Rainbow Series
From Wikipedia, the free encyclopedia
The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.
Contents |
[edit] Objective
These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria.
The books have nicknames based on the color of its cover. For example, the Trusted Computer System Evaluation Criteria was referred to as "The Orange Book." In the book entitled Applied Cryptography, security expert Bruce Schneier states of NCSC-TG-021 that he "can't even begin to describe the color of [the] cover" and that some of the books in this series have "hideously colored covers." He then goes on to describe how to receive a copy of them, saying "Don't tell them I sent you."[1]
[edit] Most significant Rainbow Series books
| Document | Title | Date | Color |
| 5200.28-STD | DoD Trusted Computer System Evaluation Criteria | 15 Aug 1983 | Orange Book. |
| CSC-STD-002-85 | DoD Password Management Guideline | 12 Apr 1985 | Green Book. |
| CSC-STS-003-85 | Guidance for applying TCSEC in Specific Environments | 25 Jun 1985 | Yellow Book. |
| NCSC-TG-001 | A Guide to Understanding Audit in Trusted Systems | 1 Jun 1988 | Tan Book. |
| NCSC-TG-002 | Trusted Product Security Evaluation Program | 22 Jun 1990 | Bright Blue Book. |
| NCSC-TG-003 | Discretionary Access Control in Trusted Systems | 30 Sep 1987 | Neon Orange Book |
| NCSC-TG-004 | Glossary of Computer Security Terms | 21 Oct 1988 | Aqua Book |
| NCSC-TG-005 | Trusted Network Interpretation | 31 Jul 1987 | Red Book |
| NCSC-TG-006 | Configuration Management in Trusted Systems | 28 Mar 1988 | Amber Book |
| NCSC-TG-007 | A Guide to Understanding Design Documentation in Trusted Systems | 6 Oct 1988 | Burgundy Book |
| NCSC-TG-008 | A Guide to Understanding Trusted Distribution in Trusted Systems | 15 Dec 1988 | Dark Lavender Book |
| NCSC-TG-009 | Computer Security Subsystem Interpretation of the TCSEC | 16 Sep 1988 | Venice Blue Book |
| NCSC-TG-010 | A Guide to Understanding Security Modeling in Trusted Systems | October 1992 | Aqua Book |
| NCSC-TG-011 | Trusted Network Interpretation Environments Guideline (TNI) | 1 August 1990 | Red Book |
| NCSC-TG-013 V2 | RAMP Program Document | 1 March 1995 | Pink Book |
| NCSC-TG-014 | Guidelines for Formal Verification Systems | 1 Apr 1989 | Purple Book |
| NCSC-TG-015 | Guide to Understanding Trusted Facility Management | 18 Oct 1989 | Brown Book |
| NCSC-TG-016 | Guidelines for Writing Trusted Facility Manuals | October 1992 | Yellow-Green Book |
| NCSC-TG-017 | Identification and Authentication in Trusted Systems | September 1991 | Light Blue Book |
| NCSC-TG-018 | Object Reuse in Trusted Systems | July 1992 | Light Blue Book |
| NCSC-TG-019 | Trusted Product Evaluation Questionnaire | 2 May 1992 | Blue Book |
| NCSC-TG-020 | Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the UNIX System | 7 July 1989 | (Silver Book) |
| NCSC-TG-021 | Trusted Database Management System Interpretation of the TCSEC (TDI) | April 1991 | (Purple Book) |
| NCSC-TG-022 | Trusted Recovery in Trusted Systems | 30 December 1991 | (Yellow Book) |
| NCSC-TG-023 | Security Testing and Test Documentation in Trusted Systems | (Bright Orange Book) | |
| NCSC-TG-024 Vol. 1/4 | Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements | December 1992 | (Purple Book) |
| NCSC-TG-024 Vol. 2/4 | Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work | 30 June 1993 | (Purple Book) |
| NCSC-TG-024 Vol. 3/4 | Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description | 28 February 1994 | (Purple Book) |
| NCSC-TG-024 Vol. 4/4 | Procurement of Trusted Systems: How to Evaluate a Bidder's Proposal Document | Publication TBA | (Purple Book) |
| NCSC-TG-025 | Guide to Understanding Data Remanence in Automated Information Systems. | September 1991 | Forest Green Book |
| NCSC-TG-026 | Writing the Security Features User's Guide for Trusted Systems | September 1991 | (Hot Peach Book) |
| NCSC-TG-027 | Information System Security Officer Responsibilities for Automated Information Systems | May 1992 | (Turquoise Book) |
| NCSC-TG-028 | Assessing Controlled Access Protection | 25 May 1992 | (Violet Book) |
| NCSC-TG-029 | Certification and Accreditation Concepts | January 1994 | (Blue Book) |
| NCSC-TG-030 | Covert Channel Analysis of Trusted Systems | November 1993 | Light Pink Book |
[edit] In pop culture
The movie Hackers contained a reference to the Rainbow Books that showed Dade naming off a series of books, one of them being the Red Book from this series.
[edit] References
- ^ Schneier, Bruce (1996), Applied Cryptography (2nd ed.), New York, NY: John Wiley and Sons, ISBN 0-471-11709-9
[edit] External links
- NIST Security Publications
- Rainbow Series Library from NCSC
- Rainbow Series from Federation of American Scientists, with more explanation
