A standard from the US Government National Computer Security Council (an arm of the U.S. National Security Agency), "Trusted Computer System Evaluation Criteria, DOD standard 5200.28-STD, December 1985" which defines criteria for trusted computer products. There are four levels, A, B, C, and D. Each level adds more features and requirements.
B1 requires DOD clearance levels.
B2 guarantees the path between the user and the security system and provides assurances that the system can be tested and clearances cannot be downgraded.
A1 requires a system characterized by a mathematical model that can be proven.