Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.questions
Subject: Re: gov't certified "secure" Unix
Keywords: security
Message-ID: <10553@smoke.BRL.MIL>
Date: 19 Jul 89 06:52:15 GMT
References: <310@pwa-b.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 23

In article <310@pwa-b.UUCP> miorelli@pwa-b.UUCP (BoB Miorelli) writes:
>Are any Unix systems certified as `secure' by the government?  I'm
>looking for versions and level of security (such as C2, B1, etc.)

NCSC has rated a special version of Gould's UTX/32 at the C2 level.
AT&T's System V/MLS Release 1.1 is currently being evaluated at the
B1 level and may be certified this fall.
Trusted Information Systems's Secure Xenix Version 1.1 is also under
evaluation, for level B2, but will probably not be certified until
mid-1990.

System V/MLS was being demonstrated at the recent USENIX conference
in Baltimore.  It looked really nice, and has one additional feature
that made my mouth water:  An attached 630 MTG terminal was
downloaded with trusted software that maintained multiple window
layers AT DIFFERENT SECURITY LEVELS and properly constrained the
otherwise free transfer of information among them by the terminal's
built-in mouse-driven text editing features.

I hope that in the not too distant future, MLS features will be
provided as configurable options packaged with the standard AT&T
UNIX source releases.  There are corporate uses for enforced security
levels outside the government/military.