Rainbow Books

The Rainbow Books are a set of Department of Defense documents on computer security.

The Rainbow Books are called that because each book is bound in brightly colored paper.

Orange Book
DoD 5200.28-STD
Department of Defense Trusted Computer System Evaluation Criteria.

Green Book
CSC-STD-002-85
Department of Defense Password Management Guideline.

Yellow Book
CSC-STD-003-85
Computer Security Requirements — Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments.

Yellow Book
CSC-STD-004-85
Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements. Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments.

Tan Book
NCSC-TG-001
A Guide to Understanding Audit in Trusted Systems.

Bright Blue Book
NCSC-TG-002
Trusted Product Evaluation – A Guide for Vendors.

Neon Orange Book
NCSC-TG-003
A Guide to Understanding Discretionary Access Control in Trusted Systems.

Teal Green Book
NCSC-TG-004
Glossary of Computer Security Terms.

Red Book
NCSC-TG-005
Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria.

Orange Book
NCSC-TG-006
A Guide to Understanding Configuration Management in Trusted Systems.

Burgundy Book
NCSC-TG-007
A Guide to Understanding Design Documentation in Trusted Systems.

Dark Lavender Book
NCSC-TG-008
A Guide to Understanding Trusted Distribution in Trusted Systems.

Venice Blue Book
NCSC-TG-009
Computer Security Subsystem Interpretation of the Trusted Computer System Evaluation Criteria.

Aqua Book
NCSC-TG-010
A Guide to Understanding Security Modeling in Trusted Systems.

Dark Red Book
NCSC-TG-011
Trusted Network Interpretation Environments Guideline — Guidance for Applying the Trusted Network Interpretation.

Pink Book
NCSC-TG-013
Rating Maintenance Phase — Program Document.

Purple Book
NCSC-TG-014
Guidelines for Formal Verification Systems.

Brown Book
NCSC-TG-015
A Guide to Understanding Trusted Facility Management.

Yellow-Green Book
NCSC-TG-016
Guidelines for Writing Trusted Facility Manuals.

Light Blue
NCSC-TG-017
A Guide to Understanding Identification and Authentication in Trusted Systems.

Light Blue Book
NCSC-TG-018
A Guide to Understanding Object Reuse in Trusted Systems.

Blue Book
NCSC-TG-019
Trusted Product Evaluation Questionnaire.

Gray Book
NCSC-TG-020-A
Trusted Unix Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the Unix System.

Lavender Book
NCSC-TG-021
Trusted Data Base Management System Interpretation of the Trusted Computer System Evaluation Criteria.

Yellow Book
NCSC-TG-022
A Guide to Understanding Trusted Recovery in Trusted Systems.

Bright Orange Book
NCSC-TG-023
A Guide to Understandng Security Testing and Test Documentation in Trusted Systems.

Purple Book
NCSC-TG-024 (Volume 1/4)
A Guide to Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements.

Purple Book
NCSC-TG-024 (Volume 2/4)
A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work – An Aid to Procurement Initiators.

Purple Book
NCSC-TG-024 (Volume 3/4)
A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial.

Purple Book
NCSC-TG-024 (Volume 4/4)
A Guide to Procurement of Trusted Systems: How to Evaluate a Bidder's Proposal Document – An Aid to Procurement Initiators and Contractors.

Green Book
NCSC-TG-025
A Guide to Understanding Data Remanence in Automated Information Systems.

Hot Peach Book
NCSC-TG-026
A Guide to Writing the Security Features User's Guide for Trusted Systems.

Turquiose Book
NCSC-TG-027
A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems.

Violet Book
NCSC-TG-028
Assessing Controlled Access Protection.

Blue Book
NCSC-TG-029
Introduction to Certification and Accreditation.

Light Pink Book
NCSC-TG-030
A Guide to Understanding Covert Channel Analysis of Trusted Systems.

C1 Technical Report-001
Computer Viruses: Prevention, Detection, and Treatment.

C Technical Report 79-91
Integrity in Automated Information Systems.

C Technical Report 39-92
The Design and Evaluation of INFOSEC systems: The Computer Security Contributions to the Composition Discussion.

C Technical Report 111-91
Integrity-Oriented Control Objectives: Proposed Revisions to the TCSEC, October 1991.

NCSC Technical Report 002
Use of the TCSEC for Complex, Evolving, Multipolicy Systems.

NCSC Technical Report 003
Turning Multiple Evaluated Products Into Trusted Systems.

NCSC Technical Report 004
A Guide to Procurement of Single Connected Systems – Language for RFP Specifications and Statements of Work – An Aid to Procurement Initiators – Includes Complex, Evolving, and Multipolicy Systems.

NCSC Technical Report 005 Volume 1/5
Inference and Aggregation Issues In Secure Database Management Systems.

NCSC Technical Report 005 Volume 2/5
Entity and Referential Integrity Issues In Multilevel Secure Database Management.

NCSC Technical Report 005 Volume 3/5
Polyinstantiation Issues In Multilevel Secure Database Management Systems.

NCSC Technical Report 005 Volume 4/5
Auditing Issues In Secure Database Management Systems.

NCSC Technical Report 005 Volume 5/5
Discretionary Access Control Issues In High Assurance Secure Database Management Systems.

NTISSAM COMPUSEC/1-87
Advisory Memorandum on Office Automation Security Guideline.

You can find the Rainbow Books in electronic form at Rainbow Series Library