Trusted Computer System Evaluation Criteria

[citation needed] By the late 1960s, government agencies, like other computer users, had gone far in the transition from batch processing to multiuser and time-sharing systems.

The study effort was organized as the Defense Science Board (DSB) Task Force on Computer Security under the chairmanship of the late Willis Ware.

The task force met between 1967 and 1969 and produced a classified report that was made available to organizations with appropriate security clearance beginning in 1970.

ESD received technical advice and support of the Mitre Corporation, one of the countries federally funded research and development centers (FFRDC).

Grace Hammonds Nibaldi while she worked at the Mitre Corporation published a report that laid out the initial plans for the evaluation of commercial off-the-shelf operating systems.

These included Grace Hammonds Nibaldi and Peter Tasker of Mitre Corporation; Dan Edwards, Roger Schell, and Marvin Schaeffer of National Computer Security Conference; and Ted Lee of Univac.

A secure means must exist to ensure the access of an authorized and competent agent that can then evaluate the accountability information within a reasonable amount of time and without undue difficulty.

To accomplish these objectives, two types of assurance are needed with their respective elements:[6] Within each class, an additional set of documentation addresses the development, deployment, and management of the system rather than its capabilities.

The Orange Book