Evaluation Criteria

Question 1

Orange Book

Answer 1

DoD Trusted Computer System Evaluation Criteria

Question 2

Green Book

Answer 2

DoD Password Management Guidelines

Question 3

Yellow Book

Answer 3

Guidance for Applying TCSEC in Specific Environments

Question 4

Tan Book

Answer 4

A Guide to Understanding Audit in Trusted Systems

Question 5

Bright Blue Book

Answer 5

Trusted Product Evaluation: A Guide for Vendors

Question 6

Light Blue Book

Answer 6

PC Security Considerations

Question 7

Neon Orange Book

Answer 7

A Guide to Understanding Discretionary Access Controls in Trusted Systems

Question 8

Aqua Book

Answer 8

Glossary of Computer Security Terms

Question 9

Red Book

Answer 9

Trusted Network Interpretation

Question 10

Amber Book

Answer 10

A Guide to Understanding Configuration Management in Trusted Systems

Question 11

Burgundy Book

Answer 11

A Guide to Understanding Design Documentation in Trusted Systems

Question 12

Lavender Book

Answer 12

A Guide to Understanding Trusted Distribution in Trusted Systems

Question 13

Venice Blue Book

Answer 13

Computer Security Subsystem Interpretation of the TCSEC

Question 14

C1

Answer 14

Discretionary Protection

Question 15

C2

Answer 15

Controlled Access Protection

Question 16

B1

Answer 16

Labeled Security

Question 17

B2

Answer 17

Structured Protection

Question 18

B3

Answer 18

Security Domains

Question 19

A1

Answer 19

Verified Protection

Question 20

Category A

Answer 20

Verified protection. The highest level of security.

Question 21

Category B

Answer 21

Mandatory protection.

Question 22

Category C

Answer 22

Discretionary protection.

Question 23

Category D

Answer 23

Minimal protection. Reserved for systems that have been evaluated but do not meet requirements to belong to any other category.

Question 24

EAL1

Answer 24

Functionally tested. Applies when some confidence in correct operation is required but where threats to security are not serious. This is of value when independent assurance that due care has been exercised in protecting personal information is necessary.

Question 25

EAL2

Answer 25

Structurally tested. Applies when delivery of design information and test results are in keeping with good commercial practices. This is of value when developers or users require low to moderate levels of independently assured security. IT is especially relevant when evaluating legacy systems.

Question 26

EAL3

Answer 26

Methodically tested and checked. Applies when security engineering begins at the design stage and is carried through without substantial subsequent alteration. This is of value when developers or users require a moderate level of independently assured security, including thorough investigation of TOE and its development.

Question 27

EAL4

Answer 27

Methodically designed, tested, and reviewed. Applies when rigorous, positive security engineering and good commercial development practices are used. This does not require substantial specialist knowledge, skills, or resources. It involves independent testing of all TOE security functions.

Question 28

EAL5

Answer 28

Semi-formally designed and tested. Uses rigorous security engineering and commercial development practices, including specialist security engineering techniques, for semi-formal testing. This applies when developers or users require a high level of independently assured security in a planned development approach, followed by rigorous development.

Question 29

EAL6

Answer 29

Semi-formally verified, designed, and tested. Uses direct, rigorous security engineering techniques at all phases of design, development, and testing to produce a premium TOE. This applies when TOEs for high-risk situations are needed, where the value of protected assets justifies additional cost. Extensive testing reduces risks of penetration, probability of cover channels, and vulnerability to attack.

Question 30

EAL7

Answer 30

Formally verified, designed, and tested. Used only for highest-risk situations or where high-value assets are involved. This is limited to TOEs where tightly focused security functionality is subject to extensive formal analysis and testing.