PrepAway - Latest Free Exam Questions & Answers

Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is inc

Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria
(TCSEC) is incorrect?

PrepAway - Latest Free Exam Questions & Answers

A.
With TCSEC, functionality and assurance are evaluated separately.

B.
TCSEC provides a means to evaluate the trustworthiness of an information system.

C.
The Orange book does not cover networks and communications.

D.
Data base management systems are not covered by the TCSEC.

Explanation:
TCSEC does not separate functionality and assurance from evaluation. It makes them a combined
criteria. Just to remember, The Trusted Computer System Evaluation Criteria (TCSEC) is a collection
of criteria used to grade or rate the security offered by a computer system product. The TCSEC is
sometimes referred to as “the Orange Book” because of its orange cover (Orange Book deals with
networks and communications). The current version is dated 1985 (DOD 5200.28-STD, Library
No.S225,711) The TCSEC, its interpretations and guidelines all have different color covers, and are
sometimes known as the “Rainbow Series”. Database management is also covered in TCSEC. The
Orange Book is used to evaluate whether a product contains the security properties the vendor
claims it does and whether the product is appropriate for a specific application or function. The
Orange Book is used to review the functionality, effectiveness, and assurance of a product during its
evaluation, and it uses classes that were devised to address typical patterns of security
requirements. – Shon Harris, “CISSP All-in-One Exam Guide”, 3rd Ed, p 302.


Leave a Reply