Rainbow Series
Encyclopedia
The Rainbow Series is a series of computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

 standards and guidelines published by the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...

 government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.

Objective

These standards describe a process of evaluation for trusted system
Trusted system
In the security engineering subspecialty of computer science, a trusted system is a system that is relied upon to a specified extent to enforce a specified security policy...

s. In some cases, U.S. government entities (as well as private firms) would require formal validation
Verification and Validation
In software project management, software testing, and software engineering, verification and validation is the process of checking that a software system meets specifications and that it fulfills its intended purpose...

 of computer technology using this process as part of their procurement
Procurement
Procurement is the acquisition of goods or services. It is favourable that the goods/services are appropriate and that they are procured at the best possible cost to meet the needs of the purchaser in terms of quality and quantity, time, and location...

 criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria
Common Criteria
The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification...

.

The books have nicknames based on the color of its cover. For example, the Trusted Computer System Evaluation Criteria was referred to as "The Orange Book." In the book entitled Applied Cryptography, security expert Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...

 states of NCSC-TG-021 that he "can't even begin to describe the color of [the] cover" and that some of the books in this series have "hideously colored covers." He then goes on to describe how to receive a copy of them, saying "Don't tell them I sent you."

Most significant Rainbow Series books

NIST Rainbow Series
Document Title Date Color
5200.28-STD DoD Trusted Computer System Evaluation Criteria
Trusted Computer System Evaluation Criteria
Trusted Computer System Evaluation Criteria is a United States Government Department of Defense standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system...

Orange Book
CSC-STD-002-85 DoD Password Management Guideline Green Book
CSC-STS-003-85 Guidance for applying TCSEC in Specific Environments Light Yellow Book
CSC-STS-004-85 Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements Yellow Book
NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems Tan Book
NCSC-TG-002 Trusted Product Security Evaluation Program Bright Blue Book
NCSC-TG-003 Discretionary Access Control in Trusted Systems Neon Orange Book
NCSC-TG-004 Glossary of Computer Security Terms Teal Green
NCSC-TG-005 Trusted Network Interpretation Red Book
NCSC-TG-006 Configuration Management in Trusted Systems Amber Book
NCSC-TG-007 A Guide to Understanding Design Documentation in Trusted Systems Burgundy Book
NCSC-TG-008 A Guide to Understanding Trusted Distribution in Trusted Systems Dark Lavender Book
NCSC-TG-009 Computer Security Subsystem Interpretation of the TCSEC Venice Blue Book
NCSC-TG-010 A Guide to Understanding Security Modeling in Trusted Systems Aqua Book
NCSC-TG-011 Trusted Network Interpretation Environments Guideline (TNI) Red Book
NCSC-TG-013 RAMP Program Document Pink Book
NCSC-TG-013 V2 RAMP Program Document version 2 Pink Book
NCSC-TG-014 Guidelines for Formal Verification Systems Purple Book
NCSC-TG-015 Guide to Understanding Trusted Facility Management Brown Book
NCSC-TG-016 Guidelines for Writing Trusted Facility Manuals Yellow-Green Book
NCSC-TG-017 Identification and Authentication in Trusted Systems Light Blue Book
NCSC-TG-018 Object Reuse in Trusted Systems Light Blue Book
NCSC-TG-019 Trusted Product Evaluation Questionnaire Blue Book
NCSC-TG-020 Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the UNIX System Silver Book
NCSC-TG-021 Trusted Database Management System Interpretation of the TCSEC (TDI) Purple Book
NCSC-TG-022 Trusted Recovery in Trusted Systems Yellow Book
NCSC-TG-023 Security Testing and Test Documentation in Trusted Systems Bright Orange Book
NCSC-TG-024 Vol. 1/4 Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements Purple Book
NCSC-TG-024 Vol. 2/4 Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work Purple Book
NCSC-TG-024 Vol. 3/4 Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Purple Book
NCSC-TG-024 Vol. 4/4 Procurement of Trusted Systems: How to Evaluate a Bidder's Proposal Document Publication TBA Purple Book
NCSC-TG-025 Guide to Understanding Data Remanence
Data remanence
Data remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...

 in Automated Information Systems.
Forest Green Book
NCSC-TG-026 Writing the Security Features User's Guide for Trusted Systems Hot Peach Book
NCSC-TG-027 Information System Security Officer Responsibilities for Automated Information Systems Turquoise Book
NCSC-TG-028 Assessing Controlled Access Protection Violet Book
NCSC-TG-029 Certification and Accreditation Concepts Blue Book
NCSC-TG-030 Covert Channel
Covert channel
In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy...

 Analysis of Trusted Systems
Light Pink Book

In popular culture

The 1995 movie Hackers
Hackers (film)
Hackers is a 1995 American thriller film directed by Iain Softley and starring Angelina Jolie, Jonny Lee Miller, Renoly Santiago, Matthew Lillard, Lorraine Bracco and Fisher Stevens...

 contained a reference to the Rainbow Books that showed Dade naming off a series of six books, the second of them being the Orange Book ("Computer security criteria, DoD standards") and the sixth being the Red Book ("NSA Trusted Networks. Otherwise known as the Ugly Red Book that won’t fit on a shelf") from this series. Phreak called them "those Crayola
Crayola
Crayola is a brand of artists' supplies manufactured by Crayola LLC, which was founded in 1885 as Binney & Smith. It is best known for its crayons...

 books" and Cereal replied, "Oh yeah, Technicolor
Technicolor
Technicolor is a color motion picture process invented in 1916 and improved over several decades.It was the second major process, after Britain's Kinemacolor, and the most widely used color process in Hollywood from 1922 to 1952...

 rainbow." However the other books, such as the Peter Norton
Peter Norton
Peter Norton is an American programmer, software publisher, author, and philanthropist. He is best known for the computer programs and books that bear his name. Norton sold his PC-Software business to Symantec Corporation in 1990....

 "pink shirt book", are not part of the Rainbow Series.

External links

  • Rainbow Series from Federation of American Scientists
    Federation of American Scientists
    The Federation of American Scientists is a nonpartisan, 501 organization intent on using science and scientific analysis to attempt make the world more secure. FAS was founded in 1945 by scientists who worked on the Manhattan Project to develop the first atomic bombs...

    , with more explanation
  • Rainbow Series from Archive of Information Assurance
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK