Certifications
NIAP Compliance
TCS satisfies the requirements of the U. S. Government DoD and Intelligence Community and complies with NIAP and NSTISSP 11 requirements in the following manner:
TCS uses either Red Hat Enterprise Linux v.5 or Sun Microsystems’ Trusted Solaris v.8 as the base OS for TCS products. Both of these operating systems are NIAP approved, Common Criteria EAL-4 evaluated operating systems and serve as the security enforcement mechanism and “base” for all of the company’s COTS products and custom solutions. After development (but before deployment) of a TCS COTS product or a new customized capability, TCS solutions are put through the full rigor of an accreditor-approved Independent Validation and Verification (IV&V) testing process. A typical IV&V activity for TCS solutions is the NSA Certification, Test and Evaluation (CT&E) process, which includes a request by a Government customer to NSA for a Solution Security Assessment of the system, which includes full SR1-9 testing by NSA. After NSA performs the assessment, the findings are reported to the appropriate government body and/or Designated Approval Authority (DAA) for consideration as a part of the body of evidence for final approval. This comprehensive process has been in place for many years and has led to numerous successful accreditations and approvals for operational use.
NOTE: Red Hat Enterprise Linux v.5 (RHEL5) and Solaris v. 10 with Trusted Extensions are both Common Criteria (CCEVS) EAL4 evaluated against three (3) Protection Profiles: Label Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP) and Role-Based Access Control Protection Profile (RBACPP).
|
