The Orange Book, part of the DoD’s rainbow series, the Trusted Computer System Evaluation Criteria was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information. It has been superseded by the Common Criteria.

It outlines the following objectives:

• Policy
• Accountability
• Assurance
• Documentation

Policy defines the Mandatory Security Policy and the Discretionary Security Policy. Accountability defines identification, authentication, and auditing. Assurance defines Operational, Life-Cycle, and Continuous Protection Assurance. Documentation defines Security Features User’s Guide, Trusted Facility Manual, Test Documentation and Design Documentation.

The Orange Book defines four divisions of security: A, B, C, and D with A having the highest level of security. Each division may contain sub-divisions, such as B1, B2, and B3.

• A – Verified Protection
1. A1 – Verified Design
• B – Mandatory Protection
1. B1 – Labeled Security Protection
2. B2 – Structured Protection
3. B3 – Security Domains
• C – Discretionary Protection
1. C1 – Discretionary Security Protection
2. C2 – Controlled Access Protection
• D – Minimal Protection