At what Trusted Computer Security Evaluation Criteria (TCSEC) or Information Technology Security
Evaluation Criteria (ITSEC) security level are database elements FIRST required to have security
labels?

A.
A1/E6

B.
B1/E3

C.
B2/E4

D.
C2/E2

Explanation:
“B1: Labeled Security
Each data object must contain a classification label and each subject must have a clearance label.
When a subject attempts to access an object, the system must compare the subject and object’s
security labels to ensure the requested actions are acceptable. Data leaving the system must also

contain an accurate security label. The security policy is based on an informal statement and the
design specifications are reviewed and verified. It is intended for environments that require systems
to handle classified data.”
” pg. 224-226 Shon Harris: All-In-One CISSP Certification Exam Guide