published in 1983, the Department of Defense Trusted Computer System
Evaluation Criteria, (DOD-5200.28-STD) known as the Orange Book
is the de facto standard for computer security today.
The Orange Book, and others in the
Rainbow Series, are still the benchmark for systems produced almost two
decades later, and Orange Book classifications such as C2 provide a shorthand
for the base level security features of modern operating systems.
Actual copies of the Orange Book
are notoriously difficult to obtain for anyone not working for the US Government,
which makes understanding the security ratings difficult. The actual Orange
Book itself is a long, repetitive documents that can baffle casual observers.
This site will help you to understand this sometimes difficult topic.