The Rainbow Series is a series of documents published by the National Computer Security Center (NCSC) to discuss in detail the features of the DoD Trusted Computer System Evaluation Criteria (TCSEC) and provide guidance for meeting each requirement. The name "rainbow" is a nickname because each document has a different color of cover.
The following are brief descriptions of some of the documents that form the Rainbow Series:
- The TCSEC defines criteria for evaluating the security functionality and assurance provided by a computer system. The TCSEC formalizes the concept of a trusted computing base (TCB) and specifies how it should be constructed and used in order to ensure a desired level of trust.
- The guidelines provide a set of good practices related to the use of auditing in automatic data processing systems employed for processing classified and other sensitive information.
- The TNI interprets the TCSEC with regard to networked computer systems. The TNI was particularly controversial due to the complex security issues that arise when computer networks are used.
- The TDI interprets the TCSEC with regard to database management systems.
- This document describes a set of good practices for using password-based authorization schemes. A similar set of guidelines was also issued by the National Institute of Standards and Technology as a Federal Information Processing Standard publication.
- This document defines the acronyms and terms used by computer security specialists, focusing on DOD contexts.
- This document provides procedures and guidance for sanitizing magnetic storage media (e.g., disks and tapes) prior to their release to nonsecure environments.
- This volume provides guidance for applying the TCSEC to specific environments.