Forwarded From: John Young <jya@pipeline.com>
Paul Merrill, author of "NOT the Orange Book," has provided a digital
version of this "Guide to the Definition, Specification, Tasking, and
Documentation for the Development of Secure Computer Systems -- Including
Condensations of the Members of the Rainbow Series and Related Documents:"
http://jya.com/ntob.htm (401K)
Zipped:
http://jya.com/ntob.zip (96K)
This is Paul's 1992 manual prepared while working for DoD/USAF to spec,
research, evaluate and purchase secure computer systems for ADP, C4I and
weapons and to compensate for the shortcomings of the official
regulations.
It's still widely used, Paul says, to ease the unending conflict between
DoD, NSA and defense contractors about how to develop and assure computer
security from lab to battle.
Section IV, Case Studies, is a wonder at describing what to do when
perfect design goes bellyup in the field.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Nov 2 10:51:08 1998