class 2, 3, 4, 5

Assurance levels for PKIs, and for X.509 public-key certificates issued by a PKI. [DoD7] (See: "first law" under "Courtney's laws".)

• "Class 2": Intended for applications handling unclassified, low-value data in minimally or moderately protected environments.
• "Class 3": Intended for applications handling unclassified, medium-value data in moderately protected environments, or handling unclassified or high-value data in highly protected environments, and for discretionary access control of classified data in highly protected environments.
• "Class 4": Intended for applications handling unclassified, high-value data in minimally protected environments.
• "Class 5": Intended for applications handling classified data in minimally protected environments, and for authentication of material that would affect the security of classified systems.

The environments are defined as follows:

• "Highly protected environment": Networks that are protected either with encryption devices approved by NSA for protection of classified data or via physical isolation, and that are certified for processing system-high classified data, where exposure of unencrypted data is limited to U.S. citizens holding appropriate security clearances.
• "Moderately protected environment": -- Physically isolated unclassified, unencrypted networks in which access is restricted based on legitimate need. -- Networks protected by NSA-approved, type 1 encryption, accessible by U.S.-authorized foreign nationals.
• "Minimally protected environments": Unencrypted networks connected to either the Internet or NIPRNET, either directly or via a firewall.