Kent Covert ([log in to unmask]) wrote: > VMS (C2 security) and SEVMS (B1 security) (If memory serves, only 2 systems > have ever achieved A level security - one was a Honeywell system and I > don't remember the other). Many of the security features now being added Actually I don't think any system has ever met A level specifications, not that it really matters to most mortals. My trusty Orange Book is nowhere near me, but I think the only difference between B2 and A is design level specifications, such as proof of correctness of the security model. So it's possible for a B2 certified system to become an A certified system without changing a line of code. I believe that there are still some requirements of A level which are still beyond the state of the art in systems analysis, which is why no systems are yet A level. If anyone can point me to any systems that are A level evaluated, I'd love to see information on it. :) -- Randy Kaelber: [log in to unmask] DARS Programmer/Analyst, Miami University, Oxford, OH 45056 USA http://avian.dars.muohio.edu/~kaelbers/ "...As the most participatory form of mass speech yet developed, the Internet deserves the highest protection from governmental intrusion." -District Judge Stewart Dalzell, in ACLU et al. v. Reno, USAG; ALA Inc., et al. v. US DOJ et al. June 12, 1996 US District Court, Eastern PA