Try the new and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Selected Historical Computer Security Papers

Historical NIST Papers | Archives | DoD Rainbow Series
General Interest Papers: 1 | 2 | 3

Historical NIST Papers

Federal Information Technology Security Assessment Framework
Federal CIO Council; prepared by NIST for the Security, Privacy, and Critical Infrastructure Committee
November 28, 2000

International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management: Frequently Asked Questions
November 7, 2002 revision; originally published July 2001

U.S. Government Activities to Protect the Information Infrastructure
D. Steinauer, S. Radack and S. Katzke
Presented at the BSI Security Conference in Bonn, April 1997, this paper activities during the mid-1990's of the legislative and executive branches of the U.S. Government (and of some joint activities of government and industry) that involved the security of the evolving information infrastructure.

Back to Top


COAST Security Archive (Purdue University)

Cryptology ePrint Archive (International Association for Cryptologic Research (IACR))

DBLP Computer Science Bibliography (Universität Trier)

Electronic Privacy Information Center (EPIC) Archive - Computer Security

National Security Agency (NSA) Center for Cryptologic History

Back to Top

DoD Rainbow Series

The Rainbow Series of Department of Defense standards is outdated, out of print, and provided here for historical purposes ONLY. The following is only a partial list--a more complete collection is available from the Federation of American Scientists:

DoD 5200.28-STD "Orange Book", DoD Trusted Computer System Evaluation Criteria (December 26, 1985)

CSC-STD-002-85 "Green Book", DoD Password Management Guideline (April 12, 1985)

CSC-STD-003-85 "Light Yellow Book", Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments (June 25, 1985)

CSC-STD-004-85 "Yellow Book II", Technical Rationale Behind CSC-STD-003-85: Computer Security Requirement (June 25, 1985)

NCSC-TG-001 "Tan Book", A Guide to Understanding Audit in Trusted Systems (July 28, 1987)

NCSC-TG-002, Version 1 "Bright Blue Book", Trusted Product Security Evaluation Program: a Guide for Vendors (March 1, 1988)

NCSC-TG-003 "Neon Orange Book", A Guide to Understanding Discretionary Access Control in Trusted Systems (September 30, 1987)

NCSC-TG-004, Version 1 "Aqua Book", Glossary of Computer Security Terms (October 21, 1988)

NCSC-TG-005, Version 1 "Red Book", Trusted Network Interpretation (July 31, 1987)

NCSC-TG-006, Version 1 "Orange Book", A Guide to Understanding Configuration Management in Trusted Systems (March 28, 1988)

NCSC-TG-008 "Lavender Book", A Guide to Understanding Trusted Distribution in Trusted Systems (December 15, 1988)

NCSC-TG-014 "Purple Book", Guidelines for Formal Verification Systems (April 1, 1989)

NCSC-TG-015 "Brown Book", Guide to Understanding Trusted Facility Management (June 1989)

NCSC-TG-019, Version 1 "Blue Book", Trusted Product Evaluation Questionnaire (October 16, 1989)

Back to Top

Continue to General Interest Papers