Evaluation criteria provide a standard for quantifying the security of a computer system or network. These criteria include the Trusted Computer System Evaluation Criteria (TCSEC), Trusted Network Interpretation (TNI), European Information Technology Security Evaluation Criteria (ITSEC), and the Common Criteria.
Trusted Computer System Evaluation Criteria (TCSEC)
The Trusted Computer System Evaluation Criteria (TCSEC), commonly known as the Orange Book, is part of the Rainbow Series developed for the U.S. DoD by the National Computer Security Center (NCSC) in 1983. (The current issue was published in 1985.) It’s the formal implementation of the Bell-LaPadula model. The evaluation criteria were developed to achieve the following objectives:
Measurement: Provides a metric for assessing comparative levels of trust between different computer systems.
Guidance: Identifies standard security requirements that vendors must build into systems to achieve a given trust level.
Acquisition: Provides customers a standard for specifying acquisition requirements and identifying systems that meet those requirements.
The four basic control requirements identified in the Orange Book ...