Called the "Orange Book," the TCSEC (or Trusted Computer Systems Evaluation Criteria) contained the basic criteria for evaluating computer systems intended to handle sensitive or classified material. It divided the systems into four classes: D (no security features), C (user-based access controls), B (mandatory access controls based on information classification and user clearance), and A (the same as B, with formal assurance arguments). Class B2 systems enforce security based on a clearly defined and documented formal security policy model. The security enforcement must be carefully structured into protection-critical and non- protection-critical elements. Multics' hardware isolation mechanisms played a key role in meeting these requirements.