Evaluation, Certification, and Accreditation Models Flashcards

1
Q

What are the 4 evaluation models?

A

TCSEC (Orange Book) Trusted Computer System Evaluation Criteria
TNI (Red Book) Trusted Network Interpretation
ITSEC Information Technology Security Evaluation Criteria
Common Criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain TCSEC

A
Trusted Computer System Evaluation Criteria
Orange Book
Four Divisions: 
A: Verified Protection
B: Mandatory Protection
C: Discretionary Protection
D: Minimal Protection
Domains may have classes below them
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain TNI

A

Trusted Network Interpretation

Red Book

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain ITSEC

A

Information Technology Security Evaluation Criteria
Separates functionality and assurance
Two types of assurance: Effectiveness and Correctness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain Common Criteria

A

Used to evaluate the security of IT Products.

Uses 7 evaluation Levels: EAL1-EAL7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly