Which statement is accurate about trusted facility management?
A.
The TCB shall support separate operator and administrator functions
for B2 systems and above.
B.
The role of a security administrator shall be identified and auditable
in B2 systems and above.
C.
The TCB shall support separate operator and administrator functions
for C2 systems and above.
D.
The role of a security administrator shall be identified and auditable
in C2 systems and above.
Explanation:
Trusted Facility Management has two different requirements, one
for B2 systems and another for B3 systems. The B2 requirements state:
the TCB shall support separate operator and administrator functions.
The B3 requirements are as follows: The functions performed in the
role of a security administrator shall be identifieD. System administrative
personnel shall only be able to perform security administrator
functions after taking a distinct auditable action to assume the security
administrator role on the system. Non-security functions that can
be performed in the security administration role shall be limited
strictly to those essential to performing the security role effectively.6
Source: NCSC-TG-O15, Guide To Understanding Trusted Facility
Management [Brown Book].