Thanks for the responses. I have found the rainbow books at a number of places, including:
I also recived a reply to my message that I thought I would forward. It is anonymous at the original author's request...
>I should warn you about a couple of things. First, the phrases
>"Novell claims ..." and " ... are *designed* to meet ..." are red
>flags for marketing hype. You really cannot depend on these claims
>to have any relationship to reality. I can say my Nissan pickup is
>designed to meet C2 requirements.
>Also, the Orange Book is the basis of the requirements. The Red Book
>is an *interpretation* of the Orange Book requirements, for networks &
>network components. I should also warn you that the Red Book is pretty
>cumbersome and inconsistent in places. Part 1 of the Red Book is not
>used within the evaluation community, except as reference material.
>None of my observations has any bearing on whether the product is good or
>not. And Novell does have products that have actually been evaluated.
Gary Kessler +1 802-655-0940 (main office)
Hill Associates +1 802-655-8659 (direct line)
17 Roosevelt Highway +1 802-655-7974 (fax)
Colchester, VT 05446 kumquat @
PGP Public Key: http://www.hill.com/PGP/gck_pubkey.html