Source : Free On-Line Dictionary of Computing

Orange Book
     
         A standard from the US Government
        {National Computer Security Council} (an arm of the
        U.S. National Security Agency), "Trusted Computer System
        Evaluation Criteria, DOD standard 5200.28-STD, December 1985"
        which defines criteria for trusted computer products.  There
        are four levels, A, B, C, and D.  Each level adds more
        features and requirements.
     
        D is a non-secure system.
     
        C1 requires user log-on, but allows {group ID}.
     
        C2 requires individual log-on with password and an audit
        mechanism.  (Most {Unix} implementations are roughly C1, and
        can be upgraded to about C2 without excessive pain).
     
        Levels B and A provide mandatory control.  Access is based on
        standard Department of Defense clearances.
     
        B1 requires DOD clearance levels.
     
        B2 guarantees the path between the user and the security
        system and provides assurances that the system can be tested
        and clearances cannot be downgraded.
     
        B3 requires that the system is characterised by a mathematical
        model that must be viable.
     
        A1 requires a system characterized by a mathematical model
        that can be proven.
     
        See also {crayola books}, {book titles}.
     
        [{Jargon File}]
     
        (1997-01-09)