[ISN] NOT the Orange Book

From: mea culpa (jerichoat_private)
Date: Mon Nov 02 1998 - 04:58:28 PST

  • Next message: mea culpa: "[ISN] Nov 19-20 - Digital Signatures Workshop"

    Forwarded From: John Young <jyaat_private>
    Paul Merrill, author of "NOT the Orange Book," has provided a digital
    version of this "Guide to the Definition, Specification, Tasking, and
    Documentation for the Development of Secure Computer Systems -- Including
    Condensations of the Members of the Rainbow Series and Related Documents:"
       http://jya.com/ntob.htm  (401K)
       http://jya.com/ntob.zip  (96K)
    This is Paul's 1992 manual prepared while working for DoD/USAF to spec,
    research, evaluate and purchase secure computer systems for ADP, C4I and
    weapons and to compensate for the shortcomings of the official
    It's still widely used, Paul says, to ease the unending conflict between
    DoD, NSA and defense contractors about how to develop and assure computer
    security from lab to battle. 
    Section IV, Case Studies, is a wonder at describing what to do when
    perfect design goes bellyup in the field. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:48 PDT