This article traces the origins of US government-sponsored computer security research and the path that led from a focus on government-funded research and system development to a focus on the evaluation of commercial products. That path led to the creation of the Trusted Computer System Evaluation Criteria (TCSEC), or Orange Book. The TCSEC placed great emphasis on requirements for mandatory security controls and high assurance, and the resulting TCSEC evaluation process was time-consuming and costly for commercial vendors and emphasized product features not valued by customers. As a result, vendor commitment to evaluations waned. The TCSEC was eventually supplanted by the international Common Criteria, which after almost 15 years, have moved to a model based on more straightforward requirements and a more deterministic evaluation process.


Additional Information

Print ISSN
pp. 19-31
Launched on MUSE
Open Access
Back To Top

This website uses cookies to ensure you get the best experience on our website. Without cookies your experience may not be seamless.