Which of the following are required for Life-Cycle Assurance?

A.
System Architecture and Design specification

B.
Security Testing and Covert Channel Analysis

C.
Security Testing and Trusted distribution

D.
Configuration Management and Trusted Facility Management

Explanation:
Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense
(DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built
into a computer system. The TCSEC was used to evaluate, classify and select computer systems being
considered for the processing, storage and retrieval of sensitive or classified information.
The computer system must contain hardware/software mechanisms that can be independently evaluated to
provide sufficient assurance that the system enforces the requirements. By extension, assurance must include
a guarantee that the trusted portion of the system works only as intended. To accomplish these objectives, two
types of assurance are needed with their respective elements:
Operational Assurance: System Architecture, System Integrity, Covert Channel Analysis, Trusted Facility
Management and Trusted Recovery
Life-cycle Assurance: Security Testing, Design Specification and Verification, Configuration Management and
Trusted System Distribution
Incorrect Answers:
A: System Architecture is not required for Life-Cycle Assurance. System Architecture is part of Operational
Assurance.
B: Covert Channel Analysis is not required for Life-Cycle Assurance. Covert Channel Analysis is part of
Operational Assurance.
D: Trusted Facility Management is not required for Life-Cycle Assurance. Trusted Facility Management is part
of Operational Assurance.

https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria