Xref: utzoo comp.sys.hp:7733 comp.unix.questions:28784 comp.unix.internals:2089
Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!spool.mu.edu!samsung!munnari.oz.au!brolga!bunyip.cc.uq.oz.au!oat!qut.edu.au!cszrhodes
From: cszrhodes@qut.edu.au (Tony Rhodes)
Newsgroups: comp.sys.hp,comp.unix.questions,comp.unix.internals
Subject: Orange book levels for HP-UX versions
Message-ID: <1991Feb18.165006.24108@qut.edu.au>
Date: 18 Feb 91 21:50:05 GMT
Organization: Queensland University of Technology
Lines: 27

First of all, apologies if you have seen this message before and/or some of 
my test posts. Having some problems with the mailer.

At the moment I am working on a paper with some other people concerning the 
security of HP-UX. The paper is along the theme of evaluating the security 
provided by HP-UX from a non-privileged user perspective using the criteria 
discussed in the European "White Book", Information Technology Security 
Evaluation Criteria (ITSEC).

What we wish to verify are the claimed TCSEC "Orange Book" ratings for 
HP-UX 6.0  C1 ??
HP-UX 7.0  C2 ??
HP-UX 8.0  >C2 ????

Also, can anyone verify if and when HP recieved its certificate with the 
appropriate rating and official seal from the NCSC for each of these 
versions.

Finally, what security changes/additions did HP have to make to HP-UX to 
achieve each of the ratings for the particular versions.

I will post a summary of responses to the net if sufficient interest is 
shown.

Please reply by direct e-mail.

Thank you in advance.