Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
The Trusted Computer System Evaluation Criteria (TCSEC) book is a standard from the United States Department of Defense that discusses rating security controls for a computer system. It is also often referred to as the “orange book.” This standard was originally released in 1983, and updated in 1985, before being replaced by a “Common Criteria” standard in 2005.
The orange book standard includes four top-level categories of security – minimal security, discretionary protection, mandatory protection and verified protection. In this standard, security “begins at the lowest classes in an access control mechanism, and ends in the highest class with a mechanism that a clever and determined user cannot circumvent.”
The orange book also defines a “trusted system” and measures trusts in terms of security policies and assurance. TCSEC measures accountability according to independent verification, authentication and ordering. The TCSEC or “orange book” is part of a “rainbow series” of different manuals put out by U.S. federal government agencies, so named for their colorful printed covers.