rainbow series - Everything2.com

Rainbow Series Library

from the NIST page (http://csrc.nist.gov/publications/): The rainbow series is a library of about 37 documents that address specific areas of computer security. Each of the documents is a different color, which is how they became to be refereed to as the Rainbow Series. The primary document of the set is the Trusted Computer System Evaluation Criteria (5200.28-STD, Orange Book), dated December 26, 1985. This document defines the seven different levels of trust that a product can achieve under the Trusted Product Evaluation Program (TPEP) within NSA. Some of the titles include, Password Management, Audit, Discretionary Access Control, Trusted Network Interpretation, Configuration Management, Identification and Authentication, Object Reuse and Covert Channels. A new International criteria for system and product evaluation called the International Common Criteria (ICCC) has been developed for product evaluations. The TCSEC has been largely superceded by the International Common Criteria, but is still used for products that require a higher level of assurance in specific operational environments. Most of the rainbow series documents are available on-line. 5200.28-STD - DoD Trusted Computer System Evaluation Criteria, 26 December 1985 (Supercedes CSC-STD-001-83, dtd 15 Aug 83). (Orange Book) CSC-STD-002-85 - DoD Password Management Guideline, 12 April 1985. (Green Book) CSC-STD-003-85 - Computer Security Requirements -- Guidance for Applying the DoD TCSEC in Specific Environments, 25 June 1985 (Light Yellow Book) CSC-STD-004-85 - Technical Rational Behind CSC-STD-003-85: Computer Security Requirements -- Guidance for Applying the DoD TCSEC in Specific Environments, 25 June 1985. (Yellow Book) NTISSAM COMPUSEC/1-87 - Advisory Memorandum on Office Automation Security Guidelines NCSC-TG-001 Ver. 2 - A Guide to Understanding Audit in Trusted Systems 1 June 1988, Version 2. (Tan Book) NCSC-TG-002 - Trusted Product Evaluations - A Guide for Vendors, 22 June 1990. (Bright Blue Book) NCSC-TG-003 - A Guide to Understanding Discretionary Access Control in Trusted Systems, 30 September 1987. (Neon Orange Book) NCSC-TG-004 - Glossary of Computer Security Terms, 21 October 1988. (Teal Green Book) (NCSC-WA-001-85 is obsolete) NCSC-TG-005 - Trusted Network Interpretation of the TCSEC (TNI), 31 July 1987. (Red Book) NCSC-TG-006 - A Guide to Understanding Configuration Management in Trusted Systems, 28 March 1988. (Amber Book) NCSC-TG-007 - A Guide to Understanding Design Documentation in Trusted Systems, 6 October 1988. (Burgundy Book) NCSC-TG-008 - A Guide to Understanding Trusted Distribution in Trusted Systems 15 December 1988. (Dark Lavender Book) NCSC-TG-009 - Computer Security Subsystem Interpretation of the TCSEC 16 September 1988. (Venice Blue Book) NCSC-TG-010 - A Guide to Understanding Security Modeling in Trusted Systems, October 1992. (Aqua Book) NCSC-TG-011 - Trusted Network Interpretation Environments Guideline - Guidance for Applying the TNI, 1 August 1990. (Red Book) NCSC-TG-013 Ver.2 - RAMP Program Document, 1 March 1995, Version 2 (Pink Book) NCSC-TG-014 - Guidelines for Formal Verification Systems, 1 April 1989. (Purple Book) NCSC-TG-015 - A Guide to Understanding Trusted Facility Management, 18 October 1989 (Brown Book) NCSC-TG-016 - Guidelines for Writing Trusted Facility Manuals, October 1992. (Yellow-Green Book) NCSC-TG-017 - A Guide to Understanding Identification and Authentication in Trusted Systems, September 1991. (Light Blue Book) NCSC-TG-018 - A Guide to Understanding Object Reuse in Trusted Systems, July 1992. (Light Blue Book) NCSC-TG-019 Ver. 2 - Trusted Product Evaluation Questionaire, 2 May 1992, Version 2. (Blue Book) NCSC-TG-020-A - Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the UNIX System, 7 July 1989. (Silver Book) NCSC-TG-021 - Trusted Database Management System Interpretation of the TCSEC (TDI), April 1991. (Purple Book) NCSC-TG-022 - A Guide to Understanding Trusted Recovery in Trusted Systems, 30 December 1991. (Yellow Book) NCSC-TG-023 - A Guide to Understanding Security Testing and Test Documentation in Trusted Systems (Bright Orange Book) NCSC-TG-024 Vol. 1/4 - A Guide to Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements, December 1992. (Purple Book) NCSC-TG-024 Vol. 2/4 - A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work - An Aid to Procurement Initiators, 30 June 1993. (Purple Book) NCSC-TG-024 Vol. 3/4 - A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial, 28 February 1994. (Purple Book) NCSC-TG-024 Vol. 4/4 - A Guide to Procurement of Trusted Systems: How to Evaluate a Bidder's Proposal Document - An Aid to Procurement Initiators and Contractors (Purple Book) (publication TBA) NCSC-TG-025 Ver. 2 - A Guide to Understanding Data Remanence in Automated Information Systems, September 1991, Version 2, (Supercedes CSC-STD-005-85). (Forest Green Book) NCSC-TG-026 - A Guide to Writing the Security Features User's Guide for Trusted Systems, September 1991. (Hot Peach Book) NCSC-TG-027 - A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems, May 1992. (Turquoise Book) NCSC-TG-028 - Assessing Controlled Access Protection, 25 May 1992. (Violet Book) NCSC-TG-029 - Introduction to Certification and Accreditation Concepts, January 1994. (Blue Book) NCSC-TG-030 - A Guide to Understanding Covert Channel Analysis of Trusted Systems, November 1993. (Light Pink Book)

Other NCSC Publications:

C1 Technical Report 001 - Technical Report, Computer Viruses: Prevention, Detection, and Treatment, 12 March 1990

C Technical Report 79-91 - Technical Report, Integrity in Automated Information Systems, September 1991.

C Technical Report 32-92 - The Design and Evaluation of INFOSEC systems: The Computer Security Contribution to the Composition Discussion, June 1992.

C Technical Report 111-91 - Integrity-Oriented Control Objectives: Proposed Revisions to the TCSEC, October 1991.

NCSC Technical Report 002 - Use of the TCSEC for Complex, Evolving, Mulitpolicy Systems

NCSC Technical Report 003 - Turning Multiple Evaluated Products Into Trusted Systems

NCSC Technical Report 004 - A Guide to Procurement of Single Connected Systems - Language for RFP Specifications and Statements of Work - An Aid to Procurement Initiators - Includes Complex, Evolving, and Multipolicy Systems

NCSC Technical Report 005 Volume 1/5 - Inference and Aggregation Issues In Secure Database Management Systems

NCSC Technical Report 005 Volume 2/5 - Entity and Referential Integrity Issues In Multilevel Secure Database Management

NCSC Technical Report 005 Volume 3/5 - Polyinstantiation Issues In Multilevel Secure Database Management Systems

NCSC Technical Report 005 Volume 4/5 - Auditing Issues In Secure Database Management Systems

NCSC Technical Report 005 Volume 5/5 - Discretionary Access Control Issues In High Assurance Secure Database Management Systems

Random	rain dance	Red Book	Orange Book
Out for a rep	Blue Book	bright	crayola books
The Garden	green	Burgundy	lavender
Neon	forest	questionnaire	brown
book titles	Amber	hot	TCSEC
ICC	Dream Log: August 2, 2000	the book of clean white pages, a poem of self absorption	The History of the CIA World Factbook