author={Peter S. Tasker and Daniel J. Edwards and Roger R. Schell and Theodore M. P. Lee},
FOREWORD This publication, DoD 5200.28−STD, "Department of Defense Trusted Computer System Evaluation Criteria," is issued under the authority of an in accordance with DoD Directive 5200.28, "Security Requirements for Automatic Data Processing (ADP) Systems," and in furtherance of responsibilities assigned by DoD Directive 52l5.l, "Computer Security Evaluation Center." Its purpose is to provide technical hardware/firmware/software security criteria and associated technical evaluation… 


The guidelines defined in this document are intended to be used by computer hardware and software designers who are building systems with the intent of meeting the requirements of the DoD Directive 5215.1.

Use of the Trusted Computer System Evaluation Criteria (TCSEC) for Complex, Evolving, Multipolicy Systems.

Abstract : The purpose of this paper is to provide a methodology to assist the heads of DoD components to procure, certify, and accredit existing, evolving, multipolicy systems against the TCSEC 4

If A1 is the answer, what was the question? An Edgy Naif's retrospective on promulgating the trusted computer systems evaluation criteria

  • M. Schaefer
  • Computer Science
    20th Annual Computer Security Applications Conference
  • 2004
An introspective retrospective on the history and development of the United States Department of Defense Trusted Computer System Evaluation Criteria is provided, and a subjective assessment of the TCSEC's validity in the face of its successor evaluation criteria is concluded.


In this paper, it is sketched how the truste d systems technology codified in the TCSEC can be app lied today to create a secure infrastructure network.

Guideline for Implementing Cryptography in the Federal Government

This document focuses on Federal standards documented in Federal Information Processing Standards Publications (FIPS PUBs) and the cryptographic modules and algorithms that are validated against these standards.

The Handbook for the Computer Security Certification of Trusted Systems

The NRL effort to understand assurance, certification, and trusted system certification criteria through the production of the Handbook for the Computer Security Certification of Trusted Systems is described.

Toward an Understanding of Extensible Architectures for Evaluated Trusted Computer System Products

What it means for an architecture to be extensible with respect to security is examined, noting that, given strict hierarchical layering in a system, along with a strict integrity policy mechanism such as the ring mechanism, it should be possible to extend a system through the addition of new adjacent domains.

Recent Development in Information Technology Security Evaluation - The Need for Evaluation Criteria for Multilateral Security

  • Kai Rannenberg
  • Computer Science
    Security and Control of Information Technology in Society
  • 1993
The recent development of national and harmonised criteria and the development in the international standardisation, especially in the relevant committees of ISO and IEC are reported and analyzed.

Towards Formal Evaluation of a High-Assurance Guard

This paper suggests an approach to extending the well-developed technique of “balanced assurance” to the formal evaluation of high-assurance transfer guards that could permit the downgrade function to be evaluated separately from the underlying TCB and then composed with it into an overall system.

Mandatory Access Control 8.1 Multi-level Security

  • Computer Science
This chapter discusses two popular general-purpose frameworks for specifying MAC policies: domain and type enforcement is reminiscent of a DAC access matrix; role-based access control supports access restrictions that derive from responsibilities an organization assigns to roles.



Trusted Computer Systems. Needs and Incentives for Use in Government and the Private Sector

Abstract : The DoD Computer Security Initiative program is now demonstrating the feasibility of designing and implementing trusted computer systems that can provide high levels of protection to data,

Industry Trusted Computer System Evaluation Process

This document describes a process by which manufacturers may submit their proposed products for evaluation, and by which a government-wide evaluation center may conduct the review and evaluation.

Proposed Technical Evaluation Criteria for Trusted Computer Systems

This report documents a proposed set of technical evaluation criteria for evaluating the internal protection mechanisms of computer systems, and represents one approach to how trusted systems might be evaluated.

Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security

This paper argues that resource-sharing systems, where the problems of security are admittedly most acute at present, must be designed to protect each user form interference by another user or by the system itself, and must provide some sort of 'privacy' protection to users who wish to preserve the integrity of their data and their programs.

Guidelines for Security of Computer Applications

This guideline describes the technical and managerial decisions that should be made in order to assure that adequate controls are included in new and existing computer applications to protect them from natural and human-made hazards and to assures that critical functions are performed correctly and with no harmful side effects.

Specification of a Trusted Computing Base (TCB)

This report documents the performance, design, and development requirements for a TCB for a general- purpose operating system.

Program confinement in KVM/370

The techniques used in KVM/370 to confine programs (to prevent data leakage) so that the security of the system is preserved are discussed.

Computer Security Technology Planning Study

This document is intended to assist in the management of government procurement operations and will not be used for other purposes other than a definitely related government procurement operation.

The advent of trusted computer operating systems

The need to trust a computer system processing sensitive information has existed since the earliest uses of computers, but without trusted internal access control mechanisms, the computer has to be treated as a device operating at a single sensitivity level.

A lattice model of secure information flow

The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches to formulating the requirements of secure information flow among security classes.