On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen <lowen at pari.edu> wrote: > On 02/13/2015 05:41 AM, James Hogarth wrote: > > This is also why the Orange Book and its Rainbow kin exist (Orange Book = > 5200.28-STD, aka DoD Trusted Computer System Evaluation Criteria). > Should anyone care to learn from the Rainbow Books, they are available from the United States of America (USA) National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC) Selected Historical Computer Security Papers, http://csrc.nist.gov/publications/secpubs/ There is a caveat however, "The Rainbow Series of Department of Defense standards is outdated, out of print, and provided here for historical purposes ONLY." I imagine the CSRC believes some of their other readily available publications are not outdated.