What Does Trusted Computer System Evaluation Criteria Mean?
The Trusted Computer System Evaluation Criteria (TCSEC) book is a standard from the United States Department of Defense
that discusses rating security controls for a computer system. It is also
often referred to as the “orange book.” This standard was originally released
in 1983, and updated in 1985, before being replaced by a “Common Criteria”
standard in 2005.
Techopedia Explains Trusted Computer System Evaluation Criteria
The orange book standard includes four top-level categories of security – minimal security, discretionary protection, mandatory protection and verified protection. In this standard, security “begins at the lowest classes in an access control mechanism, and ends in the highest class with a mechanism that a clever and determined user cannot circumvent.”
The orange book also defines a “trusted system” and measures trusts in terms of security policies and assurance. TCSEC measures accountability according to independent verification, authentication and ordering. The TCSEC or “orange book” is part of a “rainbow series” of different manuals put out by U.S. federal government agencies, so named for their colorful printed covers.