Which of the following divisions of the Trusted Computer System Evaluation Criteria (TCSEC) is
based on the Mandatory Access Control (MAC) policy?
A.
Division A
B.
Division D
C.
Division B
D.
Division C
Explanation:
Division B of the Trusted Computer System Evaluation Criteria (TCSEC) is based on the Mandatory
Access Control (MAC) policy. Mandatory Access Control (MAC) is a model that uses a predefined set
of access privileges for an object of the system. Access to an object is restricted on the basis of the
sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the
label assigned to it. For example, if a user receives a copy of an object that is marked as “secret”, he
cannot grant permission to other users to see this object unless they have the appropriate
permission.