Ready to Start Your Career?

CISSP Study Guide: Orange Book Controls

Cybrary's profile image

By: Cybrary

December 15, 2022

The Orange Book is one of the National Security Agency’s Rainbow Series of books on evaluating “Trusted Computer Systems”. This is the main book in the Rainbow Series and defines the Trusted Computer System Evaluation Criteria (TCSEC). The TCSEC outlines hierarchical degrees of security with the letter D being the least secure through A for the most secure.

The Orange Book also identifies assurance requirements for secure computer operations applied to ensure that a trusted computing base’s security policy has been correctly employed and that the system’s security features have effectively implemented that policy. Two types of assurances are defined in the Orange Book. These are:

  1. Operational assurance – examines the fundamental features and structure of a system. These include system architecture, system integrity, covert channel analysis, trusted facility management, and trusted recovery.
  2. Life cycle assurance – concerned with the controls and standards required for constructing and maintaining a system. These include security testing, design specification and testing and configuration security testing.
Schedule Demo

Let's build your cybersecurity career together

Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.

2,000+learning activities led by highly experienced cybersecurity professionals