I. Background and history of CSC standard:
1 and CSC standards were promulgated by the US Department of Defense in 1983, which provided a set of security assessment standards for the federal government's computer systems. This standard is widely used in American industry, academia and other fields.
2.CSC standard consists of four levels: D, C, B and A, and the levels are gradually rising, and the requirements are becoming more and more strict. This standard was the most perfect and detailed computer system security standard in the world at that time, which had a far-reaching impact on the formulation of computer security standards later.
Second, the purpose and importance of CSC standard:
The main purpose of 1 and CSC standards is to protect the information stored, processed and transmitted in the computer system from illegal access, tampering, copying or destruction, ensure the continuous and stable operation of the computer system, and protect the hardware, software and personnel in the computer system from various threats.
2. The importance of 2.CSC standard lies in that it establishes a complete set of safety evaluation standards for computer systems, so that the safety performance of computer systems can be evaluated scientifically, objectively and comprehensively, and it also provides some guidance and support for the design, implementation and maintenance of computer systems.
Three. Main contents and evaluation requirements of CSC standard:
The evaluation requirements of 1 and CSC standards include physical security, personnel security, communication security, operating system security, application security and data security.
2. It is required that the appraised object must have complete physical safety measures, including access control, monitoring and anti-theft. A safety system and training plan must be established to ensure that the safety awareness and behavior of personnel conform to the regulations. We need encryption, authentication, anti-tampering, anti-virus and other technical means to ensure the security of communication. Operating systems and applications are required to have sufficient security performance, and detailed security tests should be conducted before these softwares are released.