How can something be erratic and consitent at the same time?

The correct answer is B2 - this would satisfy the stipulated requirement. B2 includes Covert Channels(just storage); B3 CC Timing D – Minimal protection[edit] Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division C – Discretionary protection[edit] C1 – Discretionary Security Protection Identification and authentication Separation of users and data Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis Required System Documentation and user manuals C2 – Controlled Access Protection More finely grained DAC Individual accountability through login procedures Audit trails Object reuse Resource isolation An example of such as system is HP-UX B – Mandatory protection[edit] B1 – Labeled Security Protection Informal statement of the security policy model Data sensitivity labels Mandatory Access Control (MAC) over selected subjects and objects Label exportation capabilities Some discovered flaws must be removed or otherwise mitigated (Not Sure) Design specifications and verification B2 – Structured Protection Security policy model clearly defined and formally documented DAC and MAC enforcement extended to all subjects and objects Covert storage channels are analyzed for occurrence and bandwidth Carefully structured into protection-critical and non-protection-critical elements Design and implementation enable more comprehensive testing and review Authentication mechanisms are strengthened Trusted facility management is provided with administrator and operator segregation Strict configuration management controls are imposed Operator and Administrator roles are separated. An example of such as system was Multics B3 – Security Domains Satisfies reference monitor requirements Structured to exclude code not essential to security policy enforcement Significant system engineering directed toward minimizing complexity Security administrator role defined Audit security-relevant events Automated imminent intrusion detection, notification, and response Trusted path to the TCB for the user authentication function Trusted system recovery procedures Covert timing channels are analyzed for occurrence and bandwidth An example of such a system is the XTS-300, a precursor to the XTS-400 A – Verified protection[edit] A1 – Verified Design Functionally identical to B3 Formal design and verification techniques including a formal top-level specification Formal management and distribution procedures Examples of A1-class systems are Honeywell's SCOMP, Aesec's GEMSOS, and Boeing's SNS Server. Two that were unevaluated were the production LOCK platform and the cancelled DEC VAX Security Kernel. Beyond A1 System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted Computing Base (TCB). Security Testing automatically generates test-case from the formal top-level specification or formal lower-level specifications. Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible. Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel.