Implementing and Administering a Multilevel Secure System

ctsfz
This topic discusses implementing and administering a multilevel secure system.
 
 
Implementation Checklist
Use the following checklist to track completion of each step of the implementation process:
Task
 
Determine who will administer MLS
Delegate MLS administrative authority (optional)
Select what to classify with a security label
Define security levels
Define categories (optional)
Define security labels
Activate security levels, categories, and security labels
Assign security labels to objects
Assign security labels to data sets
Assign security labels to resources
Assign security labels to DB2 resources
Assign security labels to IP addresses
Assign security labels to UNIX files and directories
Assign security labels to UNIX IPC objects
Assign security labels to users
Establish the MLS environment
Define the MLS Control Options
Require security labels (optional)
UNIX files and directories (optional)
UNIX IPC objects (optional)
Prohibit write-down (optional)
Activate “controlled write-down” (optional)
Activate name hiding (optional)
Activate system-specific security labels (optional)
Change the MODE setting
Activate MLS in DORM mode
Test MLS in DORM mode
Activate MLS in WARN mode
Test MLS in WARN mode
Fine-tune MLS in WARN mode
Migrate MLS to FAIL mode
Deactivate MLS
Monitor MLS
HELP MLS command
TSS WHOAMI command
MLWRITE command
MODIFY(STATUS(MLS)) command
LIST(MLS) command
Audit MLS
Check authorization
TSSUTIL Report Generator
TSS sectrace
Trace SAF requests
Trace OMVS
Use ISPF panels to administer MLS
Use TSS commands to administer MLS
Documentation to Help with Installing and Configuring an MLS System
The following publications may be required to install and configure an CA Top Secret MLS system:
  • IBM z/OS 
    Assembler Guides
     
  • IBM z/OS
    CICS Guides
     
  • IBM z/OS 
    Communications Server Guides
     
  • IBM z/OS
     DB2 Guides
     
  • IBM z/OS 
    DFP Guides
     
  • IBM z/OS 
    DFSMS Guides
     
  • IBM z/OS 
    DFSORT Guides
     
  • IBM z/OS 
    Distributed File Service Guides
     
  • IBM z/OS 
    IMS Guides
     
  • IBM z/OS 
    Hardware Guides
     
  • IBM z/OS 
    ISPF Guides
     
  • IBM z/OS 
    JES2 Guides
     
  • IBM z/OS 
    JES3 Guides
     
  • IBM z/OS 
    MQSeries Guides
     
  • IBM z/OS 
    MVS Guides
     
  • IBM z/OS 
    Printer Services Facility (PSF) Guides
     
  • IBM z/OS 
    RMF Guides
     
  • IBM z/OS 
    SDSF Guides
     
  • IBM z/OS 
    Security Server RACROUTE Macro Reference
     
  • IBM z/OS 
    SMP/E Guides
     
  • IBM z/OS 
    TSO/E Guides
     
  • IBM z/OS 
    UNIX System Services (USS) Guides
     
  • IBM z/OS 
    VTAM Guides
     
The following guides are not required to install and configure an CA Top Secret MLS system, but provide important information on the National Computer Security Center (NCSC) evaluation criteria and trusted systems:
  • Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer Systems Evaluation Criteria in Specific Environments (CSC-STD-003-85)
  • Department of Defense Trusted Computer System Evaluation Criteria (DOD 5200.28-STD)
  • Department of Defense Password Management Guideline (CSC-STD-002-85)
  • Introduction to Certification and Accreditation (NCSC-TG-029)
  • Ratings Maintenance Phase Program Document (NCSC-TG-013)
  • Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments (CSC-STD-004-85)
  • Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria (NCSC-TG-005)
  • Turning Multiple Evaluated Products into Trusted Systems (NCSC Tech. Report-003)
  • Use of the Trusted Computer Systems Evaluation Criteria (TCSEC) for Complex, Evolving, Multipolicy Systems (NCSC Tech. Report-002)