1655 lines
93 KiB
Plaintext
1655 lines
93 KiB
Plaintext
|
||
BIBLIOGRAPHY OF GUIDELINES
|
||
|
||
(1974 through 1988
|
||
|
||
Note: A bibliography is now being developed to encompass 1989.
|
||
|
||
|
||
AUTHORS SPECIFIED
|
||
|
||
ABUSE/MISUSE/CRIME
|
||
|
||
|
||
AUTHOR: Ruder, Brian and Madden, J.D.
|
||
|
||
TITLE: An Analysis of Computer Security Safeguards
|
||
for Detecting and Preventing Intentional
|
||
Computer Misuse
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-25
|
||
PUBLICATION DATE: January 1978
|
||
CATEGORY: Abuse/Misuse/Crime
|
||
COST: $11.95
|
||
DESCRIPTION: Analyzes 88 computer safeguard
|
||
techniques that could be applied to recorded, actual
|
||
computer misuse cases.
|
||
|
||
|
||
ACCESS CONTROL
|
||
|
||
|
||
AUTHOR: Brand, Sheila L. and Makey, Jeffrey D.
|
||
|
||
TITLE: Department of Defense Password Management
|
||
Guidelines
|
||
|
||
ORGANIZATION: Department of Defense Computer
|
||
Security Center
|
||
PUBLISHER/ORIGINATOR: Department of Defense Computer
|
||
Security Center
|
||
REPORT NO: CSC-STD-002-85
|
||
PUBLICATION DATE: April 12, 1985
|
||
CATEGORY: Access Control
|
||
COST: $1.75
|
||
DESCRIPTION: This guideline is also known as the
|
||
Green Book. This document provides a set of good
|
||
practices related to the use of password-based user
|
||
authentication mechanisms in automatic data
|
||
processing systems.
|
||
|
||
|
||
AUTHOR: Branstad, Dennis
|
||
|
||
TITLE: Computer Security and the Data Encryption
|
||
Standard
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-27
|
||
PUBLICATION DATE: February 1978
|
||
CATEGORY: Access Control
|
||
COST: $16.95
|
||
DESCRIPTION: Includes papers and summaries of
|
||
presentations made at a 1978 conference on computer
|
||
security.
|
||
|
||
|
||
|
||
AUTHOR: Branstad, Dennis
|
||
|
||
TITLE: Standard on Password Usage
|
||
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 112
|
||
PUBLICATION DATE: March 1985
|
||
CATEGORY: Access Control
|
||
COST: $13.95
|
||
DESCRIPTION: Discusses ten minimum security criteria
|
||
to consider when designing a password-based access
|
||
control system for a computer.
|
||
|
||
|
||
|
||
AUTHOR: Cole, Gerald and Heinrich, Frank
|
||
|
||
TITLE: Design Alternatives for Computer Network
|
||
Security (Vol.I) The Network Security Center: A
|
||
System Level Approach to Computer Network Security
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-21
|
||
PUBLICATION DATE: January 1978
|
||
CATEGORY: Access Control
|
||
COST: $10.00
|
||
DESCRIPTION: This study focuses on the data
|
||
encryption standard and looks at the network
|
||
security requirements and implementation of a
|
||
computer dedicated to network security.
|
||
|
||
AUTHOR: Gait, Jason
|
||
|
||
TITLE: Maintenance Testing for the Data
|
||
Encryption Standard
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-61
|
||
PUBLICATION DATE: August 1980
|
||
CATEGORY: Access Control
|
||
COST: $9.95
|
||
DESCRIPTION: Describes the SRI hierarchical
|
||
development methodology for designing large software
|
||
systems such as operating systems and data
|
||
management systems that meet high security
|
||
requirements.
|
||
|
||
|
||
AUTHOR: Gait, Jason
|
||
|
||
TITLE: Validating the Correctness of Hardware
|
||
Implementations of the NBS Data Encryption
|
||
Standard
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-20
|
||
PUBLICATION DATE: November 1977
|
||
CATEGORY: Access Control
|
||
COST: $9.95
|
||
DESCRIPTION: Describes the design and operation of
|
||
the ICST testbed that is used for the validation of
|
||
hardware implementations of (DES).
|
||
|
||
|
||
AUTHOR: Orceyre, M.J. and Courtney, R.H. Jr.
|
||
|
||
TITLE: Considerations in the Selection of
|
||
Security Measures of Automatic Data
|
||
Processing Systems
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-33
|
||
PUBLICATION DATE: No Date Given
|
||
CATEGORY: Access Control
|
||
COST: $8.50
|
||
DESCRIPTION: This publication list techniques that
|
||
can be used for protecting computer data transmitted
|
||
across telecommunications lines.
|
||
|
||
|
||
AUTHOR: Smid, Miles E.
|
||
|
||
TITLE: A Key Notarization System for Computer
|
||
Networks
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-54
|
||
PUBLICATION DATE: October 1979
|
||
CATEGORY: Access Control
|
||
COST: $4.50
|
||
DESCRIPTION: Looks at a system for key
|
||
notarization that can be used with an encryption
|
||
device which will improve data security in a
|
||
computer network.
|
||
|
||
|
||
AUTHOR: Troy, Eugene F.
|
||
|
||
TITLE: Security for Dial-Up Lines
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-137
|
||
PUBLICATION DATE: May 1986
|
||
CATEGORY: Access Control
|
||
COST: $3.75
|
||
DESCRIPTION: Methods for protecting computer systems
|
||
against intruders using dial-up telephone lines are
|
||
discussed.
|
||
|
||
|
||
AUTHOR: Wood, Helen
|
||
|
||
TITLE: The Use of Passwords for Controlled
|
||
Access to Computer Resources
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-9
|
||
PUBLICATION DATE: May 1977
|
||
CATEGORY: Access Control
|
||
COST: $11.95
|
||
DESCRIPTION: Describes the need for and uses of
|
||
passwords. Password schemes are categorized
|
||
according to selection technique, lifetime,
|
||
physical characteristics, and information content.
|
||
|
||
|
||
AUDIT AND EVALUATION
|
||
|
||
|
||
|
||
AUTHOR: Brand, Sheila L.
|
||
|
||
TITLE: Department of Defense Trusted Computer
|
||
System Evaluation Criteria
|
||
|
||
ORGANIZATION: Department of Defense
|
||
|
||
PUBLISHER/ORIGINATOR: Department of Defense Computer
|
||
Security Center
|
||
REPORT NO: CSC-STD-001-83
|
||
PUBLICATION DATE: August 15, 1983
|
||
CATEGORY: Audit and Evaluation
|
||
COST: Free
|
||
DESCRIPTION: This document forms the basic
|
||
requirements and evaluation classes needed for
|
||
assessing the effectiveness of security and controls
|
||
used by automatic data processing (ADP) systems.
|
||
|
||
|
||
AUTHOR: Dallas, Dennis A. & Vallabhaneni, Rao S.
|
||
|
||
TITLE: Auditing Program Libraries for Change
|
||
Controls
|
||
|
||
ORGANIZATION: Institute of Internal Auditors
|
||
|
||
PUBLISHER/ORIGINATOR: Institute of Internal Auditors
|
||
|
||
REPORT NO: 693
|
||
PUBLICATION DATE: 1986
|
||
CATEGORY: Audit and Evaluation
|
||
COST: $12.00
|
||
DESCRIPTION: This monograph is a concise how-to
|
||
guide for reviewing program libraries and associated
|
||
computer program change controls that are risky and
|
||
prone to human error.
|
||
|
||
|
||
AUTHOR: Ruthberg, Zella and McKenzie,
|
||
Robert, ed.
|
||
TITLE: Audit and Evaluation of Computer Security
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-19
|
||
PUBLICATION DATE: October 1978
|
||
CATEGORY: Audit and Evaluation
|
||
COST: $7.50
|
||
DESCRIPTION: An examination of the recommendations
|
||
by computer auditing experts on how to improve
|
||
computer security audit practices.
|
||
|
||
|
||
AUTHOR: Ruthberg, Zella, ed.
|
||
|
||
TITLE: Audit and Evaluation of Computer Security
|
||
II: System Vulnerabilities and Control
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-57
|
||
PUBLICATION DATE: April 1980
|
||
CATEGORY: Audit and Evaluation
|
||
COST: $7.00
|
||
DESCRIPTION: Proceedings of the second NIST/GAO
|
||
workshop to develop improved computer security audit
|
||
procedures.
|
||
|
||
AUTHOR: Ruthberg, Zella, Fisher, Bonnie,
|
||
Perry, William, Lainhart, John, Cox, James,
|
||
Gillen, Mark, Hunt, Douglas
|
||
TITLE: Guide to Auditing for Controls and Security:
|
||
A System Development Life Cycle Approach
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC 500-153
|
||
PUBLICATION DATE: April 1988
|
||
CATEGORY: Auditing & Evaluation
|
||
COST: $25.95
|
||
DESCRIPTION: This guide addresses auditing the
|
||
system development life cycle process for an
|
||
automated information system, to ensure that
|
||
controls and security are designed and built into
|
||
the system.
|
||
|
||
|
||
AUTHOR: Ruthberg, Zella & Fisher, Bonnie
|
||
|
||
TITLE: Work Priority Scheme for EDP Audit and
|
||
Computer Security Review
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBSIR 86-3386
|
||
PUBLICATION DATE: August 1986
|
||
CATEGORY: Audit and Evaluation
|
||
COST: $11.95
|
||
DESCRIPTION: Describes a methodology for
|
||
prioritizing the work performed by EDP auditors and
|
||
computer security reviewers.
|
||
|
||
|
||
CERTIFICATION
|
||
|
||
|
||
AUTHOR: Giragosian, P.A., Mastbrook, D.W. &
|
||
Tompkins, F.G.
|
||
TITLE: Guidelines for Certification of Existing
|
||
Sensitive Systems
|
||
|
||
ORGANIZATION: Mitre Corporation
|
||
|
||
PUBLISHER/ORIGINATOR: National Aeronautics and
|
||
Space Administration
|
||
REPORT NO: PB84-223122
|
||
PUBLICATION DATE: July 1982
|
||
CATEGORY: Certification
|
||
COST: $11.95
|
||
DESCRIPTION: This document describes a way to
|
||
perform evaluations of the security of a computer
|
||
system that has sensitive software applications.
|
||
|
||
|
||
AUTHOR: Ruthberg, Zella G. & Neugent, William
|
||
|
||
TITLE: Overview of Computer Security Certification
|
||
and Accreditation
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-109
|
||
PUBLICATION DATE: April 1984
|
||
CATEGORY: Certification
|
||
COST: $1.50
|
||
DESCRIPTION: These guidelines describe the major
|
||
features of the certification and accreditation
|
||
process. It is intended to help ADP managers and
|
||
their staff understand this process.
|
||
|
||
|
||
CONTINGENCY PLANNING
|
||
|
||
|
||
AUTHOR: Isaac, Irene
|
||
|
||
TITLE: Guide on Selecting ADP Backup Process
|
||
Alternatives
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
of Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-134
|
||
PUBLICATION DATE: November 1985
|
||
CATEGORY: Contingency Planning
|
||
COST: $1.75
|
||
DESCRIPTION: Discusses the selection of ADP backup
|
||
processing support in advance of events that cause
|
||
the loss of data processing capability.
|
||
|
||
|
||
AUTHOR: Schabeck, Tim A.
|
||
|
||
TITLE: Emergency Planning Guide for Data
|
||
Processing Centers
|
||
|
||
ORGANIZATION: None Specified
|
||
|
||
PUBLISHER/ORIGINATOR: Assets Protection
|
||
|
||
REPORT NO: ISBN No. 0-933708-00-9
|
||
PUBLICATION DATE: 1979
|
||
CATEGORY: Contingency Planning
|
||
COST: $10.00
|
||
DESCRIPTION: This checklist provides an audit tool
|
||
to evaluate a data processing center's current
|
||
disaster defense mechanisms and recovery capability.
|
||
|
||
|
||
AUTHOR: Shaw, James K. and Katzke, Stuart
|
||
|
||
TITLE: Executive Guide to ADP Contingency
|
||
Planning
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-85
|
||
PUBLICATION DATE: July 1981
|
||
CATEGORY: Contingency Planning
|
||
COST: $7.00
|
||
DESCRIPTION: This document discusses the background
|
||
needed to understand the developmental process for
|
||
Automatic Data Processing contingency plans.
|
||
|
||
|
||
DATA BASE SECURITY
|
||
|
||
|
||
AUTHOR: Patrick, Robert L.
|
||
|
||
TITLE: Performance Assurance and Data Integrity
|
||
Practices
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-24
|
||
PUBLICATION DATE: January 1978
|
||
CATEGORY: Data Base Security
|
||
COST: $10.00
|
||
DESCRIPTION: Describes methods that have been
|
||
successful in preventing computer failure caused by
|
||
programming and data errors.
|
||
|
||
|
||
GENERAL SECURITY
|
||
|
||
AUTHOR: Fletcher, J.G.
|
||
|
||
TITLE: Security Policy for Distributed Systems
|
||
|
||
|
||
ORGANIZATION: Lawrence Livermore National
|
||
Laboratory
|
||
PUBLISHER/ORIGINATOR: National Technical
|
||
Information Service
|
||
REPORT NO: DE82-022517
|
||
PUBLICATION DATE: April 6, 1982
|
||
CATEGORY: General Security
|
||
COST: $9.95
|
||
DESCRIPTION: This document provides a security
|
||
policy for distributed systems. It has been modeled
|
||
according to security procedures for non-computer
|
||
items.
|
||
|
||
|
||
AUTHOR: Moore, Gwendolyn B., Kuhns, John L.,
|
||
Treffs, Jeffrey, & Montgomery, Christine
|
||
TITLE: Accessing Individual Records from Personal
|
||
Data Files Using Non-unique Identifiers
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-2
|
||
PUBLICATION DATE: February 1977
|
||
CATEGORY: General Security
|
||
COST: $11.95
|
||
DESCRIPTION: Analyzes methodologies for retrieving
|
||
personal information using non-unique identifiers
|
||
such as name, address, etc. This study presents
|
||
statistical data for judging the accuracy and
|
||
efficiency of various methods.
|
||
|
||
|
||
AUTHOR: Smid, Miles
|
||
|
||
TITLE: Standard on Computer Data Authentication
|
||
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 113
|
||
PUBLICATION DATE: March 1985
|
||
CATEGORY: General Security
|
||
COST: $9.95
|
||
DESCRIPTION: This publication describes a data
|
||
authentication algorithm that can detect
|
||
unauthorized modification to computer data
|
||
either intentionally or accidentally.
|
||
|
||
|
||
|
||
AUTHOR: Tompkins, F.G.
|
||
|
||
TITLE: NASA Guidelines for Assuring the Adequacy
|
||
and Appropriateness of Security Safeguards
|
||
in Sensitive Applications
|
||
ORGANIZATION: Mitre Corporation
|
||
|
||
PUBLISHER/ORIGINATOR: National Aeronautics and
|
||
Space Administration
|
||
REPORT NO: PB85-149003/XAB
|
||
PUBLICATION DATE: September 1984
|
||
CATEGORY: General Security
|
||
COST: $18.95
|
||
DESCRIPTION: This document discusses security
|
||
measures that should be taken in order to help
|
||
conform with Office of Management and Budget
|
||
Circular A-71.
|
||
|
||
|
||
AUTHOR: Westin, Allen F.
|
||
|
||
TITLE: Computers, Personnel Administration, and
|
||
Citizen Rights
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-50
|
||
PUBLICATION DATE: July 1979
|
||
CATEGORY: General Security
|
||
COST: $34.95
|
||
DESCRIPTION: Reports on impact of computers on
|
||
citizen rights in the field of personnel record
|
||
keeping.
|
||
|
||
|
||
MICROCOMPUTER SECURITY
|
||
|
||
AUTHOR: Steinauer, Dennis D.
|
||
|
||
TITLE: Security of Personal Computer Systems: A
|
||
Management Guide
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-120
|
||
PUBLICATION DATE: No Date Given
|
||
CATEGORY: Microcomputer Security
|
||
COST: $3.00
|
||
DESCRIPTION: This publication provides practical
|
||
advice on the issues of physical and environmental
|
||
protection system and data access control, integrity
|
||
of software and data, backup and contingency
|
||
planning, auditability, and communications
|
||
protection.
|
||
|
||
|
||
PRIVACY
|
||
|
||
AUTHOR: Fong, Elizabeth
|
||
|
||
TITLE: A Data Base Management Approach to Privacy
|
||
Act Compliance
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-10
|
||
PUBLICATION DATE: June 1977
|
||
CATEGORY: Privacy
|
||
COST: $4.50
|
||
DESCRIPTION: Looks at commercially available data
|
||
base management systems that can be used in meeting
|
||
Privacy Act requirements for the handling of
|
||
personal data.
|
||
|
||
|
||
AUTHOR: Goldstein, Robert, Seward, Henry, &
|
||
Nolan, Richard
|
||
TITLE: A Methodology for Evaluating Alternative
|
||
Technical and Information Management
|
||
Approaches to Privacy Requirements
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: PB 254048
|
||
PUBLICATION DATE: June 1976
|
||
CATEGORY: Privacy
|
||
COST: $11.50
|
||
DESCRIPTION: Describes the methods to be used by
|
||
recordkeepers to comply with the Privacy Act. A
|
||
computer model is included to help determine the
|
||
most cost-effective safeguards.
|
||
|
||
|
||
|
||
RISK MANAGEMENT
|
||
|
||
AUTHOR: Courtney, Robert H. Jr.
|
||
|
||
TITLE: Guideline for Automatic Data Processing
|
||
Risk Analysis
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 65
|
||
PUBLICATION DATE: August 1979
|
||
CATEGORY: Risk Management
|
||
COST: $8.50
|
||
DESCRIPTION: Shows how to use a technique that
|
||
provides a way of conducting risk analysis of an ADP
|
||
facility. It gives an example of the risk analysis
|
||
process.
|
||
|
||
|
||
AUTHOR: Jacobson, Robert V., Brown, William F.,
|
||
& Browne, Peter S.
|
||
TITLE: Guidelines for ADP Physical Security and
|
||
Risk Management
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 31
|
||
PUBLICATION DATE: June 1974
|
||
CATEGORY: Risk Management
|
||
COST: $11.95
|
||
DESCRIPTION: Provides guidance to federal
|
||
organizations in developing physical security and
|
||
risk management programs for their ADP facilities.
|
||
|
||
|
||
AUTHOR: Neugent, William, Gilligan, John,
|
||
Hoffman, Lance & Ruthberg, Zella G.
|
||
TITLE: Technology Assessment: Methods for
|
||
Measuring the Level of Computer Security
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-133
|
||
PUBLICATION DATE: October 1985
|
||
CATEGORY: Risk Management
|
||
COST: $8.00
|
||
DESCRIPTION: This document covers methods for
|
||
measuring the level of computer security and
|
||
addresses individual techniques and approaches, as
|
||
well as broader methodologies.
|
||
|
||
|
||
AUTHOR: Tompkins, F.G.
|
||
|
||
TITLE: Guidelines for Contingency Planning NASA
|
||
ADP Security Risk Reduction Decision
|
||
Studies
|
||
ORGANIZATION: Mitre Corporation
|
||
|
||
PUBLISHER/ORIGINATOR: National Aeronautic and
|
||
Space Administration
|
||
REPORT NO: PB84-189836
|
||
PUBLICATION DATE: January 1984
|
||
CATEGORY: Risk Management
|
||
COST: $13.95
|
||
DESCRIPTION: How to determine an acceptable level
|
||
of ADP security risks is described as well as the
|
||
role of risk management in problem solving and
|
||
information systems analysis and design.
|
||
|
||
|
||
AUTHOR: Tompkins, F.G
|
||
|
||
TITLE: Guidelines for Developing NASA ADP Security
|
||
Risk Management Plans
|
||
|
||
ORGANIZATION: Mitre Corporation
|
||
|
||
PUBLISHER/ORIGINATOR: National Aeronautics and
|
||
Space Administration
|
||
REPORT NO: PB84-171321
|
||
PUBLICATION DATE: August 1983
|
||
CATEGORY: Risk Management
|
||
COST: $13.95
|
||
DESCRIPTION: This report looks at how NASA develops
|
||
ADP security risk management plan. Risk management
|
||
processes have six components and each are
|
||
identified and discussed.
|
||
|
||
|
||
SECURITY MANAGEMENT
|
||
|
||
AUTHOR: Rosenthal, Lynne S.
|
||
|
||
TITLE: Guidance on Planning and Implementing
|
||
Computer Systems Reliability
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-121
|
||
PUBLICATION DATE: January 1985
|
||
CATEGORY: Security Management
|
||
COST: $2.25
|
||
DESCRIPTION: The basic concepts of computer system
|
||
security are given to provide managers and planners
|
||
with background for improving computer system
|
||
reliability.
|
||
|
||
|
||
|
||
|
||
SOFTWARE & OPERATING SYSTEM SECURITY
|
||
|
||
|
||
|
||
AUTHOR: Levitt, Karl, Neumann, Peter, and
|
||
Robinson, Lawrence
|
||
TITLE: The SRI Hierarchical Development
|
||
Methodology (HDM) and its Application to
|
||
the Development of Secure Software
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: NBS SPEC PUB 500-67
|
||
PUBLICATION DATE: October 1980
|
||
CATEGORY: Software and Operating System Security
|
||
COST: $4.25
|
||
DESCRIPTION: Shows how to design large software
|
||
systems, such as an operating system, that will
|
||
meet the hardest security requirements.
|
||
|
||
|
||
TRAINING & AWARENESS
|
||
|
||
|
||
AUTHOR: Davis, Bevette
|
||
|
||
TITLE: Computer Security Bibliography
|
||
|
||
|
||
ORGANIZATION: Mitre Corporation
|
||
|
||
PUBLISHER/ORIGINATOR: Mitre Corporation
|
||
|
||
REPORT NO: MTR 9654
|
||
PUBLICATION DATE: April 1985
|
||
CATEGORY: Training & Awareness
|
||
COST:
|
||
DESCRIPTION: Identifies organizations and
|
||
individuals that have published documents, magazine
|
||
and journal articles, conference proceedings, and
|
||
reports concerning computer security.
|
||
|
||
|
||
AUTHOR: Tompkins, Frederick G.
|
||
|
||
TITLE: Guidelines for Development of NASA Computer
|
||
Security Training Programs
|
||
|
||
ORGANIZATION: Mitre Corporation
|
||
|
||
PUBLISHER/ORIGINATOR: National Aeronautics and
|
||
Space Administration
|
||
REPORT NO: PB84-171339/LP
|
||
PUBLICATION DATE: May 1983
|
||
CATEGORY: Training & Awareness
|
||
COST: $11.95 plus $3.00 shipping & handling
|
||
DESCRIPTION: This report identifies computer
|
||
security training courses and is intended to be used
|
||
by NASA in developing training requirements and
|
||
implementing computer security training programs.
|
||
|
||
|
||
AUTHORS NOT SPECIFIED
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Computer Fraud and Abuse Act of 1986
|
||
|
||
ORGANIZATION:
|
||
|
||
PUBLISHER/ORIGINATOR:
|
||
|
||
REPORT NO: Public Law 99-474
|
||
PUBLICATION DATE: October 16, 1986
|
||
CATEGORY: Abuse/Misuse/Crime
|
||
COST: Free
|
||
DESCRIPTION: Provides additional penalties for
|
||
fraud and related activities in connection with
|
||
access devices and computers.
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Federal Manager's Financial Integrity
|
||
Act of 1982
|
||
|
||
ORGANIZATION:
|
||
|
||
PUBLISHER/ORIGINATOR:
|
||
|
||
REPORT NO: Public Law 97-255
|
||
PUBLICATION DATE: September 8, 1982
|
||
CATEGORY: Abuse/Misuse/Crime
|
||
COST: Free
|
||
DESCRIPTION: This law amends the accounting and
|
||
auditing act of 1950 to require ongoing evaluations
|
||
and reports on the adequacy of the systems of
|
||
internal accounting and administrative control of
|
||
each executive agency, and for other purposes.
|
||
|
||
|
||
|
||
|
||
ACCESS CONTROL
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Data Encryption Standard
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 46
|
||
PUBLICATION DATE: January 1977
|
||
CATEGORY: Access Control
|
||
COST: $7.00
|
||
DESCRIPTION: Discusses an algorithm to be used for
|
||
the cryptographic protection of sensitive, but
|
||
unclassified, computer data. Tells how to transform
|
||
data into a cryptographic cipher and back again.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: DES Modes of Operation
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 81
|
||
PUBLICATION DATE: December 1980
|
||
CATEGORY: Access Control
|
||
COST: $8.50
|
||
DESCRIPTION: This publication discusses the four
|
||
modes of operation used by the Data Encryption
|
||
Standard.
|
||
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Electronic Communications Privacy Act of
|
||
1986
|
||
|
||
ORGANIZATION:
|
||
|
||
PUBLISHER/ORIGINATOR:
|
||
|
||
REPORT NO: Public Law 99-508
|
||
PUBLICATION DATE: October 21, 1986
|
||
CATEGORY: Access Control
|
||
COST: Free
|
||
DESCRIPTION: Amends title 18, United States Code,
|
||
with respect to the interception of certain
|
||
communications, and other forms of surveillance, and
|
||
for other purposes.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Guidelines on Evaluation of Techniques for
|
||
Automated Personnel Identification
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 48
|
||
PUBLICATION DATE: April 1977
|
||
CATEGORY: Access Control
|
||
COST: $7.00
|
||
DESCRIPTION: The performance and evaluation of
|
||
personal identification devices is explained.
|
||
Considerations for their use in a computer system
|
||
is given.
|
||
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Guidelines for Implementing and Using the
|
||
NBS Data Encryption Standard
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 74
|
||
PUBLICATION DATE: April 1981
|
||
CATEGORY: Access Control
|
||
COST: $8.50
|
||
DESCRIPTION: Discusses the guidelines that federal
|
||
organizations should use when cryptographic
|
||
protection is required for sensitive or valuable
|
||
computer data.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Guideline on User Authentication Techniques
|
||
for Computer Network Access Control
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 83
|
||
PUBLICATION DATE: September 1980
|
||
CATEGORY: Access Control
|
||
COST: $8.50
|
||
DESCRIPTION: Details the use of passwords,
|
||
identification tokens, and other means to protect
|
||
against unauthorized access to computers and
|
||
computer networks.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Information Security: Products and Services
|
||
Catalogue
|
||
|
||
ORGANIZATION: National Computer Security Center
|
||
|
||
PUBLISHER/ORIGINATOR: National Computer Security
|
||
Center
|
||
REPORT NO: None Specified
|
||
PUBLICATION DATE: Published Quarterly
|
||
CATEGORY: Access Control
|
||
COST: Free
|
||
DESCRIPTION: This catalogue contains the endorsed
|
||
cryptographic products list, NSA endorsed data
|
||
encryption standard products list, protected
|
||
services list, evaluated products list, and
|
||
preferred products list.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: National Policy on Controlled Access
|
||
Protection
|
||
|
||
ORGANIZATION: National Telecommunications and
|
||
Information Systems Security
|
||
PUBLISHER/ORIGINATOR: NTISSC
|
||
Ft. George G. Meade, MD
|
||
REPORT NO: NTISSP No. 200
|
||
PUBLICATION DATE: July 15, 1987
|
||
CATEGORY: Access Control
|
||
COST: Free
|
||
DESCRIPTION: Defines a minimum level of protection
|
||
for automated information systems operated by
|
||
executive branch agencies and departments of the
|
||
federal government and their contractors.
|
||
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Standard on Computer Data Authentication
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 113
|
||
PUBLICATION DATE: May 1985
|
||
CATEGORY: Access Control
|
||
COST: $9.95
|
||
DESCRIPTION: Specifies a data authentication
|
||
algorithm which, when applied to computer data,
|
||
automatically and accurately detects unauthorized
|
||
modifications, both intentional and accidental.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Standard on Password Usage
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 112
|
||
PUBLICATION DATE: May 1985
|
||
CATEGORY: Access Control
|
||
COST: $13.95
|
||
DESCRIPTION: Discusses ten minimum security
|
||
criteria to consider when designing a password-based
|
||
access control system for a computer.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Trusted Network Interpretation of the
|
||
Trusted Computer System Evaluation
|
||
Criteria
|
||
ORGANIZATION: National Computer Security Center
|
||
|
||
PUBLISHER/ORIGINATOR: National Computer Security
|
||
Center
|
||
REPORT NO: NCSC-TG-005
|
||
PUBLICATION DATE: July 31, 1987
|
||
CATEGORY: Access Control
|
||
COST:
|
||
DESCRIPTION: This is also known as the Red Book.
|
||
This guidelines examines interpretations to extend
|
||
the evaluation classes of the Trusted Systems
|
||
Evaluation Criteria to trusted network systems and
|
||
components.
|
||
|
||
AUDIT AND EVALUATION
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Assessing Reliability of Computer Output -
|
||
Audit Guide
|
||
|
||
ORGANIZATION: U.S. General Accounting Office
|
||
|
||
PUBLISHER/ORIGINATOR: U.S. General Accounting Office
|
||
|
||
REPORT NO: AFMD-81-91
|
||
PUBLICATION DATE: June 1981
|
||
CATEGORY: Audit and Evaluation
|
||
COST: Free (if less than 5 ordered)
|
||
DESCRIPTION: This audit guide shows how to comply
|
||
with GAO policy requirements by giving detailed
|
||
procedures to help determine the degree of risk
|
||
using information that could be incorrect.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Computer Security Requirements: Guidance for
|
||
Applying the Dod Trusted Computer System
|
||
Evaluation Criteria in Specific Environments
|
||
ORGANIZATION: Department of Defense Computer
|
||
Security Center
|
||
PUBLISHER/ORIGINATOR: Department of Defense
|
||
Computer Security Center
|
||
REPORT NO: CSC-STD-003-85
|
||
PUBLICATION DATE: June 25, 1985
|
||
CATEGORY: Audit and Evaluation
|
||
COST: $1.00
|
||
DESCRIPTION: These reports show how to use DOD
|
||
5200.28-STD in specific environments.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Evaluating Internal Controls in Computer-
|
||
Based Systems - Audit Guide
|
||
|
||
ORGANIZATION: U.S. General Accounting Office
|
||
|
||
PUBLISHER/ORIGINATOR: U.S. General Accounting Office
|
||
|
||
REPORT NO: AFMD-81-76
|
||
PUBLICATION DATE: June 1981
|
||
CATEGORY: Audit and Evaluation
|
||
COST: Free (if less than 5 are ordered).
|
||
DESCRIPTION: Describes an approach for evaluating a
|
||
computer-based system that will enable an auditor to
|
||
evaluate the entire system from original to output.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Technical Rationale Behind CSC-STD-003-85
|
||
Computer Security Requirements: Guidance for
|
||
Applying the DoD Trusted Computer System Evaluation
|
||
Criteria in Specific Environments
|
||
ORGANIZATION: Department of Defense Computer
|
||
Security Center
|
||
PUBLISHER/ORIGINATOR: Department of Defense
|
||
Computer Security Center
|
||
REPORT NO: CSC-STD-004-85
|
||
PUBLICATION DATE: June 25, 1985
|
||
CATEGORY: Audit and Evaluation
|
||
COST: $2.00
|
||
DESCRIPTION: Give guidance to applying the DOD
|
||
CSC-STD-003-85.
|
||
|
||
|
||
|
||
CERTIFICATION
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Guideline for Computer Security
|
||
Certification and Accreditation
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 102
|
||
PUBLICATION DATE: September 1983
|
||
CATEGORY: Certification
|
||
COST: $11.50
|
||
DESCRIPTION: Describes ways of establishing and
|
||
carrying out a computer security certification and
|
||
accreditation program.
|
||
|
||
|
||
CONTINGENCY PLANNING
|
||
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Guidelines for ADP Contingency Planning
|
||
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 87
|
||
PUBLICATION DATE: March 1981
|
||
CATEGORY: Contingency Planning
|
||
COST: $8.50
|
||
DESCRIPTION: Describes data processing
|
||
management considerations for developing a
|
||
contingency plan for an ADP facility.
|
||
|
||
|
||
DATA BASE SECURITY
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Guideline on Integrity Assurance and
|
||
and Control in Database Applications
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 88
|
||
PUBLICATION DATE: August 1981
|
||
CATEGORY: Data Base Security
|
||
COST: $11.50
|
||
DESCRIPTION: Gives detailed advice on how to achieve
|
||
data base integrity and security control. A step-by-
|
||
step procedure for examining and verifying the
|
||
the accuracy and completeness of a data base is
|
||
included.
|
||
|
||
|
||
ENVIRONMENTAL SECURITY
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Guideline on Electrical Power for ADP
|
||
Installations
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 94
|
||
PUBLICATION DATE: September 1982
|
||
CATEGORY: Environmental Security
|
||
COST: $13.00
|
||
DESCRIPTION: This publication discusses electrical
|
||
power factors that can affect the operation of an
|
||
ADP system.
|
||
|
||
|
||
|
||
GENERAL SECURITY
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Computer Security Act of 1987
|
||
|
||
|
||
ORGANIZATION:
|
||
|
||
PUBLISHER/ORIGINATOR:
|
||
|
||
REPORT NO: Public Law 100-235
|
||
PUBLICATION DATE: January 8, 1988
|
||
CATEGORY: General Security
|
||
COST: Free
|
||
DESCRIPTION: To provide for a computer standards
|
||
program within the National Institute of Standards
|
||
and Technology, to provide Government-wide computer
|
||
security, and to provide for the training in secur-
|
||
ity matters of persons who are involved in the
|
||
management, operation, and use of Federal computer
|
||
systems.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Glossary for Computer Systems Security
|
||
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 39
|
||
PUBLICATION DATE: February 1974
|
||
CATEGORY: General Security
|
||
COST: $9.95
|
||
DESCRIPTION: A reference document containing
|
||
approximately 170 terms and definitions pertaining
|
||
to privacy and computer security.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Guidelines for Security of Computer
|
||
Applications
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 73
|
||
PUBLICATION DATE: June 1980
|
||
CATEGORY: General Security
|
||
COST: $10.00
|
||
DESCRIPTION: These guidelines are to be used in the
|
||
development and operation of computer systems that
|
||
require protection. Data validation, user
|
||
authentication, and encryption are discussed.
|
||
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: NBS Publication List 91: Computer Security
|
||
Publications
|
||
|
||
ORGANIZATION: Institute for Computer Sciences and
|
||
Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: 003-003-00135-0
|
||
PUBLICATION DATE: August 1984
|
||
CATEGORY: General Security
|
||
COST: $18.00
|
||
DESCRIPTION: Provides information on computer
|
||
security publications that are available.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Sensitive Unclassified Computer Security
|
||
Program Compliance Review Guidelines
|
||
|
||
ORGANIZATION: U.S. Department of Energy
|
||
|
||
PUBLISHER/ORIGINATOR: U.S. Department of Energy
|
||
|
||
REPORT NO: DOE/MA-0188/1
|
||
PUBLICATION DATE: September 1985
|
||
CATEGORY: General Security
|
||
COST:
|
||
DESCRIPTION: This guideline contains questionaires
|
||
for determining the level of security needed at a
|
||
computer installation. Techniques for obtaining the
|
||
required level of security are discussed.
|
||
|
||
|
||
|
||
MICROCOMPUTER SECURITY
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Computer Security- User Handbook for
|
||
Microcomputers and Word Processors
|
||
|
||
ORGANIZATION: U.S. Department of Energy
|
||
|
||
PUBLISHER/ORIGINATOR: U.S. Department of Energy
|
||
|
||
REPORT NO: None Specified
|
||
PUBLICATION DATE: September 1986
|
||
CATEGORY: Microcomputer Security
|
||
COST:
|
||
DESCRIPTION: This guideline gives a synopsis on
|
||
computer security requirements for users of
|
||
microcomputers and/or word processors.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Personal Computer Security Considerations
|
||
|
||
|
||
ORGANIZATION: National Computer Security Center
|
||
|
||
PUBLISHER/ORIGINATOR: National Computer Security
|
||
Center
|
||
REPORT NO: NCSC-WA-002-85
|
||
PUBLICATION DATE: December 1985
|
||
CATEGORY: Microcomputer Security
|
||
COST: Free
|
||
DESCRIPTION: This publication provides a general
|
||
discussion of a number of issues that are pertinent
|
||
to microcomputer security in the home and business
|
||
environment.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Security Guide for Users of Personal
|
||
Computers and Word Processors
|
||
|
||
ORGANIZATION: Pacific Northwest Laboratory
|
||
|
||
PUBLISHER/ORIGINATOR: Pacific Northwest Laboratory
|
||
|
||
REPORT NO: None Specified
|
||
PUBLICATION DATE: June 1986
|
||
CATEGORY: Microcomputer Security
|
||
COST: Free (for single copies).
|
||
DESCRIPTION: Contains instructions on a variety of
|
||
computer security techniques including protective
|
||
storage and handling, passwords, emergency
|
||
procedures, and other related security subjects.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Security Guidelines for Microcomputers
|
||
and Word Processors
|
||
|
||
ORGANIZATION: U.S. Department of Energy
|
||
|
||
PUBLISHER/ORIGINATOR: U.S. Department of Energy
|
||
ATTN: Information Services
|
||
P.O. Box 62
|
||
Oakridge, TN 37831
|
||
REPORT NO: DOE/MA-0181
|
||
PUBLICATION DATE: March 1985
|
||
CATEGORY: Microcomputer Security
|
||
COST: $9.45
|
||
DESCRIPTION: These guidelines are concerned with the
|
||
training of in the protection of computers
|
||
(hardcopy, storage media, etc.). Communications
|
||
security, emergency procedures, and the prevention
|
||
of system misuse are also discussed.
|
||
|
||
|
||
|
||
PRIVACY
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Computer Security Guidelines for
|
||
implementing the Privacy Act of 1974
|
||
|
||
ORGANIZATION: Institute for Computer Sciences
|
||
and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO: FIPS PUB 41
|
||
PUBLICATION DATE: May 1975
|
||
CATEGORY: Privacy
|
||
COST: $7.00
|
||
DESCRIPTION: This document shows how to protect
|
||
personal data in automated information systems.
|
||
Discusses how to improve system security using
|
||
safeguards and controls.
|
||
|
||
|
||
RISK MANAGEMENT
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Internal Control Systems
|
||
|
||
|
||
ORGANIZATION: Office Of Management and Budget
|
||
|
||
PUBLISHER/ORIGINATOR: Office of Management & Budget
|
||
|
||
REPORT NO: OMB Circular A-123
|
||
PUBLICATION DATE: August 4, 1986
|
||
CATEGORY: Risk Management
|
||
COST: Free
|
||
DESCRIPTION: This circular prescribes policies and
|
||
procedures to be followed by executive departments
|
||
and agencies in establishing, maintaining,
|
||
evaluating, improving, and reporting on internal
|
||
controls in their program and administrative
|
||
activitiies.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: NASA ADP Risk Analysis Guideline
|
||
|
||
ORGANIZATION: National Aeronautics and Space
|
||
Administration
|
||
PUBLISHER/ORIGINATOR: National Aeronautics and
|
||
Space Administration
|
||
REPORT NO: None Specified
|
||
PUBLICATION DATE: July 1984
|
||
CATEGORY: Risk Management
|
||
COST: Free
|
||
DESCRIPTION: This document describes guidelines for
|
||
the ADP risk analysis methodology to be used at
|
||
NASA ADP facilities and provides guidance for
|
||
performing an ADP risk analysis without specialized
|
||
contractor assistance.
|
||
|
||
|
||
|
||
SECURITY MANAGEMENT
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Computers: Crimes, Clues, and Controls. A
|
||
Management Guide
|
||
|
||
ORGANIZATION: President's Council on Integrity and
|
||
Efficiency
|
||
PUBLISHER/ORIGINATOR: National Technical
|
||
Information Service
|
||
REPORT NO: PB86-221850/XAB
|
||
PUBLICATION DATE: March 1986
|
||
CATEGORY: Security Management
|
||
COST: $13.95
|
||
DESCRIPTION: This publication, which is meant for
|
||
managers, deals with information security, physical
|
||
security, personnel security, and a plan of action.
|
||
Listed are ways to detect and prevent abuse of
|
||
computers.
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Guidance for Preparation and Submission of
|
||
Security Plans for Federal Computer Systems
|
||
Containing Sensitive Information
|
||
ORGANIZATION: Office of Management & Budget
|
||
|
||
PUBLISHER/ORIGINATOR: Office of Management & Budget
|
||
|
||
REPORT NO: OMB Bulletin 88-16
|
||
PUBLICATION DATE: July 6, 1988
|
||
CATEGORY: Security Management
|
||
COST: Free
|
||
DESCRIPTION: Guidance for preparation and submission
|
||
of security plans for federal computer systems
|
||
containing sensitive information.
|
||
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Management of Federal Information Resources
|
||
|
||
|
||
ORGANIZATION: Office of Management and Budget
|
||
|
||
PUBLISHER/ORIGINATOR: Office of Management and
|
||
Budget
|
||
REPORT NO: OMB Circular No. A-130
|
||
PUBLICATION DATE: December 12, 1985
|
||
CATEGORY: Security Management
|
||
COST: Free
|
||
DESCRIPTION: A general policy framework for the
|
||
management of federal information resources is given
|
||
in this circular.
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: National Policy on Telecommunications and
|
||
Automated Information Systems Security
|
||
|
||
ORGANIZATION: National Security Council
|
||
|
||
PUBLISHER/ORIGINATOR:
|
||
|
||
REPORT NO: National Security Decision Directive 145
|
||
PUBLICATION DATE: September 17, 1984
|
||
CATEGORY: Security Management
|
||
COST: Free
|
||
DESCRIPTION: This directive establishes a senior
|
||
steering group, an interagency group at the
|
||
operating level, an executive agent and a national
|
||
manager to implement national policy on
|
||
telecommunications and automated information systems
|
||
security.
|
||
|
||
|
||
TRAINING & AWARENESS
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Computer Security Awareness and Training
|
||
(Bibliography)
|
||
|
||
ORGANIZATION: Martin Marietta Energy Systems, Inc.
|
||
|
||
PUBLISHER/ORIGINATOR: U.S. Department of Energy
|
||
|
||
REPORT NO: DOE/MA-320 Volume 1
|
||
PUBLICATION DATE: February 1988
|
||
CATEGORY: Training and Awareness
|
||
COST: $11.65
|
||
DESCRIPTION: This bibliography contains materials
|
||
and information that are available concerning
|
||
unclassified computer security.
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Computer Security Training Guidelines
|
||
(Draft)
|
||
|
||
ORGANIZATION: National Institute of
|
||
Standards and Technology
|
||
PUBLISHER/ORIGINATOR: National Institute of
|
||
Standards and Technology
|
||
REPORT NO:
|
||
PUBLICATION DATE: July 8, 1988
|
||
CATEGORY: Training & Awareness
|
||
COST:
|
||
DESCRIPTION: These guidelines are intended to
|
||
assist agencies to meet the training requirements
|
||
of the computer security act of 1987.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Computer Security Awareness and Training
|
||
(Guideline)
|
||
|
||
ORGANIZATION: Martin Marietta Energy Systems, Inc.
|
||
|
||
PUBLISHER/ORIGINATOR: U.S. Department of Energy
|
||
|
||
REPORT NO: DOE/MA-0320 Volume 2
|
||
PUBLICATION DATE: February 1988
|
||
CATEGORY: Training & Awareness
|
||
COST: $11.00
|
||
DESCRIPTION: This guide presents fundamental
|
||
concepts, topics, and materials on many aspects of
|
||
unclassified computer security that should be
|
||
included in site level unclassified computer
|
||
security awareness and training programs within DOE.
|
||
|
||
|
||
AUTHOR: Not Specified
|
||
|
||
TITLE: Safeguards and Security Manual. Section 12:
|
||
Computer and Technical Security
|
||
|
||
ORGANIZATION: EG&G Idaho, Inc.
|
||
|
||
PUBLISHER/ORIGINATOR: None Specified
|
||
|
||
REPORT NO: None Specified
|
||
PUBLICATION DATE: April 8, 1987
|
||
CATEGORY: Training & Awareness
|
||
COST: Free
|
||
DESCRIPTION: This section of the safeguards and
|
||
security manual describes various computer security
|
||
procedures for users and security managers. Includes
|
||
security awareness training, computer protection
|
||
plan, audit, risk analysis, and related topics.
|
||
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Small Business Computer Security and
|
||
Education Act of 1984
|
||
|
||
ORGANIZATION:
|
||
|
||
PUBLISHER/ORIGINATOR:
|
||
|
||
REPORT NO: Public Law 98-362
|
||
PUBLICATION DATE: July 16, 1984
|
||
CATEGORY: Training & Awareness
|
||
COST: Free
|
||
DESCRIPTION: Amended the Small Business Act to
|
||
establish a small business computer security and
|
||
education program.
|
||
|
||
|
||
|
||
AUTHOR: N/A
|
||
|
||
TITLE: Training Requirement for the Computer
|
||
Security Act
|
||
|
||
ORGANIZATION: Office Personnel Management
|
||
|
||
PUBLISHER/ORIGINATOR: Office of Personnel Management
|
||
Federal Register Part II
|
||
REPORT NO: Interim Regulation 5 CFR Part 930
|
||
PUBLICATION DATE: July 13, 1988
|
||
CATEGORY: Training & Awareness
|
||
COST: Free
|
||
DESCRIPTION: This regulation implements P.L. 100-
|
||
235, the Computer Security Act of 1987.
|
||
|
||
|