Trusted Computer System Evaluation Criteria

What Does Trusted Computer System Evaluation Criteria Mean?

The Trusted Computer System Evaluation Criteria (TCSEC) book is a standard from the United States Department of Defense
that discusses rating security controls for a computer system. It is also
often referred to as the “orange book.” This standard was originally released
in 1983, and updated in 1985, before being replaced by a “Common Criteria”
standard in 2005.

Advertisements

Techopedia Explains Trusted Computer System Evaluation Criteria

The orange book standard includes four top-level categories of security – minimal security, discretionary protection, mandatory protection and verified protection. In this standard, security “begins at the lowest classes in an access control mechanism, and ends in the highest class with a mechanism that a clever and determined user cannot circumvent.”

The orange book also defines a “trusted system” and measures trusts in terms of security policies and assurance. TCSEC measures accountability according to independent verification, authentication and ordering. The TCSEC or “orange book” is part of a “rainbow series” of different manuals put out by U.S. federal government agencies, so named for their colorful printed covers.

Advertisements

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…