Which TCSEC level is labeled Controlled Access Protection?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
C2 is labeled Controlled Access Protection.
The TCSEC defines four divisions: D, C, B and A where division A has the highest security.
Each division represents a significant difference in the trust an individual or organization can place on the evaluated system.
Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and A1
Each division and class expands or modifies as indicated the requirements of the immediately prior division or class.
DMinimal protection - Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division CDiscretionary protection - C1Discretionary Security Protection Identification and authentication Separation of users and data - Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis Required System Documentation and user manuals C2Controlled Access Protection More finely grained DAC - Individual accountability through login procedures Audit trails - Object reuse - Resource isolation - BMandatory protection - B1Labeled Security Protection - Informal statement of the security policy model Data sensitivity labels - Mandatory Access Control (MAC) over selected subjects and objects Label exportation capabilities - All discovered flaws must be removed or otherwise mitigated Design specifications and verification B2Structured Protection - Security policy model clearly defined and formally documented DAC and MAC enforcement extended to all subjects and objects Covert storage channels are analyzed for occurrence and bandwidth Carefully structured into protection-critical and non-protection-critical elements Design and implementation enable more comprehensive testing and review Authentication mechanisms are strengthened Trusted facility management is provided with administrator and operator segregation Strict configuration management controls are imposed B3Security Domains - Satisfies reference monitor requirements Structured to exclude code not essential to security policy enforcement Significant system engineering directed toward minimizing complexity Security administrator role defined Audit security-relevant events - Automated imminent intrusion detection, notification, and response Trusted system recovery procedures Covert timing channels are analyzed for occurrence and bandwidth An example of such a system is the XTS-300, a precursor to the XTS-400 AVerified protection - A1Verified Design - Functionally identical to B3 - Formal design and verification techniques including a formal top-level specification Formal management and distribution procedures An example of such a system is Honeywell's Secure Communications Processor SCOMP, a precursor to the XTS-400 Beyond A1 - System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted Computing Base (TCB)
Security Testing automatically generates test-case from the formal top-level specification or formal lower-level specifications.
Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible.
Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel.
The following are incorrect answers: C1 is Discretionary security - C3 does not exists, it is only a detractor B1 is called Labeled Security Protection.
Reference(s) used for this question: HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999
and AIOv4 Security Architecture and Design (pages 357 - 361) AIOv5 Security Architecture and Design (pages 358 - 362)
The Trusted Computer System Evaluation Criteria (TCSEC), commonly referred to as the Orange Book, is a United States Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. It defines several levels of security, with each level building upon the previous one.
Controlled Access Protection (CAP) is a level of security that is defined in the TCSEC. It is intended for systems that require protection against unauthorized access to individual data items or programs, but do not require as high a level of security as systems that protect entire databases or systems.
The TCSEC level that is labeled as Controlled Access Protection is C2. The C2 level provides a higher level of security than the C1 level and includes requirements such as:
In summary, the TCSEC level labeled Controlled Access Protection is C2, which provides a higher level of security than the C1 level and includes mechanisms for mandatory access control, auditing, and formal security policy models.