(O) /U.S. DoD/▾
Assurance levels for PKIs, and for X.509 public key certificates issued by a PKI. [DoD7] (See: "first law" under "Courtney's laws".) "Class 2": Intended for applications handling unclassified, low value data in minimally or moderately protected environments. "Class 3": Intended for applications handling unclassified, medium value data in moderately protected environments, or handling unclassified or high value data in highly protected environments, and for discretionary access control of classified data in highly protected environments. "Class 4": Intended for applications handling unclassified, high value data in minimally protected environments. "Class 5": Intended for applications handling classified data in minimally protected environments, and for authentication of material that would affect the security of classified systems. The environments are defined as follows: "Highly protected environment": Networks that are protected either with encryption devices approved by NSA for protection of classified data or via physical isolation, and that are certified for processing system high classified data, where exposure of unencrypted data is limited to U.S. citizens holding appropriate security clearances. "Moderately protected environment": Physically isolated unclassified, unencrypted networks in which access is restricted based on legitimate need. Networks protected by NSA approved, type 1 encryption, accessible by U.S. authorized foreign nationals. "Minimally protected environments": Unencrypted networks connected to either the Internet or NIPRNET, either directly or via a firewall.