"Common Criteria" OR "Orange Book (TCSEC)".

s2008s2008 Banned Posts: 38 ■■□□□□□□□□
Since the Orange Book has been superseded by the "Common Criteria", should I focus on it and memorizing the divisions and classes (A1, B, ..., etc), or shall I focus on the Common Criteria only.


  • JDMurrayJDMurray Admin Posts: 12,875 Admin
    Superseded or not, the Orange Book is still on the CISSP exam, so you should memorize it.
  • burnewebburneweb Member Posts: 12 ■□□□□□□□□□
    I don't know about other recent CISSP exam takers, but I sat on June 12th and I don't recall seeing any specific Orange book questions. I'd recommend knowing your EAL ratings and that ITSEC breaks out functionality and assurance ratings while TCSEC lumps them together.

    Know which rating provides highest security for each; A1 for TCSEC and F10/E6 for ITSEC

    For Common Criteria just know the terms associated with it such as EAL ratings, Target of Evaluation (TOE), Protection profiles, etc... EAL7 is most secure (but nobody has ever achieved this rating in the real world, as far as I know)

    Just my 2 cents :)
  • gladiatorkevgladiatorkev Member Posts: 11 ■□□□□□□□□□
    Both are important.. I would advice focus on both...
Sign In or Register to comment.