Which standard defines the International Standard for the Common
Criteria?
A.
CSC-STD-002-85
B.
IS15408
C.
BS7799
D.
DoD 5200.28-STD
Explanation:
ISO/IEC 15408-1 is the International Standards version of the
Common CriteriA. The ISO approved and published the CC text as
the new International Standard (IS) 15408 on December 1, 19994. As
of this writing the Common Criteria version is 2.1.
Answer b is the Code of Practice for Information Security
Management (BS7799) developed by the British Standards Institute.
The BS7799 standard effectively comes in two parts:
ISO/IEC 17799:2000 (Part 1) is the standard code of practice and
can be regarded as a comprehensive catalogue of recommendedsecurity policy.
BS7799-2:1999 (Part 2) is a standard specification for an
Information Security Management System (ISMS). An ISMS is the
means by which Senior Management monitors and controls their
security, minimizing the residual business risk and ensuring that
security continues to fulfill corporate, customer, and legal
requirements.5
*Answer DoD 5200.28-STD is the Orange Book, the DoD Trusted Computer System
Evaluation Criteria.
*Answer CSC-STD-002-85 is the Green Book, the DoD Password Management
Guidelines.
Source: The Common Criteria Project.