security policies II Flashcards
___ is documentation that details the security requirements that are specific to certain customer needs
Protection Profile (PP)
the four mode used in protection profile are
dedicated security
system high
compartmentalized
multilevel secure
_____ mode requires all users to have formal, need-to-know clearance to access information which exists within a system
dedicated security
____ mode requires that the system and peripheral are classified and protected to the level of classification assigned to the most highly classified object which resides on the system
system high
____ mode requires users to meet certain security criteria and have a predetermined access level and a valid need to know some portion of the information on the system.
compartmentalized
__________ is the only mode that allows for multiple levels of classified data to reside within the same system.
Multilevel Secure
________ are descriptions of the measures taken during development and evaluation of the product to assure compliance with the claimed security functionality.
security assurance requirements (SAR)
_________ is the organization that accredits testing laboratories.
designated approval authority (DAA)
________ is the numerical rating describing the depth and rigor of an evaluation.
•Evaluation Assurance Level (EAL) is
____ is a product that was not tested or did not meet the evaluation criteria for any other level
EAL 0
_______ focuses on security during the design and development of the product, and requires examination of the low-level design of specific modules
EAL 4
__________ requires independently-verified white box testing and careful design that minimizes complexity.
EAL 7
________ deploys rigorous engineering practices with some specialized security practices during the development
EAL 5
________ requires an independent examination of the development process and product to ensure that it was designed and produced using sound development practices
EAL 3
______ evaluates the product against its own documentation and typically does not require cooperation from the product developer.
EAL 1
_______ requires some cooperation from the developer for assurance testing
EAL 2
_______ ensures that the system meets all the security and performance requirements specified for the system
acceptance
________ is the technical evaluation of security mechanisms in a system and their conformance to the desired security standard.
certification
_______ is management’s acceptance of the product’s overall security certification as tested by the third party testing entity.
accreditation
________ describes the use of evidence in several stages, including collection, use in court, and eventual return to the owner
evidence life cycle
To ensure that evidence is admissible in court, you must be able to provide
chain of custody
_____ evidence includes original, authentic objects.
best
_______ evidence is information that supports another fact or detail.
corroborative
_________ evidence is obtained from a source other than personal, firsthand knowledge
hearsay
