An abstract from “Trusted Computer System Evaluation Criteria”, the “Orange Book”

Published by Juan Mosso on

The trusted computer system evaluation criteria defined in this document classify systems into four broad hierarchical divisions of enhanced security protection. They provide a basis for the evaluation of effectiveness of security controls built into automatic data processing system products. The criteria were developed with three objectives in mind: (a) to provide users with a yardstick with which to assess the degree of trust that can be placed in computer systems for the secure processing of classified or other sensitive information; (b) to provide guidance to manufacturers as to what to build into their new, widely-available trusted commercial products in order to satisfy trust requirements for sensitive applications; and (c) to provide a basis for specifying security requirements in acquisition specifications.

Two types of requirements are delineated for secure processing: (a) specific security feature requirements and (b) assurance requirements. Some of the latter requirements enable evaluation personnel to determine if the required features are present and functioning as intended. The scope of these criteria is to be applied to the set of components comprising a trusted system, and is not necessarily to be applied to each system component individually. Hence, some components of a system may be completely untrusted, while others may be individually evaluated to a lower or higher evaluation class than the trusted product considered as a whole system. In trusted products at the high end of the range, the strength of the reference monitor is such that most of the components can be completely untrusted. Though the criteria are intended to be application-independent, the specific security feature requirements may have to be interpreted when applying the criteria to specific systems with their own functional requirements, applications or special environments (e.g., communications processors, process control computers, and embedded systems in general). The underlying assurance requirements can be applied across the entire spectrum of ADP system or application processing environments without special interpretation. 

References

Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DoD 5200.28-STD (1983, 1985).

https://csrc.nist.gov/CSRC/media/Publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/early-cs-papers-1970-1985.pdf

Related papers

Department of Defense, Password Management Guideline, CSC-STD-002-85, National Computer Security Center, Ft. Meade, MD 20755 (Apr. 1985). Also known as the “Green Book.”

Department of Defense, Computer Security Requirements — Guidance for Applying the DoD TCSEC in Specific Environments, CSC-STD-003-85, National Computer Security Center, Ft. Meade, MD 20755 (June 1985). Also known as the “Light Yellow Book.”

Department of Defense, Technical Rational Behind CSC-STD-003-85: Computer Security Requirements — Guidance for Applying the DoD TCSEC in Specific Environments, CSC-STD-004-85, National Computer Security Center, Ft. Meade, MD 20755 (June 1985). Also known as the “Yellow Book.”

Department of Defense, A Guide to Understanding Audit in Trusted Systems, Version 2, NCSC-TG-001 Ver. 2, National Computer Security Center, Ft. Meade, MD 20755 (June 1988). Also known as the “Tan Book.”

Department of Defense, Trusted Product Evaluations – A Guide for Vendors, NCSC-TG-002, National Computer Security Center, Ft. Meade, MD 20755 (June 1990). Also known as the “Bright Blue Book.”

Department of Defense, A Guide to Understanding Discretionary Access Control in Trusted Systems, NCSC-TG-003, National Computer Security Center, Ft. Meade, MD 20755 (Sep. 1987). Also known as the “Neon Orange Book.”

Department of Defense, Glossary of Computer Security Terms, NCSC-TG-004, National Computer Security Center, Ft. Meade, MD 20755 (Oct. 1988). Also known as the “Teal Green Book.”

Department of Defense, Trusted Network Interpretation of the TCSEC (TNI), NCSC-TG-005, National Computer Security Center, Ft. Meade, MD 20755 (July 1987). Also known as the “Red Book.”

Department of Defense, A Guide to Understanding Configuration Management in Trusted Systems, NCSC-TG-006, National Computer Security Center, Ft. Meade, MD 20755 (Mar. 1988). Also known as the “Amber Book.”

Department of Defense, A Guide to Understanding Design Documentation in Trusted Systems, NCSC-TG-007, National Computer Security Center, Ft. Meade, MD 20755 (Oct. 1988). Also known as the “Burgundy Book.”

Department of Defense, A Guide to Understanding Trusted Distribution in Trusted Systems, NCSC-TG-008, National Computer Security Center, Ft. Meade, MD 20755 (Dec. 1988). Also known as the “Dark Lavender Book.”

Department of Defense, Computer Security Subsystem Interpretation of the TCSEC, NCSC-TG-009, National Computer Security Center, Ft. Meade, MD 20755 (Sep. 1988). Also known as the “Venice Blue Book.”

Department of Defense, A Guide to Understanding Security Modeling in Trusted Systems, NCSC-TG-010, National Computer Security Center, Ft. Meade, MD 20755 (Oct. 1992). Also known as the “Aqua Book.”

Department of Defense, Trusted Network Interpretation Environments Guideline – Guidance for Applying the TNI, NCSC-TG-011, National Computer Security Center, Ft. Meade, MD 20755 (Aug. 1990). Also known as the “Red Book.”

Department of Defense, RAMP Program Document, Version 2, NCSC-TG-013 Ver. 2, National Computer Security Center, Ft. Meade, MD 20755 (Mar. 1995). Also known as the “Pink Book.”

Department of Defense, Guidelines for Formal Verification Systems, NCSC-TG014, National Computer Security Center, Ft. Meade, MD 20755 (Apr. 1989). Also known as the “Purple Book.”

Department of Defense, A Guide to Understanding Trusted Facility Management, NCSC-TG-015, National Computer Security Center, Ft. Meade, MD 20755 (Oct. 1989). Also known as the “Brown Book.”

Department of Defense, Guidelines for Writing Trusted Facility Manuals, NCSC-TG-016, National Computer Security Center, Ft. Meade, MD 20755 (Oct. 1989). Also known as the “Yellow-Green Book.”

Department of Defense, A Guide to Understanding Identification and Authentication in Trusted Systems, NCSC-TG-017, National Computer Security Center, Ft. Meade, MD 20755 (Sep. 1991). Also known as the “Light Blue Book.”

Department of Defense, A Guide to Understanding Object Reuse in Trusted Systems, NCSC-TG-018, National Computer Security Center, Ft. Meade, MD 20755 (July 1992). Also known as the “Light Blue Book.”

Department of Defense, Trusted Product Evaluation Questionnaire, Version 2, NCSC-TG-019 Ver. 2, National Computer Security Center, Ft. Meade, MD 20755 (May 1992). Also known as the “Blue Book.”

Department of Defense, Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the UNIX® System, NCSC-TG-020- A, National Computer Security Center, Ft. Meade, MD 20755 (July 1989). Also known as the “Silver Book.”

Department of Defense, Trusted Database Management System Interpretation of the TCSEC (TDI), NCSC-TG-021, National Computer Security Center, Ft. Meade, MD 20755 (Apr. 1991). Also known as the “Purple Book.”

Department of Defense, A Guide to Understanding Trusted Recovery in Trusted Systems, NCSC-TG-022, National Computer Security Center, Ft. Meade, MD 20755 (Dec. 1991). Also known as the “Yellow Book.”

Department of Defense, A Guide to Understanding Security Testing and Test Documentation in Trusted Systems, NCSC-TG-023, National Computer Security Center, Ft. Meade, MD 20755 (Dec. 1991). Also known as the “Bright Orange Book.”

Department of Defense, A Guide to Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements, Volume 1, NCSC-TG-024 Vol. 1, National Computer Security Center, Ft. Meade, MD 20755 (Dec. 1992). Also known as the “Purple Book.”

Department of Defense, A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work – An Aid to Procurement Initiators, Volume 2, NCSC-TG-024 Vol. 2, National Computer Security Center, Ft. Meade, MD 20755 (June 1993). Also known as the “Purple Book.”

Department of Defense, A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial, Volume 3, NCSC-TG-024 Vol. 3, National Computer Security Center, Ft. Meade, MD 20755 (Feb. 1994). Also known as the “Purple Book.”

Department of Defense, A Guide to Understanding Data Remanence in Automated Information Systems, Version 2, NCSC-TG-025 Ver. 2, National Computer Security Center, Ft. Meade, MD 20755 (Sep. 1991). Also known as the “Forest Green Book.”

Department of Defense, A Guide to Writing the Security Features User’s Guide for Trusted Systems, NCSC-TG-026, National Computer Security Center, Ft. Meade, MD 20755 (Sep. 1991). Also known as the “Hot Peach Book.”

Department of Defense, A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems, NCSC-TG-027, National Computer Security Center, Ft. Meade, MD 20755 (May 1992). Also known as the “Turquoise Book.”

Department of Defense, Assessing Controlled Access Protection, NCSC-TG028, National Computer Security Center, Ft. Meade, MD 20755 (May 1992). Also known as the “Violet Book.”

Department of Defense, Introduction to Certification and Accreditation Concepts, NCSC-TG-029, National Computer Security Center, Ft. Meade, MD 20755 (Jan. 1994). Also known as the “Blue Book.”

Department of Defense, A Guide to Understanding Covert Channel Analysis of Trusted Systems, NCSC-TG-030, National Computer Security Center, Ft. Meade, MD 20755 (Nov. 1993). Also known as the “Light Pink Book.”