TCSEC vs CC in CISSP 2015 test / concepts?

coffeeisgood

ok, the tech migration from TCSEC to CC is real but what about questions on the CISSP?

I keep hearing over & over again you need to understand the "concepts" but CCCure test bank still has some TCSEC security rating questions... (orange book "B2" no covert channels, etc) ....

Is TCSEC still a thing in CISSP 2015 test? or can we focus more/solely now on CC?

gespenstern

I've asked a couple of folks who passed since April 2015 and they said there were no TCSEC levels (classes), but there were CC levels. I passed ISSAP after April 2015 which also has this domain and there were CC EALs, no TCSEC levels. Concepts from rainbow series, such as what security kernel is and how it works, security domains, reference monitor, access control types (discretionary, mandatory, etc), security labels, trusted computing overall etc should still be there because it's relevant. Only evaluation classes are irrelevant.

Considering amount of efforts one would spend on memorizing TCSEC levels I'd say it's not worth it anymore. CCCure has a lot of outdated stuff such as DES, S-HTTP, all types of phreaking and other telephone crap, clipper chip and stuff like that in their question bank. I believe that this is no longer relevant or you can get a question or two out of 250 and it's not worth it anymore to know this outdated tech.

coffeeisgood

TCSEC levels, phreaking, clipper chip etc is still all in the new "official" Sybex 7th edition study guide...

I do not see CCCure removing them from their test bank if they are still there.

I will focus on CC but still...

sigh...

sidenote: while I am very nervous for this exam, it surprises me how much I know just from experience... only to get slapped down in a certain area / domain where I am like what??? back to the grind... I will PASS!