The ability to enhance security in information systems and networks is limited by the operating systems that underpin them. Recognizing this, the Institute of Electrical and Electronics Engineers (IEEE) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems.. . .
The ability to enhance security in information systems and networks is limited by the operating systems that underpin them. Recognizing this, the Institute of Electrical and Electronics Engineers (IEEE) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems.

The standard, IEEE P2200(TM), "Base Operating System Security (BOSS(TM))," will address external threats and intrinsic flaws arising from software design and engineering practices. Anyone with expertise in software engineering, metrics for software, cyber security, operating system development and related areas is invited to participate. Plans call for the standard to be completed on an accelerated schedule by the end of 2004.

IEEE P2200 will build on guidance issued by the U.S. National Institute of Standards and Technology (NIST) couched in terms of protection profiles within the International Organization for Standards (ISO) Common Criteria (CC) framework. It will address essential functions for cross-platform security, including identification and authentification, access control and key cryptographic concepts.

Also visit the Slashdot discussion on this topic.

The link for this article located at IEEE / Businesswire is no longer available.