Rainbow Series

From Wikipedia, the free encyclopedia

For the compact disc standards series, see Rainbow Books.

The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria.

The books have nicknames based on the color of its cover. For example, the Trusted Computer System Evaluation Criteria was referred to as "The Orange Book"

They were originally published by the US Departement of Defense Computer Security Center, and then by the National Computer Security Center.

[edit] Most Significant Rainbow Series Books

NIST Rainbow Series
Document Title Date Color
5200.28-STD DoD Trusted Computer System Evaluation Criteria 15 Aug 1983 Orange Book.
CSC-STD-002-85 DoD Password Management Guideline 12 Apr 1985 Green Book.
CSC-STS-003-85 Guidance for applying TCSEC in Specific Environments 25 Jun 1985 Yellow Book.
NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems 1 Jun 1988 Tan Book.
NCSC-TG-002 Trusted Product Security Evaluation Program 22 Jun 1990 Bright Blue Book.
NCSC-TG-003 Discretionary Access Control in Trusted Systems 30 Sep 1987 Neon Orange Book
NCSC-TG-004 Glossary of Computer Security Terms 21 Oct 1988 Aqua Book
NCSC-TG-005 Trusted Network Interpretation 31 Jul 1987 Red Book
NCSC-TG-006 Configuration Management in Trusted Systems 28 Mar 1988 Amber Book
NCSC-TG-007 A Guide to Understanding Design Documentation in Trusted Systems. 6 Oct 1988 Burgundy Book
NCSC-TG-008 A Guide to Understanding Trusted Distribution in Trusted Systems. 15 Dec 1988 Dark Lavender Book
NCSC-TG-009 Computer Security Subsystem Interpretation of the TCSEC. 16 Sep 1988 Venice Blue Book
NCSC-TG-010 A Guide to Understanding Security Modeling in Trusted Systems October 1992 Aqua Book
NCSC-TG-011 Trusted Network Interpretation Environments Guideline (TNI) 1 August 1990 Red Book
NCSC-TG-013 V2 RAMP Program Document 1 March 1995 Pink Book
NCSC-TG-014 Guidelines for Formal Verification Systems. 1 Apr 1989 Purple Book
NCSC-TG-015 Guide to Understanding Trusted Facility Management. 18 Oct 1989 Brown Book
NCSC-TG-016 Guidelines for Writing Trusted Facility Manuals October 1992 Yellow-Green Book
NCSC-TG-017 Identification and Authentication in Trusted Systems September 1991 Light Blue Book
NCSC-TG-018 Object Reuse in Trusted Systems' July 1992 Light Blue Book
NCSC-TG-019 Trusted Product Evaluation Questionnaire. 2 May 1992 Blue Book
NCSC-TG-020 Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the UNIX® System 7 July 1989 (Silver Book)
NCSC-TG-021 Trusted Database Management System Interpretation of the TCSEC (TDI) April 1991 (Purple Book)
NCSC-TG-022 Trusted Recovery in Trusted Systems 30 December 1991 (Yellow Book)
NCSC-TG-023 Security Testing and Test Documentation in Trusted Systems Bright Orange Book
NCSC-TG-024 Vol. 1/4 Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements December 1992 (Purple Book)
NCSC-TG-024 Vol. 2/4 Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work 30 June 1993 (Purple Book)
NCSC-TG-024 Vol. 3/4 Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description 28 February 1994 (Purple Book)
NCSC-TG-024 Vol. 4/4 Procurement of Trusted Systems: How to Evaluate a Bidder's Proposal Document Publication TBA Purple Book
NCSC-TG-025 Guide to Understanding Data Remanence in Automated Information Systems. September 1991 Forest Green Book
NCSC-TG-026 Writing the Security Features User's Guide for Trusted Systems September 1991 (Hot Peach Book)
NCSC-TG-027 Information System Security Officer Responsibilities for Automated Information Systems May 1992 (Turquoise Book)
NCSC-TG-028 Assessing Controlled Access Protection 25 May 1992 (Violet Book)
NCSC-TG-029 Certification and Accreditation Concepts January 1994 (Blue Book)
NCSC-TG-030 Covert Channel Analysis of Trusted Systems November 1993 Light Pink Book

[edit] In Pop Culture

The movie Hackers contained a reference to the Rainbow Books that showed Dade naming off a series of books, one of them being the Red Book from this series.

[edit] External links