I'm still trying to figure out what is meant by the claims in some of the press
releases from Microsoft on their C2 evaluation - these claims say that NT is
*actually* compliant with B2 capabilities, but that Microsoft decided to only
submit it for C2 evaluation.
Does this mean that NT enforces a Mandatory Access Control policy based on the
Bell-LaPadula model? If so, which release of NT does this - certainly not the
one we're running on our LAN. Also, I presume this claim to mean Microsoft has
done a covert channel analysis. Why, I wonder, if they'd gone to all the
trouble of doing the covert channel analysis and including the MLS Trusted
Computing Base in NT did they settle for a C2 evaluation? And if they really do
have these claimed B2 capabilities, why are there two vendors in California
struggling to "B2-ise" NT?
K.M. Goertzel * Manager, Business Development
Secure Systems & Services Operation * WANG FEDERAL, Inc.
tel (703)827 3914 * fax (703)827 3161 * email goertzek @
"An elephant: a mouse built to government specifications"
- Robert Heinlein