Which of the following ensures that a TCB is designed, developed, and maintained with formally controlled
standards that enforces protection at each stage in the system’s life cycle?

A.
Life cycle assurance

B.
Operational assurance

C.
Covert timing assurance

D.
Covert storage assurance

Explanation:
The Orange Book defines two types of assurance — operational assurance and life cycle assurance.
Life cycle assurance ensures that a TCB is designed, developed, and maintained with formally controlled
standards that enforces protection at each stage in the system’s life cycle. Configuration management, which
carefully monitors and protects all changes to a system’s resources, is a type of life cycle assurance.
The life cycle assurance requirements specified in the Orange Book are as follows:
Security testing
Design specification and testing
Configuration management
Trusted distribution
Incorrect Answers:
B: Operational assurance focuses on the basic features and architecture of a system. An example of an
operational assurance would be a feature that separates a security-sensitive code from a user code in a
system’s memory. Operational assurance is not what is described in the question.
C: Covert timing assurance is not one of the two defined types of assurance.
D: Covert storage assurance is not one of the two defined types of assurance.

Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams,
2nd Edition, Wiley Publishing, Indianapolis, 2004, pp. 305-306