The Orange Book states that “Hardware and software features shall be provided that can be used to
periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted
Computing Base].” This statement is the formal requirement for:
A.
Security Testing.
B.
Design Verification.
C.
System Integrity.
D.
System Architecture Specification.
Explanation:
Orange Book Pages 15 states:
2.1.3.1.2 System Integrity:
Hardware and/or software features shall be provided that can be used to periodically validate the correct
operation of the on-site hardware and firmware elements of the TCB.
Incorrect Answers:
A: The requirement for security testing: The security mechanisms of the ADP system shall be tested and found
to work as claimed in the system documentation. Testing shall be done to assure that there are no obvious
ways for an unauthorized user to bypass or otherwise defeat the security protection mechanisms of the TCB.
This is not what is described in the question.
B: There are five requirements defined for design verification. The statement in the question is not one of those
five requirements.
D: The statement in the question is not one of the requirements for System Architecture Specification.http://csrc.nist.gov/publications/history/dod85.pdf, pp. 15, 101