Trusted Security Certification: SSCP Exam Answer

NCSC Developed Solution

Prev Question Next Question

Question

Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The Answer: TCSEC; The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications.

Initially issued by the National Computer Security Center (NCSC) an arm of the National Security Agency in 1983 and then updated in 1985, TCSEC was replaced with the development of the Common Criteria international standard originally published in 2005

References: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 197-199

Wikepedia - http://en.wikipedia.org/wiki/TCSEC.

The correct answer is A. TCSEC.

The Trusted Computer System Evaluation Criteria (TCSEC), also known as the Orange Book, was developed by the National Computer Security Center (NCSC) for the US Department of Defense.

The TCSEC provides a standardized method for evaluating the security features of computer systems and assigning a level of trust to them. It defines seven levels of trust, from D (minimal protection) to A1 (maximum protection). Each level is defined by a set of security requirements that a system must meet to achieve that level of trust.

The TCSEC was first published in 1983 and has since been replaced by the Common Criteria, which is a set of international standards for evaluating the security of information technology products. However, the TCSEC remains an important milestone in the history of computer security and has had a significant impact on the development of security standards and practices.

ITSEC, or Information Technology Security Evaluation Criteria, is a European standard for evaluating the security of information technology products. DIACAP and NIACAP are both accreditation processes used by the US Department of Defense to evaluate and certify the security of its information systems.