For those of us navigating the complex landscape of information security today, grappling with concepts like zero-trust architecture, threat modeling, and continuous monitoring, it might seem like we're charting entirely new territory. However, the foundations of many of our security evaluation principles were laid down decades ago, most notably with the U.S. Department of Defense's Trusted Computer System Evaluation Criteria (TCSEC), affectionately known as the Orange Book, and its European counterpart, the Information Technology Security Evaluation Criteria (ITSEC).
While these standards have been largely superseded by the globally recognized Common Criteria, understanding their history, principles, and the "Rainbow Series" of documents associated with the Orange Book provides invaluable context for today's information security professionals. It's like understanding the evolution of cryptography – appreciating the past illuminates the present and informs the future.
Born in the 1980s, the Orange Book tackled a fundamental challenge: how to evaluate the trustworthiness of computer systems handling sensitive information. Its core focus was confidentiality, aiming to prevent unauthorized disclosure through a structured hierarchy of trust, categorized into four divisions (D, C, B, and A).
Think of it as a security pyramid. At the base (Division D) were systems with minimal protection. Climbing upwards, Division C introduced discretionary access control (DAC) and accountability, a level many commercial systems aimed for. Division B marked a significant leap with the introduction of mandatory access control (MAC) based on security labels – a concept crucial in high-security environments where data sensitivity dictates access rules enforced by the system itself, not just the owner. The pinnacle, Division A, demanded verified protection through formal design and verification techniques, representing the gold standard of assurance.
Accompanying the Orange Book was the Rainbow Series, a collection of supplementary "colored books" that delved into specific aspects of computer security. From the Red Book on network security to the Gold Book on trusted database management systems, this series provided a comprehensive body of knowledge, offering guidance on implementing secure systems across various domains.
Europe's Perspective: ITSEC and Flexibility
Across the Atlantic, the European Union developed its own standard, ITSEC (Information Technology Security Evaluation Criteria). While sharing the overarching goal of evaluating system security, ITSEC offered a slightly different approach. Instead of a rigid hierarchical structure, ITSEC focused on defining security functionality (what security features a product offered) and assurance levels (how confident one could be that those features worked correctly).
This allowed for greater flexibility. A product could be evaluated for specific security functions relevant to its intended use, rather than being forced into a pre-defined class. For instance, a firewall might be evaluated highly on its filtering functionality with a moderate assurance level, while an operating system handling highly classified data might prioritize both strong security functions and high assurance.
The Convergence and the Legacy
Ultimately, both TCSEC and ITSEC, despite their differences in structure, aimed to provide a framework for building and evaluating trusted computer systems. Their principles – the importance of a well-defined security policy, accountability, assurance through rigorous evaluation, and comprehensive documentation – remain foundational to information security today.
While the Common Criteria has emerged as the dominant international standard, it undeniably draws heavily from the lessons learned from both the Orange Book and ITSEC. The concepts of security functional requirements (SFRs) in Common Criteria echo ITSEC's focus on specific security functions, while the assurance levels (EALs) build upon the rigorous evaluation methodologies pioneered by both standards.
Why This Matters to Today's InfoSec Professionals
Understanding the legacy of TCSEC and ITSEC offers several benefits:
- Contextual Awareness: It provides a historical perspective on the evolution of security evaluation and the enduring challenges of building trusted systems.
- Deeper Understanding of Principles: Concepts like MAC, DAC, assurance levels, and the separation of functionality and assurance are more readily grasped when their origins are understood.
- Appreciation for Current Standards: Recognizing the strengths and weaknesses of past standards helps us better understand the design and rationale behind the Common Criteria.
- Informed Decision-Making: When evaluating security products and architectures, understanding the underlying principles of trust and assurance, even in their historical context, can lead to more informed decisions.
In conclusion, while the Orange Book and ITSEC might seem like relics of a bygone era, their echoes resonate through the core principles of modern information security. By understanding their contributions and the lessons learned from their implementation, today's infosec professionals can gain a richer appreciation for the foundations upon which our current security practices are built, ultimately leading to a more informed and robust approach to protecting our digital world. The "Rainbow Series" and the diverse functionalities evaluated by ITSEC serve as reminders that security is a multifaceted challenge requiring a layered and context-aware approach – a lesson that remains as relevant today as it was decades ago.
 in Modern InfoSec){kind=link}