEC) solution, combining both communications and computer security technologies into an integrated security solution. While the need for INFOSEC solutions is clearly recognized, the commercial availability of true INFOSEC products is extremely limited or non-existent. The authors discuss the evaluation issues involved in an effort to take evaluated COMSEC technology and evaluated trusted system technology, and integrate them into a evaluatable INFOSEC product.<>