COE Security Software Requirements Specification
Copyright © 2003 The Open Group


Technical Standard
COE Security Software Requirements Specification (SSRS)
Document Number: C035
ISBN: 1-931624-31-3

©May 2003, The Open Group All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the copyright owners.

Any comments relating to the material contained in this document may be submitted to The Open Group at:

The Open Group
Apex Plaza
Forbury Road
Berkshire, RG1 1AX
United Kingdom
or by electronic mail to:


The Open Group

The Open Group, a vendor and technology-neutral consortium, has a vision of Boundaryless Information Flow achieved through global interoperability in a secure, reliable, and timely manner. The Open Group's mission is to drive the creation of Boundaryless Information Flow by:

In the global eCommerce world of today, no single economic entity can achieve independence while still ensuring interoperability. The assurance that products will interoperate with each other across differing systems and platforms is essential to the success of eCommerce and business workflow. The Open Group, with its proven certification programs, is the international guarantor of interoperability in the new century.

The Open Group provides opportunities to exchange information and shape the future of IT. The Open Group members include some of the largest and most influential organizations in the world. The flexible structure of The Open Group membership allows for almost any organization, no matter what their size, to join and have a voice in shaping the future of the IT world.

More information is available at

The Open Group has over 15 years' experience in developing and operating certification programs and has extensive experience developing and facilitating industry adoption of test suites used to validate conformance to an open standard or specification.

More information is available at

The Open Group publishes a wide range of technical documentation, the main part of which is focused on development of Technical and Product Standards and Guides, but which also includes white papers, technical studies, branding and testing documentation, and business titles. Full details and a catalog are available at

As with all live documents, Technical Standards and Specifications require revision to align with new developments and associated international standards. To distinguish between revised specifications which are fully backwards-compatible and those which are not:

Readers should note that Corrigenda may apply to any publication. Corrigenda information is published at

This Document

This document was developed by the COE Forum and is based on the Defense Information Systems Agency (DISA), Common Operating Environment (COE) Platform Compliance Criteria, Security Software Requirements Specification (SSRS). It documents the security-related criteria for COE Platform Compliance.

The requirements in this document are grouped into the following categories:

  1. Identification and Authentication (I&A)

  2. Security Audit

  3. Service Availability

  4. Discretionary Access Control

  5. Markings

  6. Object Reuse

  7. Data Confidentiality

  8. System Integrity

  9. System Architecture

  10. Trusted Facility Management

  11. Other Requirements


Boundaryless Information Flow is a trademark and UNIX and The Open Group are registered trademarks of The Open Group in the United States and other countries. All other trademarks are the property of their respective owners.


The Open Group gratefully acknowledges the Defense Information Systems Agency (DISA) as the original source of this material.

Referenced Documents

Normative references for this document are listed in Normative References.

Contents Next section