Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
Click on the arrows to vote for the correct answer
A. B. C. D.Rainbow Series publications.
Answer: D is incorrect.
System Security Authorization Agreement (SSAA) is an information security document used in the United.
Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information.
It was replaced with the development of the Common Criteria international standard originally published in 2005
The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD States Department of Defense (DoD) to describe and accredit networks and systems.
The SSAA is part of the Department of Defense Information Technology Security Certification and Accreditation Process, or DITSCAP (superseded by DIACAP)
The DoD instruction (issues in December 1997, that describes DITSCAP and provides an outline for the SSAA document is DODI 5200.40
The DITSCAP application manual (DoD 8510.1- M), published in July 2000, provides additional of information systems.
It provides an approach for federal agencies.
It determines how federal agencies are meeting existing policy and establish goals.
The main advantage of FITSAF is that it addresses the requirements of Office of Management and Budget (OMB)
It also addresses the guidelines provided by the National developed by the United States federal government for use by all non-military government agencies and by government contractors.
Many FIPS standards are modified versions of standards used in the wider community (ANSI, IEEE, ISO, etc.)
Some FIPS standards were originally developed by the U.S.
government.
For instance, standards for encoding data (e.g., country codes), but more significantly some encryption standards, such as the Data Encryption Standard (FIPS 46-3) and the Advanced Encryption Standard (FIPS 197)
In 1994, NOAA (Noaa) began broadcasting coded signals called FIPS (Federal Information Processing System) codes along with their standard weather broadcasts from local stations.
These codes identify the type of emergency and the specific geographic area (such as a county) affected by the emergency.
The standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system is option C, TCSEC.
TCSEC stands for Trusted Computer System Evaluation Criteria, which was a standard developed by the US Department of Defense (DoD) to evaluate the security of computer systems. It is also known as the Orange Book.
TCSEC provides a framework for evaluating the effectiveness of computer security controls built into a computer system based on four categories:
Each category represents a higher level of security than the previous one, with the A category being the most secure.
TCSEC has been widely used in the development and evaluation of computer systems by government agencies, private companies, and security organizations around the world. It provides a standardized approach for evaluating the security of computer systems and helps ensure that security controls are effective in protecting against potential threats.