Announcement

Collapse
No announcement yet.

Rainbow books

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rainbow books

    those anybody know if reading the rainbow book series can be useful in any way?... or that information is too old?
    I think, therefore i exist.

  • #2
    why do people keep saying that?

    The simplest answer is:
    "if you think they are too old, what has replaced them?"

    ref: http://www.radium.ncsc.mil/tpep/library/rainbow/

    background: http://csrc.nist.gov/publications/
    Rainbow Series
    The rainbow series is a library of about 37 documents that address specific areas of computer security. Each of the documents is a different color, which is how they became to be refereed to as the Rainbow Series. The primary document of the set is the Trusted Computer System Evaluation Criteria (5200.28-STD, Orange Book), dated December 26, 1985. This document defines the seven different levels of trust that a product can achieve under the Trusted Product Evaluation Program (TPEP) within NSA. Some of the titles include, Password Management, Audit, Discretionary Access Control, Trusted Network Interpretation, Configuration Management, Identification and Authentication, Object Reuse and Covert Channels. A new International criteria for system and product evaluation called the International Common Criteria (ICCC) has been developed for product evaluations. The TCSEC has been largely superceded by the International Common Criteria, but is still used for products that require a higher level of assurance in specific operational environments. Most of the rainbow series documents are available on-line.

    Comment

    Working...
    X