Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?

A.
Division D

B.
Division C

C.
Division B

D.
Division A

Explanation:
The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which
was used to evaluate operating systems, applications, and different products. These evaluation criteria are
published in a book known as the Orange Book.
TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:
A:
Verified protection
B:
Mandatory protection
C:
Discretionary protection
D:
Minimal protection
Classification A represents the highest level of assurance, and D represents the lowest level of assurance.
Division D: Minimal Protection: There is only one class in Division D. It is reserved for systems that have
been evaluated but fail to meet the criteria and requirements of the higher divisions.
Incorrect Answers:
B: Level C is defined as discretionary protection, not minimal protection.
C: Level B is defined as mandatory protection, not minimal protection.
D: Level A is defined as verified protection, not mandatory minimal.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392, 395