Rainbow Series

 5200.28-STD - DoD Trusted Computer System Evaluation Criteria, 26 December 1985 (Supercedes CSC-STD-001-83, dtd 15 Aug 83). (Orange Book)

CSC-STD-002-85 - DoD Password Management Guideline, 12 April 1985. (Green Book)

CSC-STD-003.85 - Computer Security Requirements—Guidance for Applying the DoD TCSEC in Specific Environments, 25 June 1985 (Light Yellow Book)

CSC-STD-004-85 - Technical Rational Behind CSC-STD-003-85: Computer Security Requirements—Guidance for Applying the DoD TCSEC in Specific Environments, 25 June 1985. (Yellow Book)

NTISSAM COMPUSEC/1-87 - Advisory Memorandum on Office Automation Security Guidelines

NCSC-TG-001-2 - A Guide to Understanding Audit in Trusted Systems 1 June 1988, Version 2. (Tan Book)

NCSC-TG-002 - Trusted Product Evaluations - A Guide for Vendors, 22 June 1990. (Bright Blue Book)

NCSC-TG-003 - A Guide to Understanding Discretionary Access Control in Trusted Systems, 30 September 1987. (Neon Orange Book)

NCSC-TG-004 - Glossary of Computer Security Terms, 21 October 1988. (Teal Green Book) (NCSC-WA-001-85 is obsolete)

NCSC-TG-005 - Trusted Network Interpretation of the TCSEC (TNI), 31 July 1987. (Red Book)

NCSC-TG-006 - A Guide to Understanding Configuration Management in Trusted Systems, 28 March 1988. (Amber Book)

NCSC-TG-007 - A Guide to Understanding Design Documentation in Trusted Systems, 6 October 1988. (Burgundy Book)

NCSC-TG-008 - A Guide to Understanding Trusted Distribution in Trusted Systems 15 December 1988. (Dark Lavender Book)

NCSC-TG-009 - Computer Security Subsystem Interpretation of the TCSEC 16 September 1988. (Venice Blue Book)

NCSC-TG-010 - A Guide to Understanding Security Modeling in Trusted Systems, October 1992. (Aqua Book)

NCSC-TG-011 - Trusted Network Interpretation Environments Guideline - Guidance for Applying the TNI, 1 August 1990. (Red Book)

NCSC-TG-013 Ver 2 - RAMP Program Document, 1 March 1995, Version 2 (Pink Book)

NCSC-TG-014 - Guidelines for Formal Verification Systems, 1 April 1989. (Purple Book)

NCSC-TG-015 - A Guide to Understanding Trusted Facility Management, 18 October 1989 (Brown Book)

NCSC-TG-016 - Guidelines for Writing Trusted Facility Manuals, October 1992. (Yellow-Green Book)

NCSC-TG-017 - A Guide to Understanding Identification and Authentication in Trusted Systems, September 1991. (Light Blue Book)

NCSC-TG-018 - A Guide to Understanding Object Reuse in Trusted Systems, July 1992. (Light Blue Book)

NCSC-TG-018 Ver 2 - Trusted Product Evaluation Questionaire, 2 May 1992, Version 2. (Blue Book)

NCSC-TG-020-A - Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the UNIX® System, 7 July 1989. (Silver Book)

NCSC-TG-021 - Trusted Database Management System Interpretation of the TCSEC (TDI), April 1991. (Purple Book)

NCSC-TG-022 - A Guide to Understanding Trusted Recovery in Trusted Systems, 30 December 1991. (Yellow Book)

NCSC-TG-023 - A Guide to Understanding Security Testing and Test Documentation in Trusted Systems (Bright Orange Book)

NCSC-TG-024 Vol 1/4 - A Guide to Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements, December 1992. (Purple Book)

NCSC-TG-024 Vol 2/4 - A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work - An Aid to Procurement Initiators, 30 June 1993. (Purple Book)

NCSC-TG-024 Vol 3/4 - A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial, 28 February 1994. (Purple Book)

NCSC-TG-024 Vol 4/4 - A Guide to Procurement of Trusted Systems: How to Evaluate a Bidder's Proposal Document - An Aid to Procurement Initiators and Contractors (Purple Book) (publication TBA)

NCSC-TG-25 Ver 2 - A Guide to Understanding Data Remanence in Automated Information Systems, September 1991, Version 2, (Supercedes CSC-STD-005-85). (Forest Green Book)

NCSC-TG-026 - A Guide to Writing the Security Features User's Guide for Trusted Systems, September 1991. (Hot Peach Book)

NCSC-TG-027 - A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems, May 1992. (Turquoise Book)

NCSC-TG-028 - Assessing Controlled Access Protection, 25 May 1992. (Violet Book)

NCSC-TG-029 - Introduction to Certification and Accreditation Concepts, January 1994. (Blue Book)

NCSC-TG-030 - A Guide to Understanding Covert Channel Analysis of Trusted Systems, November 1993. (Light Pink Book)

The Rainbow Series documents specify the operating system security criteria used to evaluate commercial products under the NSA's Trusted Product Evaluation Program (TPEP). It consists of the Orange Book and a set of supporting documents. Though it is an operating system criteria, it was also applied to other types of products.

TPEP was the predecessor to the Common Criteria Evaluation and Validation Scheme (CCEVS) in the United States.

These documents are deprecated, although many remain relevant to the technology of IT security.

Documents are in Adobe PDF format.


Home   Testing   Engineering   Research   About ASL   Contact Us

© Copyright 2003-10, Ashton Security Laboratories, LLC