(National Computer Security Center) The arm of the U.S. National Security Agency that defines criteria for trusted computer products, which are embodied in the Orange Book and Red Book. Published in the 1980s and 1990s and known as the Rainbow Series because of their colored covers for each topic, they have been largely superseded by the Common Criteria. See also NCSA.
Orange Book
The Orange Book contains the "Trusted Computer Systems Evaluation Criteria" (TCSEC), DOD Standard 5200.28.
Red Book (for networks)
The Red Book contains the "Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria" (NCSC-TG-005) and "Trusted Network Interpretation Environments Guideline: Guidance for Applying the Trusted Network Interpretation" (NCSC-TG-011).
Level D
Systems are rated on a scale starting from D, which is not secure, to A, which is the most secure.
Level D is a non-secure system.
Level C
Level C provides discretionary access control (DAC). The owner of the data can determine who has access to it.
C1: Requires user login, but allows group ID.
C2: Requires individual user login with
password and an audit mechanism.
Levels B and A
Levels B and A provide mandatory access control (MAC). Access is based on standard DOD clearances. Each data structure contains a sensitivity level, such as top secret, secret and unclassified, and is available only to users with that level of clearance.
B1: DOD clearance levels.
B2: Guarantees path between user and the
security system. Provides assurances
that system can be tested and clearances
cannot be downgraded.
B3: System is characterized by a mathematical
model that must be viable.
A1: System is characterized by a mathematical
model that can be proven. Highest
security. Used in military computers.
European Ratings
The European Information Technology Security Evaluation Criteria (ITSEC) is similar to TCSEC, but rates functionality (F) and effectiveness (E) separately.
Orange Book
The Orange Book contains the "Trusted Computer Systems Evaluation Criteria" (TCSEC), DOD Standard 5200.28.
Red Book (for networks)
The Red Book contains the "Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria" (NCSC-TG-005) and "Trusted Network Interpretation Environments Guideline: Guidance for Applying the Trusted Network Interpretation" (NCSC-TG-011).
Level D
Systems are rated on a scale starting from D, which is not secure, to A, which is the most secure.
Level D is a non-secure system.
Level C
Level C provides discretionary access control (DAC). The owner of the data can determine who has access to it.
C1: Requires user login, but allows group ID.
C2: Requires individual user login with
password and an audit mechanism.
Levels B and A
Levels B and A provide mandatory access control (MAC). Access is based on standard DOD clearances. Each data structure contains a sensitivity level, such as top secret, secret and unclassified, and is available only to users with that level of clearance.
B1: DOD clearance levels.
B2: Guarantees path between user and the
security system. Provides assurances
that system can be tested and clearances
cannot be downgraded.
B3: System is characterized by a mathematical
model that must be viable.
A1: System is characterized by a mathematical
model that can be proven. Highest
security. Used in military computers.
European Ratings
The European Information Technology Security Evaluation Criteria (ITSEC) is similar to TCSEC, but rates functionality (F) and effectiveness (E) separately.
Orange
Book
TCSEC ITSEC
D E0
C1 F-C1, E1
C2 F-C2, E2
B1 F-B1, E3
B2 F-B2, E4
B3 F-B3, E5
A1 F-B3, E6
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Layoffs hit Microsoft security unit
- Layoffs hit Microsoft security unitOH NO!That's the last department where they should lay people off.RE: Layoffs hit Microsoft security unitinstead of laying off people the big shot executives can cut there bonuses and other perks they are enjoying... at least that will save some jobsWindows has no security... ;)What security,...
- Discussion threads 2009-05-06
- Marcus Sachs on securing the homeland
- Prior to the Churchill Club event, "Masters of Cybercrime: The Ultimate Battle of Good and Evil," I spoke with Marcus Sachs, one of the nation's top cyberwarriors. He is currently a computer scientist at SRI International and under contract with the U.S. Department of Homeland Security DHS as deputy director...
- Blog posts 2005-06-02
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
