Forwarded From: John Young <jyaat_private> Paul Merrill, author of "NOT the Orange Book," has provided a digital version of this "Guide to the Definition, Specification, Tasking, and Documentation for the Development of Secure Computer Systems -- Including Condensations of the Members of the Rainbow Series and Related Documents:" http://jya.com/ntob.htm (401K) Zipped: http://jya.com/ntob.zip (96K) This is Paul's 1992 manual prepared while working for DoD/USAF to spec, research, evaluate and purchase secure computer systems for ADP, C4I and weapons and to compensate for the shortcomings of the official regulations. It's still widely used, Paul says, to ease the unending conflict between DoD, NSA and defense contractors about how to develop and assure computer security from lab to battle. Section IV, Case Studies, is a wonder at describing what to do when perfect design goes bellyup in the field. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:48 PDT