Ace the 2025 Certified Governance Risk & Compliance (CGRC) Challenge – Navigate the Governance Maze with Confidence!

The standard that establishes basic requirements for assessing computer security controls is TCSEC, also known as the Trusted Computer System Evaluation Criteria. TCSEC was developed by the U.S. Department of Defense and provides a framework for evaluating the effectiveness of security controls in computer systems.

It categorizes systems into different classes based on their security features and assurance measures, thus guiding organizations in assessing and selecting systems that meet their security requirements. TCSEC emphasizes the importance of a structured approach to protect sensitive information, serving as a foundational document in the field of computer security.

While FIPS (Federal Information Processing Standards) sets standards for federal computer systems, FITSAF (Federal Information Technology Security Assessment Framework) offers guidelines for security assessment within federal agencies, and SSAA (Security Systems Analysis and Assessment) is focused on the security assessment of systems, it is TCSEC that specifically defines the criteria for evaluating the effectiveness of security controls, making it the most relevant choice in this context.