Formal Requirement for On-Site Hardware and Firmware Validation

C.

This is a requirement starting as low as C1 within the TCSEC rating.

The Orange book requires the following for System Integrity Hardware and/or software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB.

NOTE FROM CLEMENT: This is a question that confuses a lot of people because most people take for granted that the orange book with its associated Bell LaPadula model has nothing to do with integrity.However you have to be careful about the context in which the word integrity is being used.You can have Data Integrity and you can have System Integrity which are two completely different things.

Yes, the Orange Book does not specifically address the Integrity requirements, however it has to run on top of systems that must meet some integrity requirements.

This is part of what they call operational assurance which is defined as a level of confidence of a trusted systems architecture and implementation that enforces the systems security policy.It includes: System architecture - Covert channel analysis - System integrity - Trusted recovery - DATA INTEGRITY - Data Integrity is very different from System Integrity.When you have integrity of the data, there are three goals: 1.Prevent authorized users from making unauthorized modifications 2.Preven unauthorized users from making modifications 3.Maintaining internal and external consistancy of the data Bell LaPadula which is based on the Orange Book address does not address Integrity, it addresses only Confidentiality.

Biba address only the first goal of integrity.

Clark-Wilson addresses the three goals of integrity.

In the case of this question, there is a system integrity requirement within the TCB.As mentioned above here is an extract of the requirements:Hardware and/or software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB.

The following answers are incorrect: Security Testing.

Is incorrect because Security Testing has no set of requirements in the Orange book.

Design Verification.

Is incorrect because the Orange book's requirements for Design Verification include: A formal model of the security policy must be clearly identified and documented, including a mathematical proof that the model is consistent with its axioms and is sufficient to support the security policy.

System Architecture Specification.

Is incorrect because there are no requirements for System Architecture Specification in the Orange book.

The following reference(s) were used for this question: Trusted Computer Security Evaluation Criteria (TCSEC), DoD 5200.28-STD, page 15, 18, 25, 31, 40, 50

Harris, Shon (2012-10-25)

CISSP All-in-One Exam Guide, 6th Edition, Security Architecture and Design, Page392-397, for users with the Kindle Version see Kindle Locations 28504-28505

and DOD TCSEC - http://www.cerberussystems.com/INFOSEC/stds/d520028.htm.

The Orange Book, also known as the "Trusted Computer System Evaluation Criteria" (TCSEC), is a document that provides guidelines for evaluating the security of computer systems. It was developed by the US Department of Defense in the 1980s and has been widely adopted by government and industry for evaluating the security of computer systems.

The statement "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]" refers to the need for mechanisms to ensure the integrity of the Trusted Computing Base. The Trusted Computing Base is the portion of a computer system that is responsible for enforcing the security policy of the system. It consists of hardware, firmware, and software components that are critical to the security of the system.

The requirement for periodic validation of the Trusted Computing Base is a formal requirement for ensuring the system integrity. System integrity refers to the ability of a system to maintain its security properties over time. This includes ensuring that the system components are functioning correctly and have not been tampered with.

Therefore, the correct answer to the question is C. System Integrity. The requirement for periodic validation of the Trusted Computing Base is intended to ensure the system's integrity by verifying that the critical components of the system are operating correctly and have not been compromised. This helps to ensure that the system remains secure and can be trusted to enforce the security policy of the system.