OPERATING SYSTEM SECURITY COMPONENTS REQUIREMENTS
[Integrate information from step 7. Provide operating system security components. Review operating system resources, trusted computing and trusted computing base. Include requirements for segmentation by operating system rings that: 1) ensure processes do not affect each other; 2) provide example of such as process that could violate the segmentation mechanism and prevents from happening; 3) specify requirement statements that include: a) trusted platform module (TPM); b) a cryptographic key is supplied at chip level; and c) describe expected security gain from incorporating this TPM; 4) provide requirements statements that ensure trusted computing base (TCB) and give examples of components to consider in the TCB; 5) provide requirements of how to ensure protection of these components such as authentication procedures and antimalware protection.]
MILS REQUIREMENTS
[Integrate information from step 8. Write requirements for multiple independent levels of security (MILS). Include that vendor will be devising prototyping test plans and executing tests against sample databases to determine requirements for access, access control, authentication and security models that define read and write access. Also access to data will be accomplished using security concepts and security models that ensure confidentiality and integrity of data. Best to review access control and authentication. Health care database should have capabilities for MILS. Lastly, include organization plans on expanding user base of the database, web interface, database read, and write and access controls should be built incorporating security models. Before writing the requirement statement review MILS, cybersecurity models and insecure handling. Include in the statement: 1) definitions and stipulations for cybersecurity models; 2) the Biba Integrity, Bell-LaPaula, Chinese Wall Models and any limitations for the application of these models. Include requirement statements regarding vendor’s insecure handling solutions based on the definitions of the security model included in requirements statement.]
