TCSEC

Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information.

The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. Initially issued in 1983 by the National Computer Security Center (NCSC), an arm of the National Security Agency, and then updated in 1985. TCSEC was replaced by the Common Criteria international standard originally published in 2005.

The Orange Book or DoDD 5200.28-STD was canceled by DoDD 8500.1 on October 24, 2002. DoDD 8500.1 reissued as DoDI 8500.02 on March 14, 2014.

The security policy must be explicit, well-defined and enforced by the computer system. There are three basic security policies:

Individual accountability regardless of policy must be enforced. A secure means must exist to ensure the access of an authorized and competent agent which can then evaluate the accountability information within a reasonable amount of time and without undue difficulty. There are three requirements under the accountability objective:

The computer system must contain hardware/software mechanisms that can be independently evaluated to provide sufficient assurance that the system enforces the above requirements. By extension, assurance must include a guarantee that the trusted portion of the system works only as intended. To accomplish these objectives, two types of assurance are needed with their respective elements:

Within each class there is additional documentation set which addresses the development, deployment and management of the system rather than its capabilities. This documentation includes:

...
Wikipedia