Domain 3 - System Evaluation and Assurance Levels

Question 1

TCSEC

Answer 1

Trusted Computing Security Evaluation Criteria

Orange Book standard that describes the Trusted Computing Base; most of today’s security models are based on this. Considers only Confidentiality (of CIA triad)

Question 2

Red Book

Answer 2

Network Systems

Question 3

ITSEC

Answer 3

European Technology Security Eval Criteria–based on Orange Book, retired now. Considers ll of CIA

Question 4

ISO/IEC 15408

Answer 4

The Common Criteria

Question 5

Common Criteria

Answer 5

Global standard. Product evaluation criteria, resulting in EALs (Evaluation Assurance Levels)

Question 6

TOE under the Common Criteria

Answer 6

Target of Evaluation – the system that is the subject of the CC evaluation

Question 7

PP under the Common Criteria

Answer 7

Protection profile – the document that identifies security requirements for a class of security devices. Products can comply with more than one PP and customers can focus on products certified agains the PP that meet their requirements

Question 8

ST under the Common Criteria

Answer 8

Security Target – the document that identifies the security properties of the Target of Evaluation. The ST may have one or more PPs

Question 9

Certification

Answer 9

Evaluation of security and technical/non-technical features to ensure if it meets specified requirements to achieve accreditation.

Question 10

Accreditation

Answer 10

Declare that an IT system is approved to operate in predefined conditions defined as a set of safety measures at given risk level.