I'm more surprised by the rating since the Orange Book is basically for non-networked systems; Red Book rating is _much_ harder, unless the NSA's taking a different view of trustability of software encryption for authentication purposes than they used to.
I'm a little sceptical as to the relevance of C2. It is a set of criteria that is now very old and concerns military security where people can be told what to do. One way in which securoty systems often fail is in the security structure being so suffocating that people have to poke air holes in it so they can breathe. I think that c2 is possibly the limit of orange/red bookishness that is reasonable to work to. It is not a trivial level of security however, UNIX despite all the claims has never been shipped as C2 secure as standard by a mainstream vendor. Even requirements involving trivial effort but which are extreemly important such as the writing of a users security guide have never been taken seriously on any of the UNIX platforms on which I have worked. Phill