lished at NSA as an entity separate from the communications security structure already in place. The reasons for this separation included the recognition that while communications security had been largely a government-owned function in which NSA developed encryption algorithms, contracted for their production, and fully controlled their distribution and use throughout the government, computers were far more widely deployed even in the early 1980s and could not be developed, produced, and controlled in the same way as encryption systems. A separate organization capable of working with industry, instead of directing it through procurement contracts, was needed.

The DOD Computer Security Center, as it came to be called, published the Trusted Computer System Evaluation Criteria (TCSEC, or Orange Book) in 1983 (superseded in 1985 by DOD 5200.28-STD; U.S. DOD, 1985d) and began working with industry to evaluate how well their products met the various levels of those criteria. It should be noted that the establishment of the Computer Security Center as a separate function at NSA was opposed both within and outside the agency at the time. The internal opposition stemmed from the perception that computer security was merely a subset of communications security and should be handled in the same way by the same organization. The opposite view was that communications security was becoming increasingly dependent on computers, computer networks, and network protocols, and required a new technology base managed by a new organization. The external opposition derived from the negative concerns of many in the defense community, including other parts of DOD and defense contractors, that NSA's slowness to respond and dictatorial authority in the communications security arena would hamper the development of products needed to solve today's problems. These two opposing forces both within and outside NSA continue today to influence the evolution of both computer security and communications security.

Up until the establishment of the Computer Security Center, the preceding U.S. COMSEC Board and another key policy group, the National Communications Security Committee, largely ignored the computer security problem, lumping it, if considering it at all, into the communications security arena. The 1977 Presidential Directive 24 (PD 24), which created the National Communications Security Committee, split the responsibility for communications security, giving NSA authority over the protection of classified and national security-related information and the National Telecommunications and Information Administration, a part of the Department of Commerce not related to the National Bureau of Standards (NBS), responsibility for protecting unclassified and non-national security information. This