LLMpediaThe first transparent, open encyclopedia generated by LLMs

Trusted Computer System Evaluation Criteria

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Butler Lampson Hop 3
Expansion Funnel Raw 37 → Dedup 25 → NER 8 → Enqueued 8
1. Extracted37
2. After dedup25 (None)
3. After NER8 (None)
Rejected: 17 (not NE: 17)
4. Enqueued8 (None)
Trusted Computer System Evaluation Criteria
TitleTrusted Computer System Evaluation Criteria
Other nameTCSEC, Orange Book
StatusSuperseded
First published1983
Latest version1985
OrganizationUnited States Department of Defense
CommitteeNational Computer Security Center
Related standardsRainbow Series
DomainComputer security

Trusted Computer System Evaluation Criteria. The Trusted Computer System Evaluation Criteria, commonly known as the Orange Book, was a seminal United States Government standard for assessing the security of computer systems. Established by the National Computer Security Center, a branch of the National Security Agency, it provided a framework for manufacturers to build and for government agencies to procure systems with verifiable security features. Its rigorous classification system profoundly influenced the development of secure operating systems and subsequent international security standards.

Overview

The TCSEC standard was created to provide a consistent benchmark for evaluating the effectiveness of security controls built into computer systems handling classified or sensitive information. It focused primarily on the confidentiality of data within systems used by the United States Department of Defense and other federal agencies. The criteria addressed fundamental security principles such as discretionary access control, mandatory access control, and rigorous auditing mechanisms. Its publication was a cornerstone of the larger Rainbow Series, a set of manuals covering various aspects of computer security policy and guidance.

History and development

The development of the TCSEC was driven by the increasing reliance on computer systems within the United States Armed Forces and intelligence community during the 1970s and 1980s. Key foundational work included the Anderson Report, a study commissioned by the United States Air Force that outlined requirements for secure computer systems. This effort was formalized under the auspices of the National Computer Security Center, which published the first version of the TCSEC in 1983. A significant revision followed in 1985, which refined the evaluation classes and remained the definitive version, influencing procurement decisions across the Pentagon and allied governments like the United Kingdom and Canada.

Evaluation classes and divisions

The TCSEC defined a hierarchical set of evaluation classes, grouped into four major divisions based on the level of trust assurance provided. Division D, the lowest, contained only one class for systems that failed to meet higher requirements. Division C provided for discretionary protection, with classes like C1 and the more stringent C2, which required audit capabilities. Division B mandated mandatory security policy enforcement, encompassing classes B1, B2, and B3, with increasing robustness against penetration. The highest division, A, was reserved for systems verified using formal methods, with A1 being the pinnacle; a beyond-A1 class was conceptualized but never formally defined. Each successive class incorporated all requirements of the lower classes.

Criteria and requirements

The criteria were organized around several core requirements that systems had to meet for a given class. These included detailed specifications for security policy models, often based on the Bell–LaPadula model, and stringent standards for accountability through audit trails. The concept of trusted computing base was central, defining the totality of hardware and software components responsible for enforcing security. Higher evaluation classes demanded increasingly rigorous security testing, design specification and verification, and mechanisms for covert channel analysis. The evaluation process itself was conducted by NCSC-authorized evaluators, with successful systems appearing on the Evaluated Products List.

Impact and legacy

The TCSEC had a profound and lasting impact on the field of computer security, setting the first widely adopted benchmark for secure system design. It directly influenced the development of secure operating systems such as Honeywell's SCOMP and Gemini Computers's GEMSOS. Its structure inspired other national criteria, including the Information Technology Security Evaluation Criteria in Europe and the Canadian Trusted Computer Product Evaluation Criteria. Ultimately, it was superseded by the international Common Criteria framework in the 1990s, which adopted a more flexible approach. The Orange Book's emphasis on graded assurance levels and evaluation methodologies remains a foundational concept in cybersecurity standards and government procurement policies worldwide.

Category:Computer security standards Category:United States Department of Defense Category:Computer security evaluation