What is a standard that sets essential requirements for assessing the - ProProfs Discuss
Cancel
TopicsDown
Products Down
Follow Us:
FacebookTwitter
Advertisement

What is a standard that sets essential requirements for assessing the effectiveness of computer security controls built into a computer system? 



A. FITSAF
B. TCSEC
C. FIPS
D. SSAA

This question is part of (ISC)2 Guide to the CAP Review Questions
Asked by Coulter, Last updated: Sep 08, 2020

+ Answer
Request
Question menu
Vote up Vote down

2 Answers

BISSYOJO

BISSYOJO

BISSYOJO
BISSYOJO

Answered Jun 02, 2018

Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.

TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information. It was replaced with the development of the Common Criteria international standard originally published in 2005.

The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications.

Answer:
D is incorrect. System Security Authorization Agreement (SSAA) is an information security document used in the United States Department of Defense (DoD) to describe and accredit networks and systems.

The SSAA is part of the Department of Defense Information Technology Security Certification and Accreditation Process, or DITSCAP (superseded by DIACAP).

The DoD instruction (issues in December 1997, that describes DITSCAP and provides an outline for the SSAA document is DODI 5200.40. The DITSCAP application manual (DoD 8510.1- M), published in July 2000, provides additional details.

Answer: A is incorrect. FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. It provides an approach for federal agencies. It determines how federal agencies are meeting existing policy and establish goals. The main advantage of FITSAF is that it addresses the requirements of Office of Management and Budget (OMB). It also addresses the guidelines provided by the National Institute of Standards and Technology (NIsT).

Answer: B is incorrect. The Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use by all non-military government agencies and by government contractors. Many FIPS standards are modified versions of standards used in the wider community (ANSI, IEEE, ISO, etc.). Some FIPS standards were originally developed by the U.S. government. For instance, standards for encoding data (e.g., country codes), but more significantly some encryption standards,

such as the Data Encryption Standard (FIPS 46-3) and

the Advanced Encryption Standard (FIPS 197).

In 1994, NOAA (Noaa) began broadcasting coded signals called FIPS (Federal Information Processing System) codes along with their standard weather broadcasts from local stations. These codes identify the type of emergency and the specific geographic area (such as a county) affected by the emergency.

Directory

upvote downvote
Reply 

John Smith

John Smith

John Smith
John Smith

Answered Apr 09, 2017

TCSEC

Trusted Computer System Evaluation Criteria (TCSEC)####
upvote downvote
Reply 

Advertisement
Advertisement
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader

Email Sent
We have sent an email to your address "" with instructions to reset your password.