Computer security standards for the Department of Defense (DOD) evolved from an initial 1970 study that focused on limiting access to information and computer-system privileges to authorized recipients. By the end of the 1970's, the DOD had a clear picture of what was required to design a secure computer system. There was a modest body of research achievements on which to build, including preliminary concepts for evaluating systems and a number of relevant technical concepts for implementing secure software. Concurrently, in the commercial world, there was little action other than a slowly growing awareness that computer security was a relevant need. By the 1980's, computer security had become a technically demanding and expensive enterprise centered in the production of ever more sophisticated secure software. The DOD has formal standards for the evaluation of secure computer systems. Although the commercial world may have different security needs than those of the DOD, the business world can profit by modifying the standards and computer software spurred by the DOD to its own security needs.