Name:independent computer and tool use by auditors
Auditors create independent systems that permit them to review
the content of a system under review with reduced dependency on the hardware
and software in the system under review. Examples include removing disks
from the system under review for review on a separate computer, booting
systems from auditor-provided start-up media in order to assure against
operating system subversion, and review of external information fed into and
generated by the system under review.
Complexity: It can be quite difficult to attain a high degree of assurance
against all hardware and software subversion, particularly in the cases of
storage media and deliberately corrupted hardware devices.
fc@red.a.net