Security Policy

Security requirements and Policy summary

• Security requirements determine that capability for security mechanisms to behave in some manner.

• Secure policy determines the behavior that is deemed "secure" behavior.

• For a mechanism to be deemed secure, the requirements for the capability of the mechanism must be consistent with the security policy enforcement rules, the mechanism must satisfy the security requirements, and the mechanism must be configured to behave in a manner defined by the organizational security policy.