The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC) to evaluate operating systems, applications, and different other products. What is not one of the four criteria topics in the book?
Explanation
Answer: D - The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC) to evaluate operating systems, applications, and different other products have four criteria topics: security policy, accountability, assurance, and documentation. These four topics break down into seven different areas: 1) Security policy-the policy must be explicit and well defined and enforced by the mechanisms within the system. 2) Identification-individual subjects must be uniquely identified. 3) Labels-access control labels must be associated properly with objects. 4) Documentation-documentation must be provided, including test, design, and specification documents, user guides, and manuals. 5) Accountability-audit data must be captured and protected to enforce accountability. 6) Life-cycle assurance-software, hardware, and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner through their lifetimes. 7) Continuous protection-the security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
