Security Standards

XSSO-PAM provides a standard interface between applications and sign-on systems so that whatever the underlying technology of the application's authentication technology, they will plug-and-play with a 'coordinating primary' single sign-on system.

A generally accepted definition of authorization is the granting of access rights to a subject (for example, a user or a program).

CDSA is a set of layered security services that provides the infrastructure for extensible and interoperable security solutions. It provides complete flexibility through the use of plug-in security modules that use common Application Programming Interfaces (APIs).

The CDSA/HRS (Common Data Security Architecture: Human Recognition Service) API uses the EMM (Elective Module Manager) facilities provided in the CDSA CSSM (Common Security Services Manager), to provide a generic authentication service for CDSA.

This document is based on the Defense Information Systems Agency (DISA), Common Operating Environment (COE) Platform Compliance Criteria, Security Software Requirements Specification (SSRS).

Superseded by C17B

The Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security.

This standard enables enterprises to automate security compliance for their systems in a consistent manner, thereby assuring compliance with applicable regulations, while also achieving major cost savings.

This Role-Based Access Control (RBAC) standard defines a set of authorizations consistent with the generally accepted tasks assigned to administrative users, granting them the privileges necessary to perform their administrative duties, within a common set of administrative roles to be predefined on UNIX® systems.

The O-DM standard defines how to construct a data model to manage risk and build trust on organizational dependencies between enterprises, or between operational divisions in a large organization.