The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels?

A.
C1 and above.

B.
C2 and above.

C.
B1 and above.

D.
B2 and above.

Explanation:
The Orange Book provides a classification system that is divided into hierarchical divisions of assurance levels:
A:
Verified protection
B:
Mandatory protection
C:
Discretionary protection
D:
Minimal security
Classification A represents the highest level of assurance, and D represents the lowest level of assurance.
Each division can have one or more numbered classes with a corresponding set of requirements that must be
met for a system to achieve that particular rating. The classes with higher numbers offer a greater degree of
trust and assurance. So B2 would offer more assurance than B1, and C2 would offer more assurance than C1.
Each division and class incorporates the requirements of the ones below it. This means that C2 must meet its
criteria requirements and all of C1’s requirements, and B3 has its requirements to fulfill along with those of C1,
C2, B1, and B2.
C2: Controlled Access Protection Users need to be identified individually to provide more precise access
control and auditing functionality. Logical access control mechanisms are used to enforce authentication and
the uniqueness of each individual’s identification. Security-relevant events are audited, and these records must
be protected from unauthorized modification.
Incorrect Answers:
A: Auditing mechanisms are not required for systems at C1 level.
C: Auditing mechanisms are at C2 level which is lower than B1.
D: Auditing mechanisms are at C2 level which is lower than B2.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-395