Search CSRC

Abstract: The Database Language SQL (SQL) is a widely used language for accessing and manipulating relational databases. As such, SQL can be of use in many different operational environments, with correspondingly different needs for security. One specific application of this standard is in Product Data Exchan...

Abstract: A Workshop on Security Procedures for the Interchange of Electronic Documents, sponsored by the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (0MB) , was held at NIST in Gaithersburg, Maryland, on November 12th and 13th, 1992. The impetus for the works...

Abstract: This bulletin focuses on security considerations for organizations considering Internet connections. Spurred by developments in high-speed networking technology and the National Research and Education Network (NREN), many organizations and individuals are looking at the Internet as a means for expan...

Abstract: The Workshop on NSFNET/NREN Security was hosted by NIST and sponsored by NSF to address the need for improving the security of national computer networks. Emphasis was on identifying off-the-shelf security technology that could be implemented in the NSF Network, especially to control access to the s...

Abstract: [NOTE: THIS DOCUMENT HAS BEEN SUPERSEDED BY THE FEDERAL CRITERIA.] The Minimum Security Requirements for Multi-User Operating Systems (MSR) document provides basic commercial computer system security requirements applicable to both government and commercial organizations. These requirements include...

Abstract: For communications between computer systems to be useful in many environments, the systems and their communications must be secure. One prerequisite to secure communications is the management of keying material needed by the underlying cryptographic mechanisms that provide security. This report addr...

Abstract: An electronic bulletin board system (BBS) is similar to a regular bulletin board, except that all posted information is stored on a computer rather than on a wall. A BBS has several features which a regular bulletin board does not have. For example, on a BBS, one person can leave a message for anoth...

Abstract: This National Institute of Standards and Technology Interagency Report (NISTIR) is a compendium of computer security training and awareness courses. The purpose of this publication is to assist federal agencies locate computer security training resources. This publication is part of a continuing NIS...

Abstract: Several United States and European documents describing criteria for specifying and evaluating the trust of computer products and systems have been written. This report reviews five of these documents and discusses the approach each one uses to provide criteria for specifying and evaluating the trus...

Abstract: Computer systems and the information they store are valuable resources that need to be protected. Increasingly sophisticated threats including system and network intruders, computer viruses, and network worms can exploit a variety of weaknesses in computer systems and cause significant damage. Due t...

Abstract: The National Research and Education Network (NREN) is an integral part of the planned High-Performance Computing and Communication (HPCC) infrastructure that will extend throughout the scientific, technical and education communities. The projected vision is one of desks and laboratory benches as ent...

Abstract: Each federal organization is fully responsible for its computer security program whether the security program is performed by in- house staff or contracted out. Time constraints, budget constraints, availability or expertise of staff, and the potential knowledge to be gained by the organization from...

Abstract: An electronic bulletin board system (BBS) is similar to a regular bulletin board, except that all posted information is stored on a computer rather than on a wall. A BBS has several features which a regular bulletin board does not have. For example, on a BBS, one person can leave a message for anoth...

Abstract: This National Institute of Standards and Technology Interagency Report (NISTIR) presents a glossary of computer security terminology, whose development was sponsored under the auspices of the National Security Telecommunications and Information Systems Security Committee (NSTISSC) . This glossary is...

Abstract: This National Institute of Standards and Technology Internal Report (NISTIR) presents nine articles which represent a wide spectrum of computer security information. The articles were selected by the staff of the Computer Security Division, Computer Systems Laboratory, at the National Institute of S...

Abstract: This National Institute of Standards and Technology Interagency Report (NISTIR) presents the Methodology for Certifying Sensitive Computer Applications developed by the U.S. Department of Commerce, Office of Information Resources Management. The National Institute of Standards and Technology (NIST)...

Abstract: This National Institute of Standards and Technology Interagency Report (NISTIR) presents the Simplified Risk Analysis Guidelines developed by the U.S. Department of Justice, Justice Management Division, Security and Emergency Planning Staff, ADP/Telecommunications Group. The National Institute of St...

Abstract: This National Institute of Standards and Technology Interagency Report (NISTIR) presents the Federal Aviation Administration's Automated Information System Security Accreditation Guidelines. This document provides procedures for the preparation of documentation for the security accreditation of auto...

Abstract: [NISTIR 90-4267] This report describes a conformance test for the Fiber Distributed Data Interface (FDDI) Medium Access Control (MAC) standard [1]. FDDI is a layered OSI protocol consisting of four sublayers at the data link or physical layers as illustrated in Figure 1. At the lowest level is...

Abstract: On May 30 and 31, 1990 the Protocol Security Group at NIST held a Workshop on Security Labels. Thirty-Five representatives from the U.S. Government, industry, and the United Kingdom gathered for two days to discuss security Labels for open systems. The discussion went from the generalities of labels...

Abstract: This National Institute of Standards and Technology Interagency Report (NISTIR) presents a risk assessment methodology developed by the U.S. Department of Energy. This NISTIR contains Volume I: DOE Risk Assessment Guideline Instructions. Resource Table, and Completed Sample and Volume II: DOE Risk A...

Abstract: The SP3 Protocol is one of a number of protocols defined under the United States Government SDNS (Secure Data Network System) activity. The purpose of this protocol is to provide various security services, through the use of cryptographic mechanisms. This document defines the services provided by th...

Conference: DocProcess88: Conference on Document Processing Systems Abstract: The DTD editing tool is a window and icon based tool for creation, manipulation and comprehension of SGML Document Type Definitions (DTDs). This tool allows users to manipulate SGML DTDs without any knowledge of the rather complex SGML syntax. More generally, the tool allows users to manipulate cont...

Journal: Communications of the ACM Abstract: The following excerpts have been gleaned from a 130-page report of potential inaccuracies and fraud in computerized voting systems. Recent difficulties in automated vote-tallying, including specific legal cases, are detailed along with a summary of conclusions and recommendations.

Abstract: The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security to its ADP systems. This publication provides a standard to be used by Federal organizations when these organizations specify that...