C2-Level Security

Windows NT/Windows 2000 supports C2-level security as defined by the U.S. Department of Defense. Following are some of the most important requirements of C2-level security:

• It must be possible to control access to a resource by granting or denying access to individual users or named groups of users.
• Memory must be protected so its contents cannot be read after a process frees it. Similarly, a secure file system, such as NTFS, must protect deleted files from being read.
• Users must identify themselves in a unique manner when they log on. All auditable actions must identify the user performing the action.
• System administrators must be able to audit security-related events. Access to this audit data must be limited to authorized administrators.
• The system must protect itself from external interference or tampering, such as modification of the running system or of system files stored on disk.