Orange Book

Computing Dictionary

Orange Book definition

security, standard
A standard from the US Government National Computer Security Council (an arm of the U.S. National Security Agency), "Trusted Computer System Evaluation Criteria, DOD standard 5200.28-STD, December 1985" which defines criteria for trusted computer products. There are four levels, A, B, C, and D. Each level adds more features and requirements.
D is a non-secure system.
C1 requires user log-on, but allows group ID.
C2 requires individual log-on with password and an audit mechanism. (Most Unix implementations are roughly C1, and can be upgraded to about C2 without excessive pain).
Levels B and A provide mandatory control. Access is based on standard Department of Defense clearances.
B1 requires DOD clearance levels.
B2 guarantees the path between the user and the security system and provides assurances that the system can be tested and clearances cannot be downgraded.
B3 requires that the system is characterised by a mathematical model that must be viable.
A1 requires a system characterized by a mathematical model that can be proven.
See also crayola books, book titles.
[Jargon File]
(1997-01-09)
The Free On-line Dictionary of Computing, © Denis Howe 2010 http://foldoc.org
Cite This Source
Explore Dictionary.com
Previous Definition: orange blossom
Next Definition: orange burg
Words Near: Orange Book
More from Thesaurus.com
Synonyms and Antonyms for Orange Book
More from Reference.com
Search for articles containing Orange Book
More from Dictionary.com Translator
Dictionary.com Word FAQs

Dictionary.com presents 366 FAQs, incorporating some of the frequently asked questions from the past with newer queries.

Copyright © 2014 Dictionary.com, LLC. All rights reserved.
  • Please Login or Sign Up to use the Recent Searches feature