Definition
B2 security, also known as structured protection, is a specific level of security classification defined under the Trusted Computer System Evaluation Criteria (TCSEC), developed by the United States Department of Defence.
Features of B2 Security
- To achieve the B2 security level, organizations must implement a structured approach to security system design. They must establish well-defined formal security policies and ensure system documentation is current and accessible for review. Moreover, the B2 system requires that audit records be detailed, securely stored, and available only to authorized administrators.
- In other aspects, B2 security enhances B1-level protection by requiring more accuracy and sophistication when implementing mandatory access controls (MAC). Furthermore, B2 security establishes the need for a secure, tamper-proof communication channel between the user and the system.
- B2 systems must align their system architecture with the organization’s security policy. A key approach to ensure enforcement is using reference monitors, which must be separated from other system components to decrease vulnerabilities and prevent unauthorized access.