Options

"Common Criteria" OR "Orange Book (TCSEC)".

s2008s2008 Banned Posts: 38 ■■□□□□□□□□
in SSCP
Since the Orange Book has been superseded by the "Common Criteria", should I focus on it and memorizing the divisions and classes (A1, B, ..., etc), or shall I focus on the Common Criteria only.
· Share on FacebookShare on Twitter

Comments

  • Options
    JDMurrayJDMurray Admin Posts: 13,028 Admin
    Superseded or not, the Orange Book is still on the CISSP exam, so you should memorize it.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    burnewebburneweb Member Posts: 12 ■□□□□□□□□□
    I don't know about other recent CISSP exam takers, but I sat on June 12th and I don't recall seeing any specific Orange book questions. I'd recommend knowing your EAL ratings and that ITSEC breaks out functionality and assurance ratings while TCSEC lumps them together.

    Know which rating provides highest security for each; A1 for TCSEC and F10/E6 for ITSEC

    For Common Criteria just know the terms associated with it such as EAL ratings, Target of Evaluation (TOE), Protection profiles, etc... EAL7 is most secure (but nobody has ever achieved this rating in the real world, as far as I know)

    Just my 2 cents :)
    · Share on FacebookShare on Twitter
  • Options
    gladiatorkevgladiatorkev Member Posts: 11 ■□□□□□□□□□
    Both are important.. I would advice focus on both...
    · Share on FacebookShare on Twitter
Sign In or Register to comment.