The Rainbow Series was a collection of freely distributed documents summarizing recommendations of agencies of the U.S. government. They were published in the 1980s and 1990s by the National Computer Security Center (see
NCSC).
The 1983 DoD Trusted Computer System Evaluation Criteria (TCSEC) became known as the original "Orange Book" because of its cover color. Several colors were reused over the years, and a few books changed colors in different printings. Most of the following documents are available from the Federation of American Scientists. See
NCSC security levels.
DOD Documents
Following are documents from the Department of Defense:
1 - Orange Book (CSC-STD-001-83)
DOD Trusted Computer System Evaluation Criteria (TCSEC) [DOD 5200.28]
2 - Green Book (CSC-STD-002-85)
DOD Password Management Guidelines
3 - Light Yellow Book (CSC-STD-003-85)
Guidance for Applying the DOD Trusted Computer System Evaluation Criteria in Specific Environments
4 - Yellow Book II (CSC-STD-004-85)
Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements
5 - (CSC-STD-005-85)
DoD Magnetic Remanence Security Guideline
NCSC Documents
Following are documents from the National Computer Security Center
6 - Light Pink Book (NCSC-TG-030)
A Guide to Understanding Covert Channel Analysis of Trusted Systems (11/93)
7 - Aqua Book (NCSC-TG-004)
Glossary of Computer Security Terms
8 - Blue Book (NCSC-TG-029)
Introduction to Certification and Accreditation (09/94)
9 - Blue Book (NCSC-TG-019)
Trusted Product Evaluation Questionnaire
10 - Bright Blue Book (NCSC-TG-002)
Trusted Product Evaluation - A Guide for Vendors
11 - Brown Book (NCSC-TG-015)
A Guide to Understanding Trusted Facility Management
12 - Burgundy Book (NCSC-TG-007)
A Guide to Understanding Design Documentation in Trusted Systems
13 - Forest Green Book (NCSC-TG-025)
A Guide to Understanding Data Remanence in Automated Information Systems (Ver.2 09/91)
14 - Grey/Silver Book (NCSC-TG-020A)
Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the UNIX System
15 - Hot Peach Book (NCSC-TG-026)
A Guide to Writing the Security Features User's Guide for Trusted Systems
16 - Lavender (NCSC-TG-008)
A Guide to Understanding Trusted Distribution in Trusted Systems
17 - Lavender/Purple Book (NCSC-TG-021)
Trusted Database Management System Interpretation
18 - Light Blue Book (NCSC-TG-017)
A Guide to Understanding Identification and Authentication in Trusted Systems
19 - Light Blue Book (NCSC-TG-018)
A Guide to Understanding Object Reuse in Trusted Systems
20 - Orange Book (NCSC-TG-006)
A Guide to Understanding Configuration Management in Trusted Systems
21 - Orange Book (NCSC-TG-003)
A Guide to Understanding Discretionary Access Control in Trusted Systems
22 - Pink Book (NCSC-TG-013)
Rating Maintenance Phase Program Document
23 - Purple Book (NCSC-TG-014)
Guidelines for Formal Verification Systems
24 - Red Book (NCSC-TG-005)
Trusted Network Interpretation. See
NCSC security levels.
25 - Red Book (NCSC-TG-011)
Trusted Network Interpretation Environments Guideline - Guidance for Applying the Trusted Network Interpretation. See
NCSC security levels.
26 - Tan Book (NCSC-TG-001)
A Guide to Understanding Audit in Trusted Systems
27 - Teal Book (NCSC-TG-010)
A Guide to Understanding Security Modeling in Trusted Systems
28 - Turquoise Book (NCSC-TG-027)
A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems
29 - Venice Blue Book (NCSC-TG-009)
Computer Security Subsystem Interpretation of the Trusted Computer System Evaluation Criteria
30 - Violet Book (NCSC-TG-028)
Assessing Controlled Access Protection
31 - Yellow Book (NCSC-TG-022)
A Guide to Understanding Trusted Recovery
32 - Yellow-Green Book (NCSC-TG-016)
Writing Trusted Facility Manuals