Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system is the TCSEC, also known as the Orange Book.
The Trusted Computer System Evaluation Criteria (TCSEC) was developed by the United States Department of Defense (DoD) in the 1980s. The TCSEC defines a set of criteria that can be used to evaluate the security of computer systems. The evaluation process involves examining the security features of a system and assigning a rating based on the level of security that the system provides.
The TCSEC is organized into several levels, with each level representing a progressively higher level of security. The levels are:
The TCSEC has been replaced by the Common Criteria for Information Technology Security Evaluation (CC), but it remains an important reference for security professionals.
FITSAF (Federal Information Technology Security Assessment Framework) is a framework for assessing the security of federal IT systems. FIPS (Federal Information Processing Standards) are a set of standards for information processing in the federal government. SSAA (System Security Authorization Agreement) is a document that describes the security controls that are in place for a system and is used in the authorization process.