Within the international computer security community, much effort has been devoted to the creation of standards which permit the security functionality of systems to be evaluated. In itself, this is a large and complex problem. Within government and industry, computer security needs form a wide spectrum.
The first publicly available specification for computer security requirements was the Trusted Computer System Evaluation Criteria (TCSEC) [TCS85], first published in 1983. Although developed by the National Security Agency (NSA) to meet the needs of the United States Department of Defense, the TCSEC has been and continues to be influential in the development of commercial products and later computer security functional specifications. There are several other computer security publications directly related to the TCSEC. Among these are the Trusted Network Interpretation (TNI or ``red'' book) [TNI90] and the Trusted Data Base Management System Interpretation (TDI or ``lavender'' book) [TDI91]. The TNI shows how the criteria from the TCSEC applies to a network environment. The TDI shows how the TCSEC applies to data base management systems. The TCSEC and its related publications are often referred to as the ``rainbow'' series.
The Information Technology Security Evaluation Criteria (ITSEC) [ITS91] was created in a joint effort by Germany, France, the United Kingdom, and the Netherlands. Originally published in 1990, the ITSEC was developed to more completely meet the needs of those organizations handling unclassified information.
In order to further meet organizational needs for handling both classified and unclassified information, the Federal Criteria for Information Technology Security (Federal Criteria or FC) [FC92] was developed as a joint project by the National Institute of Standards and Technology (NIST) and NSA. The Federal Criteria is to be replaced by the Common Criteria now under development by NIST, NSA, Canadian and European representatives. The Federal Criteria, the ITSEC, and the CTCPEC are being used in developing the Common Criteria. The Common Criteria is to be published as a Federal Information Processing Standard (FIPS).