If A1 is the Answer, What was the Question? An Edgy Na?f's Retrospective on Promulgating the Trusted Computer Systems Evaluation Criteria
Dec. 6, 2004 to Dec. 10, 2004
Marvin Schaefer , Books With a Past, LLC
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.22
This paper provides an introspective retrospective on the history and development of the United States Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). Known to many as the Orange Book, the TCSEC contained a distillation of what many researchers considered to be the soundest proven principles and practices for achieving graded degrees of sensitive information protection on multiuser computing systems. While its seven stated evaluation classes were explicitly directed to standalone computer systems, many of its authors contended that its principles would stand as adequate guidance for the design, implementation, assurance, evaluation and certification of other classes of computing applications including database management systems and networks. The account is a personal reminiscence of the author, and concludes with a subjective assessment of the TCSEC's validity in the face of its successor evaluation criteria.
Marvin Schaefer, "If A1 is the Answer, What was the Question? An Edgy Na?f's Retrospective on Promulgating the Trusted Computer Systems Evaluation Criteria", ACSAC, 2004, Computer Security Applications Conference, Annual, Computer Security Applications Conference, Annual 2004, pp. 204-228, doi:10.1109/CSAC.2004.22