 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ |
If
it cannot be enforced, it’s a fantasy, not a policy!
|
|
|
| ¨ |
Unenforceable:
|
|
|
|
– |
Prevent
disclosure of sensitive information to unauthorized users
|
|
| ¨ |
(Possibly)
Enforceable:
|
|
|
|
– |
Ensure
that all information flows only to (or from) authorized
|
|
|
programs.
|
|
|
|
– |
Ensure
that all disclosure of information to entities outside the
|
|
|
control
of the system (including users and their agents) is via
|
|
|
trusted software.
|
|
|
|
– |
Ensure
that when information crosses a multiplexed protection
|
|
|
boundary,
it does so via trusted
software
|
|
|
|
– |
Where
“trusted software” means: “has been verified to comply
|
|
|
with
the applicable provisions of the security policy.”
|
|