National Computer Security Center (NCSC)

The National Computer Security Center (NCSC) is a U.S. government organization within the National Security Agency (NSA) that evaluates computing equipment for high security applications to ensure that facilities processing classified or other sensitive material are using trusted computer systems and components. NCSC was founded in 1981 as the Department of Defense Computer Security Center and changed to its current name in 1985. The organization works with industry, education, and government agency partners to promote research and standardization efforts for secure information system development. The NCSC also functions in an educational capacity to disseminate information about issues surrounding secure computing, most significantly through its annual National Information Systems Security Conference.

The NCSC's computer evaluation program is carried out by another NSA organization, the Trusted Product Evaluation Program (TPEP), which tests commercial products against a comprehensive set of security-related criteria. NCSC issued the first Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) in August, 1983. The document, more commonly referred to as the "orange book," was reissued in 1985 as a DoD standard that included the stated goals of providing manufacturers with security-related standards regarding features for inclusion in products, and providing DoD components with information about security metrics for the evaluation of trust levels to be accorded various products used for processing sensitive material.