A trusted system does NOT involve which of the following?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
A trusted system is one that meets its intended security requirements.
It involves sufficiency and effectiveness, not necessarily efficiency, in enforcing a security policy.
Put succinctly, trusted systems have (1) policy, (2) mechanism, and (3) assurance.
Source: HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide, January 2002.
A trusted system is a system that is designed and implemented to enforce a security policy, and which has been evaluated and tested to ensure that it can enforce that policy correctly and securely. The security policy in question is typically one that is defined by the system's administrators or designers, and which specifies the rules and constraints that govern the system's behavior with respect to security.
Option A is incorrect because enforcement of a security policy is a necessary condition for a system to be considered trusted. In other words, a trusted system must have mechanisms in place to enforce the security policy that has been defined for it.
Option B is also incorrect because sufficiency and effectiveness of mechanisms are critical to ensuring that a system can enforce a security policy correctly and securely. The mechanisms must be capable of detecting and preventing security violations, and must be designed to operate in a way that does not compromise the system's security.
Option C is incorrect because assurance that a security policy can be enforced in an efficient and reliable manner is also a necessary condition for a system to be considered trusted. The system must be evaluated and tested to ensure that it can perform its security functions in a way that is consistent with the requirements of the security policy, and that it can do so reliably and efficiently.
Option D is the correct answer because independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective is a key requirement for a system to be considered trusted. This means that the mechanisms must be evaluated and tested by independent third parties, using well-established and widely-accepted methods and criteria, to ensure that they are capable of enforcing the security policy correctly and securely. Without such evidence, it is difficult to have confidence in a system's ability to provide the level of security that is required for it to be considered trusted.