Systems Security Certified Practitioner – SSCP – Question0351

Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating ?

A.
Security administrators
B. Operators
C. Data owners
D. Data custodians

Correct Answer: A

Explanation:

Security administrator functions include user-oriented activities such as setting user clearances, setting initial password, setting other security characteristics for new users or changing security profiles for existing users. Data owners have the ultimate responsibility for protecting data, thus determining proper user access rights to data. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.