from
Jargon File (4.4.4, 14 Aug 2003)
Orange Book
n.
The U.S. Government's (now obsolete) standards document Trusted
Computer System Evaluation Criteria, DOD standard 5200.28-STD,
December, 1985 which characterize secure computing architectures and
defines levels A1 (most secure) through D (least). Modern Unixes are
roughly C2. See also {book titles}.
from
The Free On-line Dictionary of Computing (8 July 2008)
Orange Book
A1 security
B1 security
B2 security
B3 security
C1 security
C2 security
<security, standard> A standard from the US Government
{National Computer Security Council} (an arm of the
U.S. National Security Agency), "Trusted Computer System
Evaluation Criteria, DOD standard 5200.28-STD, December 1985"
which defines criteria for trusted computer products. There
are four levels, A, B, C, and D. Each level adds more
features and requirements.
D is a non-secure system.
C1 requires user log-on, but allows {group ID}.
C2 requires individual log-on with password and an audit
mechanism. (Most {Unix} implementations are roughly C1, and
can be upgraded to about C2 without excessive pain).
Levels B and A provide mandatory control. Access is based on
standard Department of Defense clearances.
B1 requires DOD clearance levels.
B2 guarantees the path between the user and the security
system and provides assurances that the system can be tested
and clearances cannot be downgraded.
B3 requires that the system is characterised by a mathematical
model that must be viable.
A1 requires a system characterized by a mathematical model
that can be proven.
See also {crayola books}, {book titles}.
[{Jargon File}]
(1997-01-09)