UnderGround Information










UnderGround Information





                   BIBLIOGRAPHY OF GUIDELINES

                       (1974 through 1988

Note:  A bibliography is now being developed to encompass 1989.  


                        AUTHORS SPECIFIED

                       ABUSE/MISUSE/CRIME

                                                             
          AUTHOR:  Ruder, Brian and Madden, J.D.              
                                                             
          TITLE:  An Analysis of Computer Security Safeguards 
                 for Detecting and Preventing Intentional    
                 Computer Misuse                             
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-25                     
          PUBLICATION DATE: January 1978                      
          CATEGORY:  Abuse/Misuse/Crime                       
         COST:  $11.95                                       
         DESCRIPTION:  Analyzes 88 computer safeguard        
         techniques that could be applied to recorded, actual
         computer misuse cases.                              


                         ACCESS CONTROL

                                                            
          AUTHOR:  Brand, Sheila L. and Makey, Jeffrey D.     
                                                             
          TITLE:  Department of Defense Password Management   
                 Guidelines                                  
                                                             
          ORGANIZATION: Department of Defense Computer        
                       Security Center                       
          PUBLISHER/ORIGINATOR: Department of Defense Computer
                               Security Center               
          REPORT NO: CSC-STD-002-85                           
          PUBLICATION DATE:  April 12, 1985                   
          CATEGORY:  Access Control                           
         COST:  $1.75                                        
         DESCRIPTION: This guideline is also known as the    
         Green Book. This document provides a set of good    
         practices related to the use of password-based user 
         authentication mechanisms in automatic data         
         processing systems.                                 
                    
                                                             
          AUTHOR:  Branstad, Dennis                           
                                                             
          TITLE:  Computer Security and the Data Encryption   
                 Standard                                    
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-27                     
          PUBLICATION DATE:  February 1978                    
          CATEGORY:  Access Control                           
         COST:  $16.95                                       
         DESCRIPTION:  Includes papers and summaries of      
         presentations made at a 1978 conference on computer 
         security.                                           


                                                             
          AUTHOR:  Branstad, Dennis                           
                                                             
          TITLE:   Standard on Password Usage                 
                                                             
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 112                            
          PUBLICATION DATE:   March 1985                      
          CATEGORY:  Access Control                           
         COST:  $13.95                                       
         DESCRIPTION: Discusses ten minimum security criteria
         to consider when designing a password-based access  
         control system for a computer.                      
                       

                                                             
          AUTHOR: Cole, Gerald and Heinrich, Frank            
                                                             
          TITLE:  Design Alternatives for Computer Network    
         Security (Vol.I) The Network Security Center: A     
         System Level Approach to Computer Network Security  
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-21                     
          PUBLICATION DATE:  January 1978                     
          CATEGORY:  Access Control                           
         COST:  $10.00                                       
         DESCRIPTION: This study focuses on the data         
         encryption standard and looks at the network        
         security requirements and implementation of a       
         computer dedicated to network security.             
                                                        
          AUTHOR:  Gait, Jason                                
                                                             
          TITLE:  Maintenance Testing for the Data            
                 Encryption Standard                         
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR:  National Institute of        
                                Standards and Technology     
          REPORT NO:  NBS SPEC PUB 500-61                     
          PUBLICATION DATE:  August 1980                      
          CATEGORY: Access Control                            
         COST: $9.95                                         
         DESCRIPTION:  Describes the SRI hierarchical        
         development methodology for designing large software
         systems such as operating systems and data          
         management systems that meet high security          
         requirements.                                       

                                                             
          AUTHOR:  Gait, Jason                                
                                                             
          TITLE: Validating the Correctness of Hardware       
                Implementations of the NBS Data Encryption   
                Standard                                     
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of          
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-20                     
          PUBLICATION DATE:  November 1977                    
          CATEGORY:  Access Control                           
         COST: $9.95                                         
         DESCRIPTION:  Describes the design and operation of 
         the ICST testbed that is used for the validation of 
         hardware implementations of (DES).                  

                                                         
          AUTHOR:  Orceyre, M.J. and Courtney, R.H. Jr.       
                                                             
          TITLE:  Considerations in the Selection of          
                 Security Measures of Automatic Data         
                 Processing Systems                          
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-33                     
          PUBLICATION DATE:  No Date Given                    
          CATEGORY:  Access Control                           
         COST: $8.50                                         
         DESCRIPTION:  This publication list techniques that 
         can be used for protecting computer data transmitted
         across telecommunications lines.                    
                       
                                                        
          AUTHOR:  Smid, Miles E.                             
                                                             
          TITLE:  A Key Notarization System for Computer      
                 Networks                                    
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-54                     
          PUBLICATION DATE: October 1979                      
          CATEGORY:  Access Control                           
         COST:  $4.50                                        
         DESCRIPTION:   Looks at a system for key            
         notarization that can be used with an encryption    
         device which will improve data security in a        
         computer network.                                   
                       
                                        
          AUTHOR:  Troy, Eugene F.                            
                                                             
          TITLE:  Security for Dial-Up Lines                  
                                                             
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO: NBS SPEC PUB 500-137                     
          PUBLICATION DATE:  May 1986                         
          CATEGORY:  Access Control                           
         COST: $3.75                                         
         DESCRIPTION: Methods for protecting computer systems
         against intruders using dial-up telephone lines are 
         discussed.                                          
                  
                                                        
          AUTHOR:  Wood, Helen                                
                                                             
          TITLE:   The Use of Passwords for Controlled        
                  Access to Computer Resources               
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:   NBS SPEC PUB 500-9                     
          PUBLICATION DATE:  May 1977                         
          CATEGORY:  Access Control                           
         COST: $11.95                                        
         DESCRIPTION: Describes the need for and uses of     
         passwords. Password schemes are categorized         
         according to selection technique, lifetime,         
         physical characteristics, and information content.  


                      AUDIT AND EVALUATION


                                                             
          AUTHOR:  Brand, Sheila L.                           
                                                             
          TITLE:  Department of Defense Trusted Computer      
                 System Evaluation Criteria                  
                                                             
          ORGANIZATION:  Department of Defense                
                                                             
          PUBLISHER/ORIGINATOR: Department of Defense Computer
         Security Center                                     
          REPORT NO: CSC-STD-001-83                           
          PUBLICATION DATE:  August 15, 1983                  
          CATEGORY:  Audit and Evaluation                     
         COST:  Free                                         
         DESCRIPTION: This document forms the basic          
         requirements and evaluation classes needed for      
         assessing the effectiveness of security and controls
         used by automatic data processing (ADP) systems.    
                 
                                                         
          AUTHOR:  Dallas, Dennis A. & Vallabhaneni, Rao S.   
                                                             
          TITLE:  Auditing Program Libraries for Change       
                 Controls                                    
                                                             
          ORGANIZATION:  Institute of Internal Auditors       
                                                             
          PUBLISHER/ORIGINATOR: Institute of Internal Auditors
                                                             
          REPORT NO:  693                                     
          PUBLICATION DATE:   1986                            
          CATEGORY:   Audit and Evaluation                    
         COST: $12.00                                        
         DESCRIPTION:  This monograph is a concise how-to    
         guide for reviewing program libraries and associated
         computer program change controls that are risky and 
         prone to human error.                               
                       
                                                        
          AUTHOR:  Ruthberg, Zella and McKenzie,              
                  Robert, ed.                                
          TITLE:  Audit and Evaluation of Computer Security   
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-19                     
          PUBLICATION DATE:  October 1978                     
          CATEGORY:   Audit and Evaluation                    
         COST: $7.50                                         
         DESCRIPTION:  An examination of the recommendations 
         by computer auditing experts on how to improve      
         computer security audit practices.                  
                     
                                                        
          AUTHOR: Ruthberg, Zella, ed.                        
                                                             
          TITLE:  Audit and Evaluation of Computer Security   
                 II:  System Vulnerabilities and Control     
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-57                     
          PUBLICATION DATE: April 1980                        
          CATEGORY:  Audit and Evaluation                     
         COST: $7.00                                         
         DESCRIPTION:  Proceedings of the second NIST/GAO    
         workshop to develop improved computer security audit
         procedures.                                         
                                                        
          AUTHOR:  Ruthberg, Zella, Fisher, Bonnie,           
                  Perry, William, Lainhart, John, Cox, James,
                  Gillen, Mark, Hunt, Douglas                
          TITLE: Guide to Auditing for Controls and Security: 
                A System Development Life Cycle Approach     
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC 500-153                        
          PUBLICATION DATE:  April 1988                       
          CATEGORY:  Auditing & Evaluation                    
         COST:  $25.95                                       
         DESCRIPTION:  This guide addresses auditing the     
         system development life cycle process for an        
         automated information system, to ensure that        
         controls and security are designed and built into   
         the system.                                         

                                                             
          AUTHOR:  Ruthberg, Zella & Fisher, Bonnie           
                                                             
          TITLE:  Work Priority Scheme for EDP Audit and      
                 Computer Security Review                    
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBSIR 86-3386                           
          PUBLICATION DATE: August 1986                       
          CATEGORY:  Audit and Evaluation                     
         COST:  $11.95                                       
         DESCRIPTION: Describes a methodology for            
         prioritizing the work performed by EDP auditors and 
         computer security reviewers.                        

                      
                         CERTIFICATION

                                                             
          AUTHOR:  Giragosian, P.A., Mastbrook, D.W. &        
                  Tompkins, F.G.                             
          TITLE:  Guidelines for Certification of Existing    
                 Sensitive Systems                           
                                                             
          ORGANIZATION:  Mitre Corporation                    
                                                             
          PUBLISHER/ORIGINATOR: National Aeronautics and      
                               Space Administration          
          REPORT NO:  PB84-223122                             
          PUBLICATION DATE:  July 1982                        
          CATEGORY:  Certification                            
         COST:  $11.95                                       
         DESCRIPTION:  This document describes a way to      
         perform evaluations of the security of a computer   
         system that has sensitive software applications.    
                      
                                                             
          AUTHOR:  Ruthberg, Zella G. & Neugent, William      
                                                             
          TITLE:  Overview of Computer Security Certification 
                 and Accreditation                           
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-109                    
          PUBLICATION DATE:  April 1984                       
          CATEGORY: Certification                             
         COST:  $1.50                                        
         DESCRIPTION:  These guidelines describe the major    
         features of the certification and accreditation     
         process. It is intended to help ADP managers and    
         their staff understand this process.                


                      CONTINGENCY PLANNING

                                                           
          AUTHOR:  Isaac, Irene                               
                                                             
          TITLE:  Guide on Selecting ADP Backup Process       
                 Alternatives                                
                                                             
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               of Standards and Technology   
          REPORT NO:  NBS SPEC PUB 500-134                    
          PUBLICATION DATE:  November 1985                    
          CATEGORY:  Contingency Planning                     
         COST: $1.75                                         
         DESCRIPTION: Discusses the selection of ADP backup  
         processing support in advance of events that cause  
         the loss of data processing capability.             

                                                     
          AUTHOR:   Schabeck, Tim A.                          
                                                             
          TITLE:   Emergency Planning Guide for Data          
                  Processing Centers                         
                                                             
          ORGANIZATION:   None Specified                      
                                                             
          PUBLISHER/ORIGINATOR:  Assets Protection            
                                                             
          REPORT NO: ISBN No. 0-933708-00-9                   
          PUBLICATION DATE:   1979                            
          CATEGORY:  Contingency Planning                     
         COST: $10.00                                        
         DESCRIPTION:  This checklist provides an audit tool 
         to evaluate a data processing center's  current     
         disaster defense mechanisms and recovery capability.

                                                           
          AUTHOR:  Shaw, James K. and Katzke, Stuart          
                                                             
          TITLE:  Executive Guide to ADP Contingency          
                 Planning                                    
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO: NBS SPEC PUB 500-85                      
          PUBLICATION DATE:  July 1981                        
          CATEGORY:  Contingency Planning                     
         COST:  $7.00                                        
         DESCRIPTION:  This document discusses the background
         needed to understand the developmental process for  
         Automatic Data Processing contingency plans.        
      
                    
                    DATA BASE SECURITY

                                                            
          AUTHOR:  Patrick, Robert L.                         
                                                             
          TITLE:  Performance Assurance and Data Integrity    
                 Practices                                   
                                                             
          ORGANIZATION:   Institute for Computer Sciences     
                         and Technology                      
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-24                     
          PUBLICATION DATE:  January 1978                     
          CATEGORY:    Data Base Security                     
         COST: $10.00                                        
         DESCRIPTION: Describes methods that have been       
         successful in preventing computer failure caused by 
         programming and data errors.                        
                       

                        GENERAL SECURITY
                                                             
          AUTHOR:  Fletcher, J.G.                             
                                                             
          TITLE:  Security Policy for Distributed Systems     
                                                             
                                                             
          ORGANIZATION:  Lawrence Livermore National          
                        Laboratory                           
          PUBLISHER/ORIGINATOR:  National Technical           
                                Information Service          
          REPORT NO:  DE82-022517                             
          PUBLICATION DATE:  April 6, 1982                    
          CATEGORY:  General Security                         
         COST:  $9.95                                        
         DESCRIPTION:  This document provides a security     
         policy for distributed systems.  It has been modeled
         according to security procedures for non-computer   
         items.                                              
       
                                                      
          AUTHOR:   Moore, Gwendolyn B., Kuhns, John L.,      
                   Treffs, Jeffrey, & Montgomery, Christine  
          TITLE:  Accessing Individual Records from Personal  
                 Data Files Using Non-unique Identifiers     
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-2                      
          PUBLICATION DATE:  February 1977                    
          CATEGORY:  General Security                         
         COST: $11.95                                        
         DESCRIPTION:  Analyzes methodologies for retrieving 
         personal information using non-unique identifiers   
         such as name, address, etc.  This study presents    
         statistical data for judging the accuracy and       
         efficiency of various methods.                      

                                                       
          AUTHOR: Smid, Miles                                 
                                                             
          TITLE:  Standard on Computer Data Authentication    
                                                             
                                                             
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 113                            
          PUBLICATION DATE:  March 1985                       
          CATEGORY:  General Security                         
         COST: $9.95                                         
         DESCRIPTION:  This publication describes a data     
         authentication algorithm that can detect            
         unauthorized modification to computer data          
         either intentionally or accidentally.               
                       

                                                           
          AUTHOR:  Tompkins, F.G.                             
                                                             
          TITLE:  NASA Guidelines for Assuring the Adequacy   
                 and Appropriateness of Security Safeguards  
                 in Sensitive Applications                   
          ORGANIZATION:  Mitre Corporation                    
                                                             
          PUBLISHER/ORIGINATOR: National Aeronautics and      
                               Space Administration          
          REPORT NO:  PB85-149003/XAB                         
          PUBLICATION DATE: September 1984                    
          CATEGORY:  General Security                         
         COST: $18.95                                        
         DESCRIPTION:  This document discusses security      
         measures that should be taken in order to help      
         conform with Office of Management and Budget        
         Circular A-71.                                      

                                                           
          AUTHOR:  Westin, Allen F.                           
                                                             
          TITLE:  Computers, Personnel Administration, and    
                 Citizen Rights                              
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO: NBS SPEC PUB 500-50                      
          PUBLICATION DATE: July 1979                         
          CATEGORY:  General Security                         
         COST:  $34.95                                       
         DESCRIPTION: Reports on impact of computers on      
         citizen rights in the field of personnel record     
         keeping.                                            


                     MICROCOMPUTER SECURITY
                                                             
          AUTHOR:  Steinauer, Dennis D.                       
                                                             
          TITLE:  Security of Personal Computer Systems: A    
                 Management Guide                            
                                                             
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-120                    
          PUBLICATION DATE:  No Date Given                    
          CATEGORY:  Microcomputer Security                   
         COST:  $3.00                                        
         DESCRIPTION:  This publication provides practical   
         advice on the issues of physical and environmental  
         protection system and data access control, integrity
         of software and data, backup and contingency        
         planning, auditability, and communications          
         protection.                                         


                          PRIVACY
                                                             
          AUTHOR:  Fong, Elizabeth                            
                                                             
          TITLE:  A Data Base Management Approach to Privacy  
                 Act Compliance                              
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-10                     
          PUBLICATION DATE:  June 1977                        
          CATEGORY:  Privacy                                  
         COST: $4.50                                         
         DESCRIPTION: Looks at commercially available data   
         base management systems that can be used in meeting 
         Privacy Act requirements for the handling of        
         personal data.                                      
               
                                                             
          AUTHOR:   Goldstein, Robert, Seward, Henry, &       
                   Nolan, Richard                            
          TITLE:  A Methodology for Evaluating Alternative    
                 Technical and Information Management        
                 Approaches to Privacy Requirements          
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:   PB 254048                              
          PUBLICATION DATE:  June 1976                        
          CATEGORY:  Privacy                                  
         COST:  $11.50                                       
         DESCRIPTION:  Describes the methods to be used by   
         recordkeepers to comply with the Privacy Act. A     
         computer model is included to help determine the    
         most cost-effective safeguards.                     
                


                         RISK MANAGEMENT
                                                             
          AUTHOR:  Courtney, Robert H. Jr.                    
                                                             
          TITLE:  Guideline for Automatic Data Processing     
                 Risk Analysis                               
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 65                             
          PUBLICATION DATE:  August 1979                      
          CATEGORY:  Risk Management                          
         COST: $8.50                                         
         DESCRIPTION: Shows how to use a technique that      
         provides a way of conducting risk analysis of an ADP
         facility. It gives an example of the risk analysis  
         process.                                            
               
                                                        
          AUTHOR:  Jacobson, Robert V., Brown, William F.,    
                  & Browne, Peter S.                         
          TITLE:  Guidelines for ADP Physical Security and    
                 Risk Management                             
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO: FIPS PUB 31                              
          PUBLICATION DATE:  June 1974                        
          CATEGORY: Risk Management                           
         COST: $11.95                                        
         DESCRIPTION:  Provides guidance to federal          
         organizations in developing physical security and   
         risk management programs for their ADP facilities.  

                                                         
          AUTHOR: Neugent, William, Gilligan, John,           
                 Hoffman, Lance & Ruthberg, Zella G.         
          TITLE:  Technology Assessment:  Methods for         
                 Measuring the Level of Computer Security    
                                                             
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO: NBS SPEC PUB 500-133                     
          PUBLICATION DATE:  October 1985                     
          CATEGORY:  Risk Management                          
         COST:  $8.00                                        
         DESCRIPTION:  This document covers methods for      
         measuring the level of computer security and        
         addresses individual techniques and approaches, as  
         well as broader methodologies.                      

                                                             
          AUTHOR:  Tompkins, F.G.                             
                                                             
          TITLE:  Guidelines for Contingency Planning NASA    
                 ADP Security Risk Reduction Decision        
                 Studies                                     
          ORGANIZATION:  Mitre Corporation                    
                                                             
          PUBLISHER/ORIGINATOR: National Aeronautic  and      
                               Space Administration          
          REPORT NO: PB84-189836                              
          PUBLICATION DATE:  January 1984                     
          CATEGORY:  Risk Management                          
         COST: $13.95                                        
         DESCRIPTION:  How to determine an acceptable level  
         of ADP security risks is described as well as the   
         role of risk management in problem solving and      
         information systems analysis and design.            
           
                                                             
          AUTHOR:  Tompkins, F.G                              
                                                             
          TITLE:  Guidelines for Developing NASA ADP Security 
                 Risk Management Plans                       
                                                             
          ORGANIZATION:  Mitre Corporation                    
                                                             
          PUBLISHER/ORIGINATOR: National Aeronautics and      
                               Space Administration          
          REPORT NO: PB84-171321                              
          PUBLICATION DATE:  August 1983                      
          CATEGORY:   Risk Management                         
         COST: $13.95                                        
         DESCRIPTION:  This report looks at how NASA develops
         ADP security risk management plan. Risk management  
         processes have six components and each are          
         identified and discussed.                           
      

                       SECURITY MANAGEMENT
                                                             
          AUTHOR: Rosenthal, Lynne S.                         
                                                             
          TITLE:  Guidance on Planning and Implementing       
                 Computer Systems Reliability                
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-121                    
          PUBLICATION DATE: January 1985                      
          CATEGORY:  Security Management                      
         COST:  $2.25                                        
         DESCRIPTION: The basic concepts of computer system  
         security are given to provide managers and planners 
         with background for improving computer system       
         reliability.                                        
               



              SOFTWARE & OPERATING SYSTEM SECURITY


                                                             
          AUTHOR:  Levitt, Karl, Neumann, Peter, and          
                  Robinson, Lawrence                         
          TITLE:  The SRI Hierarchical Development            
                 Methodology (HDM) and its Application to    
                 the Development of Secure Software          
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  NBS SPEC PUB 500-67                     
          PUBLICATION DATE:  October 1980                     
          CATEGORY:  Software and Operating System Security   
         COST:  $4.25                                        
         DESCRIPTION: Shows how to design large software     
         systems, such as an operating system, that will     
         meet the hardest security requirements.             
              

                      TRAINING & AWARENESS

                                                            
          AUTHOR:  Davis, Bevette                             
                                                             
          TITLE:  Computer Security Bibliography              
                                                             
                                                             
          ORGANIZATION:  Mitre Corporation                    
                                                             
          PUBLISHER/ORIGINATOR: Mitre Corporation             
                                                             
          REPORT NO:  MTR 9654                                
          PUBLICATION DATE:  April 1985                       
          CATEGORY:  Training & Awareness                     
         COST:                                               
         DESCRIPTION: Identifies organizations and           
         individuals that have published documents, magazine 
         and journal articles, conference proceedings, and   
         reports concerning computer security.               

                                                             
          AUTHOR:   Tompkins, Frederick G.                    
                                                             
          TITLE:  Guidelines for Development of NASA Computer 
                 Security Training Programs                  
                                                             
          ORGANIZATION:  Mitre Corporation                    
                                                             
          PUBLISHER/ORIGINATOR:  National Aeronautics and     
                               Space Administration          
          REPORT NO:  PB84-171339/LP                          
          PUBLICATION DATE:  May 1983                         
          CATEGORY:  Training & Awareness                     
         COST:  $11.95 plus $3.00 shipping & handling        
         DESCRIPTION:  This report identifies computer       
         security training courses and is intended to be used
         by NASA in developing training requirements and     
         implementing computer security training programs.   
                      

                      AUTHORS NOT SPECIFIED
                                                             
          AUTHOR:  N/A                                        
                                                             
          TITLE:  Computer Fraud and Abuse Act of 1986        
                                                             
          ORGANIZATION:                                       
                                                             
          PUBLISHER/ORIGINATOR:                               
                                                             
          REPORT NO:  Public Law 99-474                       
          PUBLICATION DATE:  October 16, 1986                 
          CATEGORY:  Abuse/Misuse/Crime                       
         COST:  Free                                         
         DESCRIPTION: Provides additional penalties for      
         fraud and related activities in connection with     
         access devices and computers.                       

                                                         
          AUTHOR:   N/A                                       
                                                             
          TITLE:   Federal Manager's Financial Integrity      
                  Act of 1982                                
                                                             
          ORGANIZATION:                                       
                                                             
          PUBLISHER/ORIGINATOR:                               
                                                             
          REPORT NO: Public Law 97-255                        
          PUBLICATION DATE:   September 8, 1982               
          CATEGORY:  Abuse/Misuse/Crime                       
         COST: Free                                          
         DESCRIPTION: This law amends the accounting and     
         auditing act of 1950 to require ongoing evaluations 
         and reports on the adequacy of the systems of       
         internal accounting and administrative control of   
         each executive agency, and for other purposes.      




                         ACCESS CONTROL

                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Data Encryption Standard                    
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 46                             
          PUBLICATION DATE:  January 1977                     
          CATEGORY:  Access Control                           
         COST: $7.00                                         
         DESCRIPTION:  Discusses an algorithm to be used for 
         the cryptographic protection of sensitive, but      
         unclassified, computer data. Tells how to transform 
         data into a cryptographic cipher and back again.      
                     
                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  DES Modes of Operation                      
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 81                             
          PUBLICATION DATE:  December 1980                    
          CATEGORY:  Access Control                           
         COST: $8.50                                         
         DESCRIPTION: This publication discusses the four    
         modes of operation used by the Data Encryption      
         Standard.                                           
                    

                                                             
          AUTHOR:   N/A                                       
                                                             
          TITLE:  Electronic Communications Privacy Act of    
                 1986                                        
                                                             
          ORGANIZATION:                                       
                                                             
          PUBLISHER/ORIGINATOR:                               
                                                             
          REPORT NO:  Public Law 99-508                       
          PUBLICATION DATE:   October 21, 1986                
          CATEGORY:   Access Control                          
         COST: Free                                          
         DESCRIPTION:  Amends title 18, United States Code,  
         with respect to the interception of certain         
         communications, and other forms of surveillance, and
         for other purposes.                                 

                                                         
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Guidelines on Evaluation of Techniques for  
                 Automated Personnel Identification          
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO: FIPS PUB 48                              
          PUBLICATION DATE:  April 1977                       
          CATEGORY:  Access Control                           
         COST: $7.00                                         
         DESCRIPTION:  The performance and evaluation of     
         personal identification devices is explained.       
         Considerations for their use in a computer system   
         is given.                                           
                   

                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Guidelines for Implementing and Using the   
                 NBS Data Encryption Standard                
                                                             
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 74                             
          PUBLICATION DATE:  April 1981                       
          CATEGORY:  Access Control                           
         COST: $8.50                                         
         DESCRIPTION:  Discusses the guidelines that federal 
         organizations should use when cryptographic         
         protection is required for sensitive or valuable    
         computer data.                                      
          
                                                             
          AUTHOR:    Not Specified                            
                                                             
          TITLE:  Guideline on User Authentication Techniques 
                 for Computer Network Access Control         
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 83                             
          PUBLICATION DATE:  September 1980                   
          CATEGORY:  Access Control                           
         COST: $8.50                                         
         DESCRIPTION: Details the use of passwords,          
         identification tokens, and other means to protect   
         against unauthorized access to computers and        
         computer networks.                                  
                  
                                                       
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Information Security: Products and Services 
                 Catalogue                                   
                                                             
          ORGANIZATION:   National Computer Security Center   
                                                             
          PUBLISHER/ORIGINATOR:   National Computer Security  
                                 Center                      
          REPORT NO:  None Specified                          
          PUBLICATION DATE:   Published Quarterly             
          CATEGORY:   Access Control                          
         COST:  Free                                         
         DESCRIPTION: This catalogue contains the endorsed   
         cryptographic products list, NSA endorsed data      
         encryption standard products list, protected        
         services list, evaluated products list, and         
         preferred products list.                            

                                                       
          AUTHOR:   Not Specified                             
                                                             
          TITLE: National Policy on Controlled Access         
                Protection                                   
                                                             
          ORGANIZATION:  National Telecommunications and      
                        Information Systems Security         
          PUBLISHER/ORIGINATOR:  NTISSC                       
                                Ft. George G. Meade, MD      
          REPORT NO:  NTISSP No. 200                          
          PUBLICATION DATE:  July 15, 1987                    
          CATEGORY:   Access Control                          
         COST: Free                                          
         DESCRIPTION:  Defines a minimum level of protection 
         for automated information systems operated by       
         executive branch agencies and departments of the    
         federal government and their contractors.           


                                                         
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Standard on Computer Data Authentication    
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 113                            
          PUBLICATION DATE:  May 1985                         
          CATEGORY:  Access Control                           
         COST: $9.95                                         
         DESCRIPTION:  Specifies a data authentication       
         algorithm which, when applied to computer data,     
         automatically and accurately detects unauthorized   
         modifications, both intentional and accidental.     

                                                          
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Standard on Password Usage                  
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 112                            
          PUBLICATION DATE:  May 1985                         
          CATEGORY:  Access Control                           
         COST:  $13.95                                       
         DESCRIPTION:  Discusses ten minimum security        
         criteria to consider when designing a password-based
         access control system for a computer.               
                  
                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:    Trusted Network Interpretation of the     
                   Trusted Computer System Evaluation        
                   Criteria                                  
          ORGANIZATION:  National Computer Security Center    
                                                             
          PUBLISHER/ORIGINATOR:  National Computer Security   
                                Center                       
          REPORT NO:  NCSC-TG-005                             
          PUBLICATION DATE:  July 31, 1987                    
          CATEGORY:   Access Control                          
         COST:                                               
         DESCRIPTION:  This is also known as the Red Book.   
         This guidelines examines interpretations to extend  
         the evaluation classes of the Trusted Systems       
         Evaluation Criteria to trusted network systems and  
         components.                                         

                      AUDIT AND EVALUATION

                                                            
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Assessing Reliability of Computer Output -  
                 Audit Guide                                 
                                                             
          ORGANIZATION:  U.S. General Accounting Office       
                                                             
          PUBLISHER/ORIGINATOR: U.S. General Accounting Office
                                                             
          REPORT NO:  AFMD-81-91                              
          PUBLICATION DATE:  June 1981                        
          CATEGORY:  Audit and Evaluation                     
         COST:  Free (if less than 5 ordered)                
         DESCRIPTION:  This audit guide shows how to comply  
         with GAO policy requirements by giving detailed     
         procedures to help determine the degree of risk     
         using information that could be incorrect.          
     
                                                             
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Computer Security Requirements: Guidance for
                 Applying the Dod Trusted Computer System    
                 Evaluation Criteria in Specific Environments
          ORGANIZATION:  Department of Defense Computer       
                        Security Center                      
          PUBLISHER/ORIGINATOR:  Department of Defense        
                                Computer Security Center     
          REPORT NO:  CSC-STD-003-85                          
          PUBLICATION DATE:  June 25, 1985                    
          CATEGORY:  Audit and Evaluation                     
         COST:  $1.00                                        
         DESCRIPTION: These reports show how to use DOD      
         5200.28-STD in specific environments.               
                     
                                                          
          AUTHOR:   Not Specified                             
                                                             
          TITLE:   Evaluating Internal Controls in Computer-  
                  Based Systems - Audit Guide                
                                                             
          ORGANIZATION:  U.S. General Accounting Office       
                                                             
          PUBLISHER/ORIGINATOR: U.S. General Accounting Office
                                                             
          REPORT NO:  AFMD-81-76                              
          PUBLICATION DATE: June 1981                         
          CATEGORY:  Audit and Evaluation                     
         COST: Free (if less than 5 are ordered).            
         DESCRIPTION: Describes an approach for evaluating a 
         computer-based system that will enable an auditor to
         evaluate the entire system from original to output. 
                   
                                                           
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Technical Rationale Behind CSC-STD-003-85   
         Computer Security Requirements: Guidance for        
         Applying the DoD Trusted Computer System Evaluation 
         Criteria in Specific Environments                   
          ORGANIZATION:  Department of Defense Computer       
                        Security Center                      
          PUBLISHER/ORIGINATOR:  Department of Defense        
                                Computer Security Center     
          REPORT NO:  CSC-STD-004-85                          
          PUBLICATION DATE:   June 25, 1985                   
          CATEGORY:   Audit and Evaluation                    
         COST: $2.00                                         
         DESCRIPTION: Give guidance to applying the DOD      
         CSC-STD-003-85.                                     



                         CERTIFICATION

                                                            
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Guideline for Computer Security             
                 Certification and Accreditation             
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 102                            
          PUBLICATION DATE:  September 1983                   
          CATEGORY:  Certification                            
         COST:  $11.50                                       
         DESCRIPTION:  Describes ways of establishing and    
         carrying out a computer security certification and  
         accreditation program.                              
                   

                      CONTINGENCY PLANNING


                                                             
          AUTHOR:    Not Specified                            
                                                             
          TITLE:  Guidelines for ADP Contingency Planning     
                                                             
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 87                             
          PUBLICATION DATE:  March 1981                       
          CATEGORY:  Contingency Planning                     
         COST: $8.50                                         
         DESCRIPTION:  Describes data processing             
         management considerations for developing a          
         contingency plan for an ADP facility.               
                

                       DATA BASE SECURITY
                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Guideline on Integrity Assurance and        
                 and Control in Database Applications        
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 88                             
          PUBLICATION DATE:  August 1981                      
          CATEGORY:  Data Base Security                       
         COST:  $11.50                                       
         DESCRIPTION: Gives detailed advice on how to achieve
         data base integrity and security control. A step-by-
         step procedure for examining and verifying the      
         the accuracy and completeness of a data base is     
         included.                                           
                 

                      ENVIRONMENTAL SECURITY

                                                            
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Guideline on Electrical Power for ADP       
                 Installations                               
                                                             
          ORGANIZATION: Institute for Computer Sciences       
                       and Technology                        
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 94                             
          PUBLICATION DATE:  September 1982                   
          CATEGORY:  Environmental Security                   
         COST:  $13.00                                       
         DESCRIPTION:  This publication discusses electrical 
         power factors that can affect the operation of an   
         ADP system.                                         



                        GENERAL SECURITY

                                                            
          AUTHOR:   N/A                                       
                                                             
          TITLE:   Computer Security Act of 1987              
                                                             
                                                             
          ORGANIZATION:                                       
                                                             
          PUBLISHER/ORIGINATOR:                               
                                                             
          REPORT NO:  Public Law 100-235                      
          PUBLICATION DATE:  January 8, 1988                  
          CATEGORY:  General Security                         
         COST: Free                                          
         DESCRIPTION: To provide for a computer standards    
         program within the National Institute of Standards  
         and Technology, to provide Government-wide computer 
         security, and to provide for the training in secur- 
         ity matters of persons who are involved in the      
         management, operation, and use of Federal computer  
         systems.                                            

                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Glossary for Computer Systems Security      
                                                             
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 39                             
          PUBLICATION DATE:  February 1974                    
          CATEGORY:  General Security                         
         COST: $9.95                                         
         DESCRIPTION: A reference document containing        
         approximately 170 terms and definitions pertaining  
         to privacy and computer security.                   

                                                            
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Guidelines for Security of Computer         
                 Applications                                
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 73                             
          PUBLICATION DATE:  June 1980                        
          CATEGORY:  General Security                         
         COST:  $10.00                                       
         DESCRIPTION:  These guidelines are to be used in the
         development and operation of computer systems that  
         require protection. Data validation, user           
         authentication, and encryption are discussed.       
                 

                                                            
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  NBS Publication List 91:  Computer Security 
                 Publications                                
                                                             
          ORGANIZATION:  Institute for Computer Sciences and  
                        Technology                           
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  003-003-00135-0                         
          PUBLICATION DATE: August 1984                       
          CATEGORY:  General Security                         
         COST:  $18.00                                       
         DESCRIPTION:  Provides information on computer      
         security publications that are available.           
        
                                                         
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Sensitive Unclassified Computer Security    
                 Program Compliance Review Guidelines        
                                                             
          ORGANIZATION:  U.S. Department of Energy            
                                                             
          PUBLISHER/ORIGINATOR: U.S. Department of Energy     
                                                             
          REPORT NO:  DOE/MA-0188/1                           
          PUBLICATION DATE: September 1985                    
          CATEGORY:  General Security                         
         COST:                                               
         DESCRIPTION:  This guideline contains questionaires 
         for determining the level of security needed at a   
         computer installation. Techniques for obtaining the 
         required level of security are discussed.           
                      


                     MICROCOMPUTER SECURITY

                                                            
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Computer Security- User Handbook for        
                 Microcomputers and Word Processors          
                                                             
          ORGANIZATION: U.S. Department of Energy             
                                                             
          PUBLISHER/ORIGINATOR: U.S. Department of Energy     
                                                             
          REPORT NO:  None Specified                          
          PUBLICATION DATE:  September 1986                   
          CATEGORY:  Microcomputer Security                   
         COST:                                               
         DESCRIPTION:  This guideline gives a synopsis on    
         computer security requirements for users of         
         microcomputers and/or word processors.              
              
                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:   Personal Computer Security Considerations  
                                                             
                                                             
          ORGANIZATION:  National Computer Security Center    
                                                             
          PUBLISHER/ORIGINATOR: National Computer Security    
                               Center                        
          REPORT NO:  NCSC-WA-002-85                          
          PUBLICATION DATE:   December 1985                   
          CATEGORY:  Microcomputer Security                   
         COST: Free                                          
         DESCRIPTION: This publication provides a general    
         discussion of a number of issues that are pertinent 
         to microcomputer security in the home and business  
         environment.                                        

                                                         
          AUTHOR:   Not Specified                             
                                                             
          TITLE:   Security Guide for Users of Personal       
                  Computers and Word Processors              
                                                             
          ORGANIZATION:  Pacific Northwest Laboratory         
                                                             
          PUBLISHER/ORIGINATOR: Pacific Northwest Laboratory  
                                                             
          REPORT NO: None Specified                           
          PUBLICATION DATE:  June 1986                        
          CATEGORY:   Microcomputer Security                  
         COST:  Free (for single copies).                    
         DESCRIPTION: Contains instructions on a variety of  
         computer security techniques including protective   
         storage and handling, passwords, emergency          
         procedures, and other related security subjects.    
                
                                                             
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Security Guidelines for Microcomputers      
                 and Word Processors                         
                                                             
          ORGANIZATION:   U.S. Department of Energy           
                                                             
          PUBLISHER/ORIGINATOR: U.S. Department of Energy     
                               ATTN: Information Services    
                               P.O. Box 62                   
                               Oakridge, TN 37831            
          REPORT NO:  DOE/MA-0181                             
          PUBLICATION DATE:  March 1985                       
          CATEGORY:  Microcomputer Security                   
         COST: $9.45                                         
         DESCRIPTION: These guidelines are concerned with the
         training of in the protection of computers          
         (hardcopy, storage media, etc.). Communications     
         security, emergency procedures, and the prevention  
         of system misuse are also discussed.                
                     


                             PRIVACY

                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Computer Security Guidelines for            
                 implementing the Privacy Act of 1974        
                                                             
          ORGANIZATION:  Institute for Computer Sciences      
                        and Technology                       
          PUBLISHER/ORIGINATOR: National Institute of         
                               Standards and Technology      
          REPORT NO:  FIPS PUB 41                             
          PUBLICATION DATE:  May 1975                         
          CATEGORY: Privacy                                   
         COST:  $7.00                                        
         DESCRIPTION: This document shows how to protect     
         personal data in automated information systems.     
         Discusses how to improve system security using      
         safeguards and controls.                            
                     

                         RISK MANAGEMENT

                                                             
          AUTHOR:   N/A                                       
                                                             
          TITLE:  Internal Control Systems                    
                                                             
                                                             
          ORGANIZATION:  Office Of Management and Budget      
                                                             
          PUBLISHER/ORIGINATOR: Office of Management & Budget 
                                                             
          REPORT NO:  OMB Circular A-123                      
          PUBLICATION DATE:  August 4, 1986                   
          CATEGORY:  Risk Management                          
         COST:  Free                                         
         DESCRIPTION: This circular prescribes policies and  
         procedures to be followed by executive departments  
         and agencies in establishing, maintaining,          
         evaluating, improving, and reporting on internal    
         controls in their program and administrative        
         activitiies.                                        

                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:   NASA ADP Risk Analysis Guideline           
                                                             
          ORGANIZATION:  National Aeronautics and Space       
                        Administration                       
          PUBLISHER/ORIGINATOR:  National Aeronautics and     
                                Space Administration         
          REPORT NO: None Specified                           
          PUBLICATION DATE:  July 1984                        
          CATEGORY:   Risk Management                         
         COST: Free                                          
         DESCRIPTION: This document describes guidelines for 
         the ADP risk analysis methodology to be used at     
         NASA ADP facilities and provides guidance for       
         performing an ADP risk analysis without specialized 
         contractor assistance.                              



                       SECURITY MANAGEMENT
                                                             
          AUTHOR:   Not Specified                             
                                                             
          TITLE:  Computers:  Crimes, Clues, and Controls.  A 
                 Management Guide                            
                                                             
          ORGANIZATION:  President's Council on Integrity and 
                        Efficiency                           
          PUBLISHER/ORIGINATOR:  National Technical           
                                Information Service          
          REPORT NO: PB86-221850/XAB                          
          PUBLICATION DATE:  March 1986                       
          CATEGORY:  Security Management                      
         COST: $13.95                                        
         DESCRIPTION: This publication, which is meant for   
         managers, deals with information security, physical 
         security, personnel security, and a plan of action. 
         Listed are ways to detect and prevent abuse of      
         computers.                                          
                 
                                                   
          AUTHOR:   N/A                                       
                                                             
          TITLE:  Guidance for Preparation and Submission of  
                 Security Plans for Federal Computer Systems 
                 Containing Sensitive Information            
          ORGANIZATION:  Office of Management & Budget        
                                                             
          PUBLISHER/ORIGINATOR: Office of Management & Budget 
                                                             
          REPORT NO: OMB Bulletin 88-16                       
          PUBLICATION DATE:  July 6, 1988                     
          CATEGORY:   Security Management                     
         COST:  Free                                         
         DESCRIPTION: Guidance for preparation and submission
         of security plans for federal computer systems      
         containing sensitive information.                   


                                                             
          AUTHOR:  N/A                                        
                                                             
          TITLE:  Management of Federal Information Resources 
                                                             
                                                             
          ORGANIZATION:  Office of Management and Budget      
                                                             
          PUBLISHER/ORIGINATOR: Office of Management and      
                               Budget                        
          REPORT NO:  OMB Circular No. A-130                  
          PUBLICATION DATE:  December 12, 1985                
          CATEGORY:  Security Management                      
         COST: Free                                          
         DESCRIPTION: A general policy framework for the     
         management of federal information resources is given
         in this circular.                                   

                                                      
          AUTHOR:  N/A                                        
                                                             
          TITLE:  National Policy on Telecommunications and   
                 Automated Information Systems Security      
                                                             
          ORGANIZATION:  National Security Council            
                                                             
          PUBLISHER/ORIGINATOR:                               
                                                             
          REPORT NO: National Security Decision Directive 145 
          PUBLICATION DATE:  September 17, 1984               
          CATEGORY:  Security Management                      
         COST: Free                                          
         DESCRIPTION: This directive establishes a senior    
         steering group, an interagency group at the         
         operating level, an executive agent and a national  
         manager to implement national policy on             
         telecommunications and automated information systems
         security.                                           


                      TRAINING & AWARENESS
                                                             
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Computer Security Awareness and Training    
                 (Bibliography)                              
                                                             
          ORGANIZATION:  Martin Marietta Energy Systems, Inc. 
                                                             
          PUBLISHER/ORIGINATOR: U.S. Department of Energy     
                                                             
          REPORT NO: DOE/MA-320 Volume 1                      
          PUBLICATION DATE:  February 1988                    
          CATEGORY:  Training and Awareness                   
         COST: $11.65                                        
         DESCRIPTION: This bibliography contains materials   
         and information that are available concerning       
         unclassified computer security.                     

                                                     
          AUTHOR:   N/A                                       
                                                             
          TITLE:  Computer Security Training Guidelines       
                 (Draft)                                     
                                                             
          ORGANIZATION:  National Institute of                
                        Standards and Technology             
          PUBLISHER/ORIGINATOR:  National Institute of        
                                Standards and Technology     
          REPORT NO:                                          
          PUBLICATION DATE:  July 8, 1988                     
          CATEGORY:  Training & Awareness                     
         COST:                                               
         DESCRIPTION:  These guidelines are intended to      
         assist agencies to meet the training requirements   
         of the computer security act of 1987.               

                                                     
          AUTHOR:   Not Specified                             
                                                             
          TITLE:   Computer Security Awareness and Training   
                  (Guideline)                                
                                                             
          ORGANIZATION:  Martin Marietta Energy Systems, Inc. 
                                                             
          PUBLISHER/ORIGINATOR: U.S. Department of Energy     
                                                             
          REPORT NO:  DOE/MA-0320 Volume 2                    
          PUBLICATION DATE: February 1988                     
          CATEGORY:  Training & Awareness                     
         COST: $11.00                                        
         DESCRIPTION:  This guide presents fundamental       
         concepts, topics, and materials on many aspects of  
         unclassified computer security that should be       
         included in site level unclassified computer        
         security awareness and training programs within DOE.

                                                          
          AUTHOR:  Not Specified                              
                                                             
          TITLE:  Safeguards and Security Manual. Section 12: 
                 Computer and Technical Security             
                                                             
          ORGANIZATION:  EG&G Idaho, Inc.                     
                                                             
          PUBLISHER/ORIGINATOR: None Specified                
                                                             
          REPORT NO:  None Specified                          
          PUBLICATION DATE:  April 8, 1987                    
          CATEGORY:  Training & Awareness                     
         COST: Free                                          
         DESCRIPTION: This section of the safeguards and     
         security manual describes various computer security 
         procedures for users and security managers. Includes
         security awareness training, computer protection    
         plan, audit, risk analysis, and related topics.     
         

                                                             
          AUTHOR:   N/A                                       
                                                             
          TITLE:  Small Business Computer Security and        
                 Education Act of 1984                       
                                                             
          ORGANIZATION:                                       
                                                             
          PUBLISHER/ORIGINATOR:                               
                                                             
          REPORT NO:  Public Law 98-362                       
          PUBLICATION DATE:  July 16, 1984                    
          CATEGORY:  Training & Awareness                     
         COST: Free                                          
         DESCRIPTION:  Amended the Small Business Act to     
         establish a small business computer security and    
         education program.                                  


                                                            
          AUTHOR:   N/A                                       
                                                             
          TITLE:   Training Requirement for the Computer      
                  Security Act                               
                                                             
          ORGANIZATION:  Office Personnel Management          
                                                             
          PUBLISHER/ORIGINATOR: Office of Personnel Management
         Federal Register  Part II                           
          REPORT NO:  Interim Regulation 5 CFR Part 930       
          PUBLICATION DATE:  July 13, 1988                    
          CATEGORY:   Training & Awareness                    
         COST:  Free                                         
         DESCRIPTION: This regulation implements P.L. 100-   
         235, the Computer Security Act of 1987.