Which choice describes the Forest Green Book?
A.
It is a Rainbow series book that defines the secure handling of
storage media.
B.
It is a Rainbow series book that defines guidelines for implementing
access control lists.
C.
It does not exist; there is no Forest Green Book.
D.
It is a tool that assists vendors in data gathering for certifiers.
Explanation:
The Forest Green book is a Rainbow series book that defines the
secure handling of sensitive or classified automated information system
memory and secondary storage media, such as degaussers, magnetic
tapes, hard disks, floppy disks, and cards. The Forest Green book
details procedures for clearing, purging, declassifying, or destroying
automated information system (AIS) storage media to prevent data
remanence. Data remanence is the residual physical representation of
data that has been erased in some way. After storage media is erased
there may be some physical characteristics that allow data to be reconstructed.
* Answer “It is a tool that assists vendors in data gathering for certifiers.” is the Blue Book, NCSCTG-019 Trusted Product Evaluation Questionnaire Version-2. The Blue book is a tool to assist
system developers and vendors in gathering data to assist evaluators and certifiers assessing
trusted computer systems.
* Answer “It is a Rainbow series book that defines guidelines for implementing
access control lists.” is the Grey/Silver Book, NCSC-TG-020A, the Trusted
UNIX Working Group (TRUSIX) Rationale for Selecting Access Control.
The Grey/Silver book defines guidelines for implementing
access control lists (ACLs) in the UNIX system. Source: NCSC-TG-025 A Guide to Understanding Data Remanence in Automated Information
Systems, NCSC-TG-020A Trusted UNIX Working Group
(TRUSIX) Rationale for Selecting Access Control, and NCSC-TG-019
Trusted Product Evaluation Questionnaire Version-2.