> The Orange book is just one of the two dozen that make up the Rainbow
> Series security books. It wouldn't mean a thing if someone made the most
> secure operating system in the world, if they sent it to you through the
> U.S. Mail. You need to look at the Rainbow Book that deals in "trusted
> distribution". Networking is dealt with in the Red book, etc.
This is correct, sort of. The rest of the rainbow series are
INTERPRETATIONS of the Orange Book. For example, we are undergoing a "Red
Book" B2 evaluation, but it is driven by OB requirements. Also note that
there have been many interpretations issued since the publication of these
other books (especially the Red Book - The Trusted Network Interpretation
of the TCSEC (i.e., of the Orange Book), or TNI). The TNI was published in
1987, and there have been significant advances since then.
> As far as the hardware platform not being mentioned; contact the vendor
> or look on NSA's dockmaster system for where you can get a copy of the
> "Final Evaluation Report" (FER). Not only does it state the hardware
> platform, but it must specify the exact revision of any programmable or
> intelligent chip. So if the LAN card is no longer available, the company
> must test and document all of the changes (even if it is only the date of
> when the chip was manufactured) and send it to the evaluation team. If
> it is minor, they can handle these issues in a short term around.
> However, if it is major (such as going from a i486 to a Pentium), they
> may have to go through 50% or more of all of the evaluation tests again.
A system is comprised of hardware, firmware, software, customer
documentation and internal documentation. The whole schmere is evaluated
as a single entity. Any changes, including a one line bug fix or a new
version of the controller firmware, make the system a new system, and
The Ratings Maintenance Program (RaMP - RAMP) was intended to ensure
that newer versions of the product would maintain the rating. Many
earlier systems had problems with this, since the secure products were
not built on current mainstream products, but on older revisions of the
product. The cost of RAMP in those cases is quite high, since you must
maintain two products (at least). When Data General considered
entering evaluation, even though we had a B2+ system, we first put in
for a B1 eval since there was no B2 RAMP. An outdated product was of
little value to us due to the excessive costs of maintaining two
However, when the trusted version of the product is a component of your
standard OS, that is, when it is integrated with the standard OS source
code base, then the costs of RAMP are greatly reduced, and there are many
side benefits. The standard OS gains the benefits of the high assurnace
analysis of the OS. The trusted OS is always up-to-date and contains state
of the art features. DG was unwilling to offer an old version of the OS.
The B2 RAMP issues were resolved, DG was authorized for B2 RAMP, and we
upped our submission from B1 to B2.
> Depending on how close the revisions of a vendors product are, they may
> has to go through a complete evaluation, or they may be blessed with
> getting into the RAMP program. NSA was also talking of coming out with a
> watered-down evaluation (so Microsoft could get a quick evaluation)
> called TTAP, or something similar. I haven't heard much about it in the
> last year, so maybe someone else could clarify its' status.
THis is not a correct description of TTAP. The primary purpose of TTAP as
I understand it was to keep company's from submitting for evaluation,
entering VAP (vendor assistance phase) which the vendor can stay in for
decades, say you are in evaluation, and then do nothing. In TTAP, you are
in evaluation when you enter FEP - Formal Evaluation Phase. At this point,
NSA has ensured that most of the work has been completed, all the formal
docs are done, and the system is essentially complete. THEN the NSA
critters do their thing to it.
> To look at a FER in detail from a system that successfully passed A1 and
> B3 - call Honeywell Federal Systems (now owned by WANG) in Tyson's
> Corner. The FER will give you a better understanding of what it takes to
> get past the sometimes-vague, opinion-changeable, out-dated,
> still-the-only-thing-that-people-have-followed (Karen G. must excuse my
> lack of European evaluation respect here ;^D) guidelines for what makes
> up security (primarily for the government).
Well, that is not quite accurate either. True, the standards are directed
at government usage, since that's why they were developed. HOWEVER, people
seem to think that governments don't do the same things that commercial
users do. The vast majority of government system do office automation.
The threats and risks are essentially the same. The feds want commercial
systems, not special systems (in general, of course, since they also used
fighter weapons systems and Patriot missles and such, but those are the
exception rather then the rule).
For example, DOCKMASTER II, the replacement for DOCKMASTER (I), look an
awful lot like a regular ol' corporate system. Web server, internal LAN,
Internet connected, public and private (classified) information. What's
the real difference, other than the guns are closer? They are using the
same B2 Data General system as the University of California at San Diego
uses for its medical center. I'll post some info on that separately.
> >snip: original message
> I have a listing of the products (OS's & Network Components) that are
> rated at A1, B1, B2, B3, C1, & C2, and nowhere does it mention what
> hardware the OS, etc was running on. The only thing mentioned in the
> "Orange Book" is the way that the OS handles security measures. This
> pertains to firewalls also in the fact that firewalls must have
> contingincies that provide security between two areas, and can be
> documented to do so.
Jon F. Spencer spencerj @
Data General Corp. Phone : (919)248-6246
62 Alexander Drive, MS #119 FAX : (919)248-6108
Research Triangle Park, NC 27709 Office RTP 121/9
There is no such thing as a small interference with property.
Andrew J. Galambos
No success can compensate for failure in the home.
President David O. McKay
***** UCC 1-207 ********