ISC2 Exam ISSMP Topic 1 Question 48 Discussion

A D-rated system of the Orange book has no security controls. This category is reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division (A, B, and C).

Trusted Computer System Evaluation Criteria (TCSEC), frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. It is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information. It was replaced with the development of the Common Criteria international standard originally published in 2005.

Answer option D is incorrect. An A-rated system is the highest security division.

Answer option B is incorrect. A C-rated system provides discretionary protection of the trusted computing base (TCB).