exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam

Exam CSSLP topic 2 question 26 discussion

Actual exam question from ISC's CSSLP
Question #: 26
Topic #: 2
[All CSSLP Questions]

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

  • A. FITSAF
  • B. FIPS
  • C. TCSEC
  • D. SSAA
Show Suggested Answer Hide Answer
Suggested Answer: Rainbow Series publications. Answer: D is incorrect. System Security Authorization Agreement (SSAA) is an information security document used in the United 🗳️
Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information. It was replaced with the development of the
Common Criteria international standard originally published in 2005. The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD
States Department of Defense (DoD) to describe and accredit networks and systems. The SSAA is part of the Department of Defense Information Technology
Security Certification and Accreditation Process, or DITSCAP (superseded by DIACAP). The DoD instruction (issues in December 1997, that describes DITSCAP and provides an outline for the SSAA document is DODI 5200.40. The DITSCAP application manual (DoD 8510.1- M), published in July 2000, provides additional of information systems. It provides an approach for federal agencies. It determines how federal agencies are meeting existing policy and establish goals. The main advantage of FITSAF is that it addresses the requirements of Office of Management and Budget (OMB). It also addresses the guidelines provided by the National developed by the United States federal government for use by all non-military government agencies and by government contractors. Many FIPS standards are modified versions of standards used in the wider community (ANSI, IEEE, ISO, etc.). Some FIPS standards were originally developed by the U.S. government. For instance, standards for encoding data (e.g., country codes), but more significantly some encryption standards, such as the Data Encryption Standard (FIPS 46-3) and the Advanced Encryption Standard (FIPS 197). In 1994, NOAA (Noaa) began broadcasting coded signals called FIPS (Federal Information Processing
System) codes along with their standard weather broadcasts from local stations. These codes identify the type of emergency and the specific geographic area
(such as a county) affected by the emergency.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
74gjd_37
5 months, 2 weeks ago
Selected Answer: C
The correct answer is C. TCSEC (Trusted Computer System Evaluation Criteria) is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. FITSAF (Federal IT Security Assessment Framework), FIPS (Federal Information Processing Standards), and SSAA (System Security Authorization Agreement) are all related to information security but do not specifically address assessment of security controls in computer systems.
upvoted 1 times
74gjd_37
5 months, 2 weeks ago
Trusted Computer System Evaluation Criteria (TCSEC) is a US Department of Defense computer security standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC establishes four primary levels, from lowest to highest: D, C, B, and A. These levels are based on increasing assurance criteria such as accountability, integrity, confidentiality and auditability. Knowledge of TCSEC is essential in understanding how to evaluate the trustworthiness of different categories of systems with varying degrees of security needs for organizations. It also provides insight into government policies related specifically to information systems relating primarily to access control models used for administration. The evaluation process established by TCSEC can serve as a framework used internally in risk assessments or certification and accreditation processes under various regulatory regimes like FedRAMP (Federal Risk Authorization Management Program).
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago