Once upon a time there was a rainbow. Not just any rainbow, mind you: this one had colors ranging from Aqua to Tan to Silver. But to many, the most important color in this rainbow was also the second color in the traditional ROY G BIV rainbow: Orange.
In case you haven't guessed yet, I'm referring to the Rainbow Series books (sometimes known as the Rainbow Books). They were a series of computer security standards published by the United States government in the 1980s and 1990s. According to Wikipedia (see http://en.wikipedia.org/wiki/Rainbow_Series), they were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.
The Orange Book, so named for the color of its cover, was of particular interest to those who provided and used Identity and Access Management software such as CA ACF2 and CA Top Secret. Its official title was DoD Trusted Computer System Evaluation Criteria (aka TCSEC; see http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria) and it spelled out what criteria were necessary for a security product to meet various levels of security, signified by a letter (for "divisions") and sometimes a number (for "classes"). At the bottom was "D" for "Minimal protection." Then, C1 and C2, two levels of "Discretionary protection." Next, B1 through B3 for various degrees of "Mandatory protection" and at the top, A1 and beyond for "Verified protection."
CA ACF2 and CA Top Secret were evaluated and certified for configurations that were C2- and B1-rated.
Then, everything got superseded as TCSEC was replaced by the Common Criteria international standard originally published in 2005 (see http://en.wikipedia.org/wiki/Common_Criteria).
However, CA is nothing if not customer-centric, and we have some very important customers who subscribe to these criteria and wanted the assurance that we continue to be compliant.
So, as we announced today (see http://www.ca.com/us/press/release.aspx?cid=225622), that's just what we've been doing for CA ACF2TM r14, CA Top Secret® r14 and CA Compliance Manager for z/OS r1.
What does this mean to you? Likely, not a thing, because it's the same software you've been using all along. We're just getting certification (again) that it really is as good as we say it is.
But, just in case you care about this kind of thing, or, like me, like to keep your stock of trivia topped-up, now you know the color of CA's mainframe security products. Orange you glad you asked?