Final answer:
The main difference between ITSEC and TCSEC is that ITSEC evaluates functionality and assurance separately, whereas TCSEC has more specific criteria focused on U.S. Department of Defense needs. ITSEC offers a broader scope for security evaluation across various industries.
Step-by-step explanation:
The question discusses the differences between ITSEC (Information Technology Security Evaluation Criteria) and TCSEC (Trusted Computer System Evaluation Criteria), which are frameworks used to evaluate computer security. The accurate answer to the question is that functionality and assurance are evaluated separately by ITSEC. This highlights the main point of differentiation between the two evaluations. ITSEC is known for a broader scope compared to TCSEC (also known as the Orange Book). While TCSEC is focused more narrowly on the United States Department of Defense's specified criteria, ITSEC takes a more flexible approach, allowing it to assess a wider range of security needs across different industries and countries.
Option D is incorrect because ITSEC ratings can indeed be mapped to the Orange Book, although they are different systems with their own evaluation methods. Option C is also not correct; ITSEC does evaluate services like auditing and authentication for users. Option B is a distractor, as it does not directly address the primary differences between ITSEC and TCSEC regarding the evaluation of development practices and documentation as part of system functionality.