Type-1 certification (TOP SECRET) focuses on Development Methodology. How would you address this certification issue with your hypothetical company (any company) for your system (for example: operating system) that you are trying to certify at the TOP SECRET level? This certification issue focuses on two areas: (a) Software Development Process and (b) Life Cycle Model.
Hint: Remember; you are focusing on security as your top priority for this case and not necessarily performance. (All the external information (outside of your textbook) you need to answer this question is on the Internet (you can also use other textbooks and hardcopy documentation as well as the Internet) and you don't need a security background on this subject. This is a capstone question to get you thinking as a computer security system designer for information assurance.© BrainMass Inc. brainmass.com October 10, 2019, 3:14 am ad1c9bdddf
An example of how I would address this certification issue
Top Secret level provides a means to establish access controls for the information in the system that is to be designed, created, and implemented. The objective is to restrict access to unauthorized users and/or programs. The Top Secret category is "Confidential". Therefore, the system has System Level Access Controls that focus on two areas: (a) Software Development Process and (b) Life Cycle Model to provide restricted access to unauthorized users and/or programs.
"Discretionary Access Control restricts access to objects (files, data, and programs) based on the identity of the subject (user or program) (S., & J., 2003).
Mandatory Access Control restricts access to ...
The expert examines how to address certification issues with a hypothetical company.