(ISC)2(ISC)2
CSSLP · Question #126
CSSLP Question #126: Real Exam Question with Answer & Explanation
The correct answer is C: TCSEC. The Trusted Computer System Evaluation Criteria (TCSEC) is a historic standard that defined criteria for evaluating the security effectiveness of computer systems.
Secure Software Architecture and Design
Question
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
Options
- AFITSAF
- BFIPS
- CTCSEC
- DSSAA
Explanation
The Trusted Computer System Evaluation Criteria (TCSEC) is a historic standard that defined criteria for evaluating the security effectiveness of computer systems.
Common mistakes.
- A. FITSAF (Federal Information Technology Security Assessment Framework) is a framework related to assessment processes but not the fundamental standard for defining security control requirements and evaluation criteria like TCSEC.
- B. FIPS (Federal Information Processing Standards) are a broad set of standards published by NIST, and while some FIPS documents define security requirements (e.g., FIPS 140-2 for cryptographic modules), TCSEC is the specific historic standard for evaluating overall system security effectiveness.
- D. SSAA (System Security Accreditation Agreement) is a document that formalizes the accreditation decision within a C&A process, not a standard for assessing the effectiveness of computer security controls.
Concept tested. Computer security evaluation standards
Topics
#TCSEC#Security Standards#Trusted Computing#System Evaluation Criteria
Community Discussion
No community discussion yet for this question.