Another name for the publication Trusted Computer Systems Evaluation Criteria (TCSEC), published by the National Computer Security Center (NCSC) of the U.S. Department of Defense.
Orange Book standards are used to evaluate the security of both stand-alone and network operating systems (NOS’s). The current version of this publication dates from 1985. The Orange Book, which was named for its orange cover, is actually a part of a series of computer system security guidelines and standards that are collectively known as the Rainbow Series.
The Orange Book provides methods of assessing the security of a specific computer system, and it offers hardware and software manufacturers guidance on how to create products that can be certified as secure by the U.S. government and military.
For example, Microsoft Windows NT Server in certain configurations complies with the C2 (Controlled Access Protection) security standards outlined in the Orange Book. C2 is applied not to operating systems but to specifically tested physical computers running those operating systems. C2 is one of a family of security designations that the Orange Book applies to computer systems, which include the following: