A security engineer is working on a large software development project. As part of the design of the project,
various stakeholder requirements were gathered and decomposed to an implementable and testable level.
Various security requirements were also documented. Organize the following security requirements into the
correct hierarchy required for an SRTM. Requirement 1: The system shall provide confidentiality for data in
transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.
Requirement 3: The system shall implement a file-level encryption scheme. Requirement 4:
The system shall provide integrity for all data at rest. Requirement 5: The system shall perform CRC checks on
all files.

A.
Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5

B.
Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4

C.
Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3:
Requirement 3 under 2

D.
Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5