orange book

2 definitions found

orange book - Free On-line Dictionary of Computing (26 May 2007) :

  Orange Book
  A1 security
  B1 security
  B2 security
  B3 security
  C1 security
  C2 security
  
     <security, standard> A standard from the US Government
     National Computer Security Council (an arm of the
     U.S. National Security Agency), "Trusted Computer System
     Evaluation Criteria, DOD standard 5200.28-STD, December 1985"
     which defines criteria for trusted computer products.  There
     are four levels, A, B, C, and D.  Each level adds more
     features and requirements.
  
     D is a non-secure system.
  
     C1 requires user log-on, but allows group ID.
  
     C2 requires individual log-on with password and an audit
     mechanism.  (Most Unix implementations are roughly C1, and
     can be upgraded to about C2 without excessive pain).
  
     Levels B and A provide mandatory control.  Access is based on
     standard Department of Defense clearances.
  
     B1 requires DOD clearance levels.
  
     B2 guarantees the path between the user and the security
     system and provides assurances that the system can be tested
     and clearances cannot be downgraded.
  
     B3 requires that the system is characterised by a mathematical
     model that must be viable.
  
     A1 requires a system characterized by a mathematical model
     that can be proven.
  
     See also crayola books, book titles.
  
     [Jargon File]
  
     (1997-01-09)
  

orange book - Jargon File (4.4.4, 14 Aug 2003) :

  Orange Book
   n.
  
     The U.S. Government's (now obsolete) standards document Trusted
     Computer System Evaluation Criteria, DOD standard 5200.28-STD,
     December, 1985 which characterize secure computing architectures and
     defines levels A1 (most secure) through D (least). Modern Unixes are
     roughly C2. See also book titles.