Rainbow Series
Center for Information Security Research and Education
Rainbow Series Library
- 5200.28-STD – DoD Trusted Computer System Evaluation Criteria, 26 December 1985 (Supercedes CSC-STD-001-83, dtd 15 Aug 83). (Orange Book)
- CSC-STD-002-85 – DoD Password Management Guideline, 12 April 1985. (Green Book)
- CSC-STD-003-85 – Computer Security Requirements — Guidance for Applying the DoD TCSEC in Specific Environments, 25 June 1985 (Light Yellow Book)
- CSC-STD-004-85 – Technical Rational Behind CSC-STD-003-85: Computer Security Requirements — Guidance for Applying the DoD TCSEC in Specific Environments, 25 June 1985. (Yellow Book)
- NTISSAM COMPUSEC/1-87 – Advisory Memorandum on Office Automation Security Guidelines
- NCSC-TG-001 Ver. 2 – A Guide to Understanding Audit in Trusted Systems 1 June 1988, Version 2. (Tan Book)
- NCSC-TG-002 – Trusted Product Evaluations – A Guide for Vendors, 22 June 1990. (Bright Blue Book) See also TPEP Procedures which superceedes parts of this document.
- NCSC-TG-003 – A Guide to Understanding Discretionary Access Control in Trusted Systems, 30 September 1987. (Neon Orange Book)
- NCSC-TG-004 – Glossary of Computer Security Terms, 21 October 1988. (Teal Green Book) (NCSC-WA-001-85 is obsolete)
- NCSC-TG-005 – Trusted Network Interpretation of the TCSEC (TNI), 31 July 1987. (Red Book)
- NCSC-TG-006 – A Guide to Understanding Configuration Management in Trusted Systems, 28 March 1988. (Amber Book)
- NCSC-TG-007 – A Guide to Understanding Design Documentation in Trusted Systems, 6 October 1988. (Burgundy Book) See also Process Guidelines for Design Documentation which may supercede parts of this document.
- NCSC-TG-008 – A Guide to Understanding Trusted Distribution in Trusted Systems 15 December 1988. (Dark Lavender Book)
- NCSC-TG-009 – Computer Security Subsystem Interpretation of the TCSEC 16 September 1988. (Venice Blue Book)
- NCSC-TG-010 – A Guide to Understanding Security Modeling in Trusted Systems, October 1992. (Aqua Book)
- NCSC-TG-011 – Trusted Network Interpretation Environments Guideline – Guidance for Applying the TNI, 1 August 1990. (Red Book)
- NCSC-TG-013 Ver.2 – RAMP Program Document, 1 March 1995, Version 2 (Pink Book)
- NCSC-TG-014 – Guidelines for Formal Verification Systems, 1 April 1989. (Purple Book)
- NCSC-TG-015 – A Guide to Understanding Trusted Facility Management, 18 October 1989 (Brown Book)
- NCSC-TG-016 – Guidelines for Writing Trusted Facility Manuals, October 1992. (Yellow-Green Book)
- NCSC-TG-017 – A Guide to Understanding Identification and Authentication in Trusted Systems, September 1991. (Light Blue Book)
- NCSC-TG-018 – A Guide to Understanding Object Reuse in Trusted Systems, July 1992. (Light Blue Book)
- NCSC-TG-019 Ver. 2 – Trusted Product Evaluation Questionaire, 2 May 1992, Version 2. (Blue Book)
- NCSC-TG-020-A – Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the UNIX® System, 7 July 1989. (Silver Book)
- NCSC-TG-021 – Trusted Database Management System Interpretation of the TCSEC (TDI), April 1991. (Purple Book)
- NCSC-TG-022 – A Guide to Understanding Trusted Recovery in Trusted Systems, 30 December 1991. (Yellow Book)
- NCSC-TG-023 – A Guide to Understanding Security Testing and Test Documentation in Trusted Systems (Bright Orange Book) See also Process Guidelines for Test Documentation which may supercede parts of this document.
- NCSC-TG-024 Vol. 1/4 – A Guide to Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements, December 1992. (Purple Book)
- NCSC-TG-024 Vol. 2/4 – A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work – An Aid to Procurement Initiators, 30 June 1993. (Purple Book)
- NCSC-TG-024 Vol. 3/4 – A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial, 28 February 1994. (Purple Book)
- NCSC-TG-024 Vol. 4/4 – A Guide to Procurement of Trusted Systems: How to Evaluate a Bidder’s Proposal Document – An Aid to Procurement Initiators and Contractors (Purple Book) (publication TBA)
- NCSC-TG-025 Ver. 2 – A Guide to Understanding Data Remanence in Automated Information Systems, September 1991, Version 2, (Supercedes CSC-STD-005-85). (Forest Green Book)
- NCSC-TG-026 – A Guide to Writing the Security Features User’s Guide for Trusted Systems, September 1991. (Hot Peach Book)
- NCSC-TG-027 – A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems, May 1992. (Turquoise Book)
- NCSC-TG-028 – Assessing Controlled Access Protection, 25 May 1992. (Violet Book)
- NCSC-TG-029 – Introduction to Certification and Accreditation Concepts, January 1994. (Blue Book)
- NCSC-TG-030 – A Guide to Understanding Covert Channel Analysis of Trusted Systems, November 1993. (Light Pink Book)
Other NCSC Publications
- C1 Technical Report 001 – Technical Report, Computer Viruses: Prevention, Detection, and Treatment, 12 March 1990
- C Technical Report 79-91 – Technical Report, Integrity in Automated Information Systems, September 1991.
- C Technical Report 32-92 – The Design and Evaluation of INFOSEC systems: The Computer Security Contribution to the Composition Discussion, June 1992.
- C Technical Report 111-91 – Integrity-Oriented Control Objectives: Proposed Revisions to the TCSEC, October 1991.
- NCSC Technical Report 002 – Use of the TCSEC for Complex, Evolving, Mulitpolicy Systems
- NCSC Technical Report 003 – Turning Multiple Evaluated Products Into Trusted Systems
- NCSC Technical Report 004 – A Guide to Procurement of Single Connected Systems – Language for RFP Specifications and Statements of Work – An Aid to Procurement Initiators – Includes Complex, Evolving, and Multipolicy Systems
- NCSC Technical Report 005 Volume 1/5 – Inference and Aggregation Issues In Secure Database Management Systems
- NCSC Technical Report 005 Volume 2/5 – Entity and Referential Integrity Issues In Multilevel Secure Database Management
- NCSC Technical Report 005 Volume 3/5 – Polyinstantiation Issues In Multilevel Secure Database Management Systems
- NCSC Technical Report 005 Volume 4/5 – Auditing Issues In Secure Database Management Systems
- NCSC Technical Report 005 Volume 5/5 – Discretionary Access Control Issues In High Assurance Secure Database Management Systems