First published in 1983, the Department of Defense Trusted Computer System Evaluation Criteria, (DOD-5200.28-STD) known as the Orange Book is the de facto standard for computer security today.

The Orange Book, and others in the Rainbow Series, are still the benchmark for systems produced almost two decades later, and Orange Book classifications such as C2 provide a shorthand for the base level security features of modern operating systems.

Actual copies of the Orange Book are notoriously difficult to obtain for anyone not working for the US Government, which makes understanding the security ratings difficult. The actual Orange Book itself is a long, repetitive documents that can baffle casual observers. This site will help you to understand this sometimes difficult topic.

A summary of the Orange Book

The full text of the Orange Book

A summary of the in criteria chart form.

Useful links to products and reference materials

Some Frequently Answered Questions