Computing Platform Architecture and Security Criteria - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Information Assurance Menus

Information Assurance Menu

Information Assurance About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA News IA Events Open for Registration Closed for Registration Scheduled IA Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Cisco Router Guides Current Guides Database Servers Fact Sheets IPv6 Operating Systems Apple Mac Operating Systems Linux Microsoft Windows Sun Solaris Supporting Documents Switches VoIP and IP Telephony Vulnerability Technical Reports Web Server and Browser Guides Wireless Standards Profiles System Level IA Guidance TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated TEMPEST Zoned Equipment IA Academic Outreach National Centers of Academic Excellence in IA Education CAE/IAE Program Criteria CAE-R Program Criteria Colloquium Institutions SEAL Program Applying FAQs IA Courseware Evaluation Program Institutions FAQs Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program National IA Research Laboratory Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Global Information Grid High Assurance Platform Releases Computing Platform Architecture and Security Criteria IA Training and Rating Program Inline Media Encryptor Suite B Cryptography IA Careers Contact Information	Skip Search Box Searchbox Computing Platform Architecture and Security Criteria - NSA/CSS The Computing Platform Architecture and Security Criteria (CPC) are the documents that formally define the computing platform architecture, the platform components, and the computing platform instances. The CPC is the basis against which product developers can demonstrate component-level or component set-level compliance of their products, and system integrators can demonstrate platform-level compliance of the platforms they integrate. The CPC has 3 sections (see Figure 1): Concepts - This section discusses the concepts of the computing platform and of the components that comprise the computing platform. It also discusses employment of computing platforms to support user organizations. Platform Components - This section defines the security functional requirements and interoperability requirements that drive component development and defines the assurance criteria against which each platform component or platform component-set is measured to establish compliance. Guidance is provided to aid in the understanding of the requirements and how they can be met. This section of the CPC also provides for the secure integration of organizational infrastructures (i.e., applications and services). Organizational infrastructures execute on the computing platform and provide the functionality for organizational mission/business needs. The CPC supports secure integration of organizational infrastructure by defining the platform exported services in terms of functionality at their interfaces, and the assurances to demonstrate that platform exported services are being used properly. Note that organizational services may leverage the platform-exported services to satisfy mission/business needs for any critical function, be it security-critical, safety-critical, or mission-critical. Computing Platform Instances - This section defines the requirements for combining allowed subsets of platform components to compose platform instances and provides guidance to aid in understanding the requirements and how they can be met. CPC Target Audiences Developers: Developers of technology components or solutions can architect, design, and implement computing platform-compliant components such that they possess operational and security functional and assurance properties necessary to construct a platform instance. Integrators: System integrators can select and integrate specific computing platform-compliant components such that the composed platform instance possesses the functional and assurance properties necessary to obtain all required certifications and approvals for operation. Assurors: Entities responsible for evaluation, certification, and accreditation of IA solutions can develop a strategy to determine the sufficiency and completeness of a platform instance. The strategy includes the types of assurance activities performed (analysis, test, assessment, etc) and the specific evidence that is generated. End-Users: The user community can state requirements for use in system acquisition. Figure 1 - Computing Platform Architecture and Security Criteria The HAP Program leads the effort to develop the CPC and takes responsibility for addressing security concerns related to all aspects of the platform definition. The HAP Program will collaborate with subject matter experts from industry, academia and the operational user community to aid in the CPC development and will rely on these subject matter experts to address all other concerns presented in defining the platform. The CPC is expected to leverage current and past efforts related to computing platform technologies and security. Figure 2 depicts some of the CPC influences. Figure 2 - CPC Influences
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom