HOME

TheInfoList



Click Here for Items Related To - Rainbow Series
OR:
Rainbow Series on:   [Wikipedia]   [Google]   [Amazon]

The Rainbow Series (sometimes known as the Rainbow Books) is a series of
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
standards and guidelines published by the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
government in the 1980s and 1990s. They were originally published by the
U.S. Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national secur ...
Computer Security Center, and then by the
National Computer Security Center The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collectio ...
.


Objective

These standards describe a process of evaluation for
trusted system In the security engineering subspecialty of computer science, a trusted system is one that is relied upon to a specified extent to enforce a specified security policy. This is equivalent to saying that a trusted system is one whose failure would b ...
s. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their
procurement Procurement is the method of discovering and agreeing to terms and purchasing goods, Service (economics), services, or other works from an external source, often with the use of a tendering or competitive bidding process. When a government agenc ...
criteria. Many of these standards have influenced, and have been superseded by, the
Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5. Common Criteria ...
. The books have nicknames based on the color of its cover. For example, the
Trusted Computer System Evaluation Criteria Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCS ...
was referred to as "The Orange Book." In the book entitled ''Applied Cryptography'', security expert
Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...
states of NCSC-TG-021 that he "can't even begin to describe the color of hecover" and that some of the books in this series have "hideously colored covers." He then goes on to describe how to receive a copy of them, saying "Don't tell them I sent you."


Most significant Rainbow Series books


References

{{reflist


External links


Rainbow Series
from
Federation of American Scientists The Federation of American Scientists (FAS) is an American nonprofit global policy think tank with the stated intent of using science and scientific analysis to attempt to make the world more secure. FAS was founded in 1946 by scientists who wo ...
, with more explanation
Rainbow Series
from Archive of Information Assurance Computer security standards