The Orange Book and the Rainbow Series

Why are there so many colors in the rainbow?

Response: Because there are so many product types that need to be evaluated.

The Orange Book mainly addresses government and military requirements and expectations for their computer systems. Many people within the security field have pointed out several deficiencies in the Orange Book, particularly when it is being applied to systems that are to be used in commercial areas instead of government organizations. The following list summarizes a majority of the troubling issues that security practitioners have expressed about the Orange Book:

  • It looks specifically at the operating system and not at other issues like networking, databases, and so on.

  • It focuses mainly ...

Get CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.