Which of the following criteria should be met for a system to receive a C2 rating?

a. The system should be able to assign permissions to individual users rather than to groups.
b. Users should have usernames and passwords to gain access to the system.
c. Security activities should be logged including information about the date, time, and user account involved.
d. All the above.

ANS: D