The correct answer is Fundamental, a distracter. The first level of the Software
CMM is the Initiating level. At this level, processes are performed on
an ad hoc basis.
Answer the Repeatable level is the second maturity
level in the model. In the third level, Defined, management
practices are institutionalized and technical procedures are
integrated into the organizational structurE. The Managed level
has both product and processes quantitatively controlled.
The fifth level of the Software CMM is the Optimized level, where
continuous process improvement is institutionalized.

Internet Control Message Protocol. ICMP is used for diagnostics in the network. The Unix program, ping, uses ICMP messages to detect the status of other hosts in the net. ICMP messages can either be queries (in the case of ping) or error reports, such as when a network is unreachable. This protocol resides in layer 3 of the OSI model
(Network layer).

The General Data Protection Regulation (GDPR) is a regulation that dictates how data breaches are handled, among other data protection and privacy requirements. The GDPR applies to any organization that processes the personal data of individuals in the European Union (EU), regardless of the location of the organization.
The GDPR defines a personal data breach as "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed". The GDPR requires the organization to notify the supervisory authority of the data breach within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of the individuals. The GDPR also requires the organization to notify the affected individuals of the data breach without undue delay, if the breach is likely to result in a high risk to their rights and freedoms
. References: [CISSP CBK, Fifth Edition, Chapter 1, page 64]; [CISSP Practice Exam - FREE 20 Questions and Answers, Question 20].

TCSEC addresses confidentiality only and bundles functionality
and assurance. Thus, the other answers are incorrect. By separating
functionality and assurance as in ITSEC, one could specify fewer security functions that have a high level of assurance. This separation carried over into the Common Criteria.