Which of the following Orange Book ratings represents the highest level of trust?
A.
B1
B.
B2
C.
F6
D.
C2
Explanation:
The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which
was used to evaluate operating systems, applications, and different products. These evaluation criteria are
published in a book known as the Orange Book.
TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:
A:
Verified protection
B:
Mandatory protection
C:
Discretionary protection
D:
Minimal security
Classification A represents the highest level of assurance, and D represents the lowest level of assurance.
Each division can have one or more numbered classes with a corresponding set of requirements that must be
met for a system to achieve that particular rating. The classes with higher numbers offer a greater degree of
trust and assurance. So B2 would offer more assurance than B1, and C2 would offer more assurance than C1.
Incorrect Answers:
A: B1 has a lower level of trust than B2.
C: F6 is not a valid rating.
D: Division C has a lower level of trust than division B.
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393