The P2200 Base Operating System Security working group will look at creating baseline consistent security requirements for commercial off-the-shelf operating systems, using the Common Criteria standards as a starting point.
Common Criteria is a set of International Standards Organization profiles used to determine whether a security product meets certain basic requirements. In the US, CC is administered by the National Institute of Standards and Technology.
But the IEEE said that using the CC framework is optional, and that the final standard will not necessarily look like CC. Varying standards will likely be created for different types of operating systems.
The organization said that BOSS will address identification, authentication, access control and cryptographic concepts. Currently the plan is to have something completed before the end of next year.
Jack Cole, chair of the working group, said that input is being encouraged from OS developers, government, and end users in the financial and process control industries – critical infrastructure managers and the likely early adopters of such technology
We must have as much buy-in as possible, so the standard is widely used and supported by both producers and users, Cole said in a statement.
Group vice chair Gary Stoneburner added: It also will take advantage of the ISO Common Criteria framework as a tool, not a requirement. and that the effort helps by moving OS security standards from government edict to community consensus.
Source: Computerwire
