Which set of standards allows users to specify security functional and assurance requirements in a system, including Evaluation Assurance Levels (EALs)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the CompTIA SecurityX Test. Equip yourself with comprehensive flashcards and multiple choice questions that include hints and explanations. Gear up for your certification exam!

Multiple Choice

Which set of standards allows users to specify security functional and assurance requirements in a system, including Evaluation Assurance Levels (EALs)?

Explanation:
Common Criteria provides a formal way to specify both what security functions a system must have and how confidently those functions are implemented, using Evaluation Assurance Levels (EALs) to express the depth of the evaluation. It does this through Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs), plus structures like Protection Profiles and Security Targets. When a product or system is evaluated, it receives an EAL rating that indicates how thoroughly design, testing, and in some cases formal methods were applied to verify its security properties. This international framework (ISO/IEC 15408) is precisely about defining and validating security capabilities with a transparent assurance level. Other options don’t fit this combination. CSA STAR centers on cloud security trust and risk assessments, not a standardized, EAL-based evaluation of products. The NIST Cybersecurity Framework is a broad risk-management framework, not a formal product-level assurance scheme. COPPA is a privacy regulation focused on protecting children's data, not security evaluations.

Common Criteria provides a formal way to specify both what security functions a system must have and how confidently those functions are implemented, using Evaluation Assurance Levels (EALs) to express the depth of the evaluation. It does this through Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs), plus structures like Protection Profiles and Security Targets. When a product or system is evaluated, it receives an EAL rating that indicates how thoroughly design, testing, and in some cases formal methods were applied to verify its security properties. This international framework (ISO/IEC 15408) is precisely about defining and validating security capabilities with a transparent assurance level.

Other options don’t fit this combination. CSA STAR centers on cloud security trust and risk assessments, not a standardized, EAL-based evaluation of products. The NIST Cybersecurity Framework is a broad risk-management framework, not a formal product-level assurance scheme. COPPA is a privacy regulation focused on protecting children's data, not security evaluations.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy