Trusted Computer System Evaluation Criteria

This is an old revision of this page, as edited by 217.168.172.202 (talk) at 14:20, 7 September 2002 (superceded -> superseded). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

TCSEC (Trusted Computer System Evaluation Criteria; commonly called the "Orange Book"), is a standard for computer security that was issued by the US government. It was used in the United States and Canada, while Europe and several other parts of the world used the competing ITSEC standard. Both standards have now been superseded by the Common Criteria.

TCSEC was issued by the United States Government National Computer Security Council (an arm of the U.S. National Security Agency) as "Trusted Computer System Evaluation Criteria, DOD standard 5200.28-STD, December 1985".

TCSEC defines criteria for trusted computer products. There are four levels, A, B, C, and D. Each level adds more features and requirements:

  • D is a non-secure system.
  • C1 requires user log-on, but allows group ID.
  • C2 requires individual log-on with password and an audit mechanism. (Most Unix implementations are roughly C1, and can be upgraded to about C2 without excessive pain).

Levels B and A provide mandatory control. Access is based on standard Department of Defense clearances:

  • B1 requires DOD clearance levels.
  • B2 guarantees the path between the user and the security system and provides assurances that the system can be tested and clearances cannot be downgraded.
  • B3 requires that the system is characterised by a mathematical model that must be viable.
  • A1 requires a system characterized by a mathematical model that can be proven.

See also:


This article (or an earlier version of it) contains material from FOLDOC, used with permission.