Re: After Y2K, critical infrastructure

[Alex Pilosov <alex () pilosoft com>]

On Thu, 23 Dec 1999, I Am Not An Isp wrote:

> At 08:49 PM 12/23/99 -0500, Deepak Jain wrote:
>  >
>  >> I'm hoping the "hackers" will party and get drunk over New Year's, and 
> leave
>  >> the so-called critical infrastructure alone.  If you think you filled out a
>  >> lot of paperwork for Y2K, and you ain't seen anything yet.  I for one sleep
>  >> much better knowing Microsoft NT is certified C2 ready :-)
>  >>
>  >
>  >Sorry to ruin your sleep. NT is ONLY C2 certified as a standalone
>  >workstation. I.e. NO NETWORKING DRIVERS ENABLED.
>
> I thought you had to remove the NIC, the floppy, and a few other things, 
> not just software.  C2 *Orange* Book, not Red Book.

Actually, as surprising as it is, NT4 has been certified to be Orange Book
C2 (TCSEC, US, non-networked, December 99) and Red Book EC2 (or something
like that) (ITSEC, UK, networked, April 99).

The only thing it proves is that TCSEC and ITSEC evaluations have become  
outdated and worthless, IMHO. ;)

-alex