Evaluation, Certification, and Accreditation Models Flashcards
1
Q
What are the 4 evaluation models?
A
TCSEC (Orange Book) Trusted Computer System Evaluation Criteria
TNI (Red Book) Trusted Network Interpretation
ITSEC Information Technology Security Evaluation Criteria
Common Criteria
2
Q
Explain TCSEC
A
Trusted Computer System Evaluation Criteria Orange Book Four Divisions: A: Verified Protection B: Mandatory Protection C: Discretionary Protection D: Minimal Protection Domains may have classes below them
3
Q
Explain TNI
A
Trusted Network Interpretation
Red Book
4
Q
Explain ITSEC
A
Information Technology Security Evaluation Criteria
Separates functionality and assurance
Two types of assurance: Effectiveness and Correctness
5
Q
Explain Common Criteria
A
Used to evaluate the security of IT Products.
Uses 7 evaluation Levels: EAL1-EAL7