TCSEC Levels Flashcards
What are the TCSEC Categories?
A: Verified protection
B: Mandatory Protection
C: Discretionary Protection
D: Minimal Protection
What is the difference between D and C1 security?
C1 controls access by user IDs and groups. There are some protocols that limit object access, but protection is weak.
What is the difference between C1 and C2 security?
Users must be individually identified to gain access to objects.
Enforces media cleansing.
Strict login procedures that restrict access to invalid or unauthorized users.
What model are Category B systems based on?
Bell-LaPadula
What requirement does B1 impose?
Every subject and object must have a security label. Sufficient for classified data.
What requirements do B2 systems impose?
No covert channels may exist.
Operator and administrator functions are separated.
Process isolation
What requirements do B3 systems impose?
Administration functions are clearly defined and separate from functions available to other users.
Secure state must be addressed during the boot process.
Sufficient for very sensitive or secret data.
What requirements do A1 systems impose?
Each phase of the development cycle is controlled using formal methods.
Verified system design.
Top secret data.
What TCSEC level is verified protection?
A1
What TCSEC category is based on Bell LaPadula?
B
At what TCSEC category does the restriction that no covert channels exist begin?
B2
At what TCSEC level does the restriction that operator and administrator fu8nctions must be separated begin?
B2
At what TCSEC level does the restriction that process isolation must occur begin?
B2
At what TCSEC level are users individually identified to gain access to objects?
C2
At what TCSEC level is media cleansing required?
C2
