Trusted Computer System Evaluation Criteria

TCSEC ( Trusted Computer System Evaluation Criteria, generally referred to as the Orange Book ), was given out by the U.S. government standard for the evaluation and certification of the security of computer systems.

1983 published by the Department of Defense ( DoD) Computer Security Center (CSC ) their first assessment criteria (English: evaluation criteria ). The work was called the Department of Defense Trusted Computer System Evaluation Criteria. Two years later the book after a few small changes to the DoD TCSEC standard (DoD 5200.28 -STD ) was. TCSEC was used mainly in the USA, in Canada since 1989 CTCPEC was widespread. In West Germany, France and Great Britain are first developed around 1989 own criteria, for example the ITSK. 1990 led Germany, France, the Netherlands and the UK a common standard that the Information Technology Security Evaluation Criteria (ITSEC ). All of these standards have been merged in 1996 in a new, international standard, Common Criteria.

Content

TCSEC categorizes the security of computer systems in a hierarchical system with four main stages: in A, B, C and D.

Most Unix systems satisfy C1, but can be no effort configure it so that C2 is also satisfied.