The Orange Book

I have made sgml of the Orange Book.

I've corrected it in a couple of places to agree with a library copy of the printed version and have restored the highlighting. Some of the subsection numbers have been lost (courtesy linuxdoc), but the sgml is as correct as I could make it:

• Browse the Orange Book online (here)
  • Preample, Glossary and References
  • Part I (chaps. 1-4) and Part II (chaps. 5-10)
  • Appendices
• Download an archive of sgml,html,txt,ps (the text version has mostly correct numbering).

The above sgml-based text is a modified version of the full text, available from NIST. In case the NIST directory containing copies of the rainbow series changes, here is a copy of the Orange Book (more properly named, the Department of Defense Trusted Computer System Evaluation Criteria). Note, this copy contains some minor typographical errors when compared against the official printed copy; DOD 5200.28-STD. I have tried to remain true to the original in producing the sgml.

As a public service, NIST maintains these and other related material at the NIST Computer Security Resource Clearing House.

It would appear that others have done the same (at least they have converted the Orange book to html). You may find their versions more convenient. [I would have liked to have known about these before doing the sgml! :( ]

• http://www.disa.mil/MLS/info/orange/
• http://www.dmu.ac.uk/~chl/orange.html

I can be reached at morgan@parc.power.net. PGP public Key available here.
Up to Orange-Linux my home page.