Baseline Security 96
Copyright © 1998 The Open Group

Product Standard
Security: Baseline Security 96
Document Number: X98XS

©January 1998, The Open Group All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the copyright owners.

Motif,® OSF/1,® UNIX,® and the "X Device"® are registered trademarks and IT DialToneTM; and The Open GroupTM; are trademarks of The Open Group in the U.S. and other countries.

Product Standard


Baseline Security 96




This Product Standard defines a guaranteed minimum level of security functionality that products must provide. It also defines specific default settings in cases where the requirement is to provide selectable security options. To be registered as conformant to this Product Standard a system must provide this level of security, or greater.

This Product Standard is platform-independent. Any system that meets the defined security level can be registered as conformant. Details of the actual system/operating system must be recorded in the Conformance Statement.


To conform to this Product Standard a product must support all the mandatory security functionality and default parameter settings defined in the X/Open XBSS Specification.1

The vendor of a product registered as conformant to this Product Standard provides a guarantee of conformance through:

The Product Identification section of the Conformance Statement must uniquely identify, in the normal way, the product that is registered as conformant to the Product Standard. However, when considering systems security, it is necessary to be more precise and identify whether the Target of Conformance (TOC) is the whole product, or whether it is a subset of the product such that usage of functionality outside the TOC could reduce the level of security of the system. (The Trusted Computing Base (TCB) is defined as the totality of protection mechanisms within an IT system, including hardware, firmware, software, and data, the combination of which is responsible for enforcing the security policy. The Target of Conformance (TOC) is the TCB together with any additional software that contains no security-relevant code. See the X/Open XBSS Specification, Section 3.4, Defining the Target of Conformance.)

The Conformance Statement must also set out the criteria that an application must meet in order to guarantee that it can be added to the TOC without compromising conformance to the X/Open XBSS Specification.

As the functionality in the X/Open XBSS Specification is defined in general terms without mandating the use of any specific application interfaces, human/computer interfaces, interchange standards, or interoperability protocols, the proforma sections that normally give the detailed requirements of these aspects are not relevant. For the same reason there are no defined Indicators of Compliance, but note that the brandee is required to have carried out comprehensive testing and to record in the Conformance Statement that this has been done.


Not applicable.


Not applicable.






Not applicable.

Any comments relating to the material contained in this document may be submitted to The Open Group at:

The Open Group
Apex Plaza
Forbury Road
Berkshire, RG1 1AX
United Kingdom
or by electronic mail to:


CAE Specification, December 1995, Baseline Security Services (XBSS) (ISBN: 1-85912-136-5, C529).