|
CSRC
Homepage
CSRC Site Map
Search
CSRC:
CSD
Publications:
- Draft Publications
- Special
Publications
- FIPS Pubs
- ITL Security
Bulletins
- NIST IRs
CSD
Focus Areas:
- Cryptographic Standards
& Application
- Security Testing
- Security Research
/
Emerging
Technologies
- Security Management
&
Guidance
General
Information:
- Site
Map
- List of Acronyms
- Archived
Projects
&
Conferences
- Virus Information
- ICAT Alerts
Search
NIST's ICAT
Vulnerability Archive:
|
|
Computer
Security Division Publications:
This paper was for a presentation
at April 1997, BSI Security Conference in Bonn. This
paper briefly summarizes the activities over the past few years
of selected U.S. government organizations that are addressing the
challenges of the information infrastructure and provides a listing
of electronic addresses for those who would like to obtain more
in-depth information.
Other Computer
Security Publications:
These computer security publications are a
collection of publications that the Computer Security Division thought would
be interesting for the public to read.
- "A Guideline on Office Automation Security".
National Computer Security Center.
November 10, 1993.
text (.txt) file -
[109,919 bytes]
- "Advisory Memorandum on Web Browser
Security Vulnerabilities"
NSTISSC.
August 2000
.pdf format - [186,031
bytes]
- "An Evening with Berferd In Which a
Cracker is Lured, Endured, and Studied".
Bill Cheswick, AT&T Bell Labs.
December 7, 1992.
Postscript (.ps) file
- [81,747 bytes]
- "Answers to Frequently Asked Questions
About Today's Cryptography".
Paul Fahn, RSA Laboratories.
December 8, 1992.
Postscript (.ps) file
- [1,441,358 bytes]
- "Are Computer Hacker Break-ins Ethical?".
Eugene H. Spafford, Purdue.
December 7, 1992.
Postscript (.ps) file
- [206,894 bytes]
- "AUSCERT UNIX Computer Security Checklist
(Version 1.1)".
December 19, 1995.
Text
(.txt) file - [83,419 bytes]
- Certification
and Accreditation Process Handbook for Certifiers (pdf file)
National Computer Security Center
July 1996.
- "Computer Crime - A Joint Report". State
of New Jersey, Commission of Investigation and the Attorney General
of New Jersey.
The report comprehensively details lessons learned and refers readers
to many helpful institutions, programs and individuals.
June 2000.
.pdf format - [922,962 bytes]
- "Computer Security and the Law."
Gary Morris. - good doc on legal issues with
regard to computer security.
August 17, 1990.
Text (.txt) file - [14,045
bytes]
- "Computer
Security at Concordia: Past Problems, Proposed Plans". (html).
Anne Bennett and Michael Assels.
April 1998.
- "Computer Emergency Response-An Int'l
Problem, A description of the CERT System".
Richard D. Pethia.
December 7, 1992.
Postscript (.ps) file
- [160,110 bytes]
- "Coping with the Threat of Computer
Security Incidents - A Primer from Prevention through Recovery"
Russell L. Brand.
December 7, 1992.
Postscript (.ps) file
- [293,589 bytes]
- "Degausser Products List".
National Computer Security Center.
February 27, 1989.
Text (.txt) file -
[7,436 bytes]
- "Department of Commerce's Abbreviated
Certification Methodology Guidelines for Sensitive and Classified IT
Systems".
November 23, 1993.
Text (.txt) file -
[32,355 bytes]
- DOD GOAL: "Security Architecture".
February 1, 1994.
All 12 files are
|
Postscript. |
|
(1 of 12 files)
[34,901 bytes] |
(2 of 12 files)
[35,216 bytes] |
(3 of 12 files)
[56,546 bytes] |
(4 of 12 files)
[33,892 bytes] |
(5 of 12 files)
[63,319 bytes] |
(6 of 12 files)
- [77,006 bytes]
|
(7 of 12 files)
[95,462 bytes] |
(8 of 12 files)
[124,089 bytes] |
(9 of 12 files)
[101,031 bytes] |
(10 of 12 files)
[75,777 bytes] |
(11 of 12 files)
[40,662 bytes] |
(12 of 12 files)
[349,078 bytes] |
|
|
|
All 14 files are
|
WordPerfect. |
|
(1 of 14)
[29,863 bytes] |
(2 of 14)
[25,723 bytes] |
(3 of 14)
[24,333 bytes] |
(4 of 14)
[29,803 bytes] |
(5 of 14)
[17,871 bytes] |
(6 of 14)
[23,606 bytes] |
(7 of 14)
[38,544 bytes] |
(8 of 14)
[170,188 bytes] |
(9 of 14)
[142,286 bytes] |
(10 of 14)
[253,959 bytes] |
(11 of 14)
[39,412 bytes] |
(12 of 14)
[62,294 bytes] |
(13 of 14)
[26,184 bytes] |
(14 of 14)
[464,790 bytes] |
|
- "Eavesdropping on the Electronic Emanations
of Digital Equipment".
C. Seline.
June 6, 1990.
Text (.txt) file -
[45,119 bytes]
- "Endorsed Tools List".
National Computer Security Center.
November 10, 1993.
Text (.txt) file -
[14108 bytes]
- "Federal IT Security Assessment Framework",
Federal Chief Information Officers Council,
November 2000
.pdf
format - [268,178 bytes]
- "Forming an Incident Response Team".
Danny Smith, Australian CERT.
October 18, 1994.
Postscript (.ps) file
- [189,704 bytes]
- "Foundations for the Harmonization of
Information Technology Security Standards".
February 26, 1993.
Postscript (.ps) file
- [169,211 bytes]
- "Foundation for the Harmonization of
Information Technology".
April 21, 1993.
Postscript (.ps) file
- [184,486 bytes]
- "Frequently Asked Questions on the USENET
News Groups, "comp.security.misc" and "alt.security"".
February 10, 1993.
Text (.txt) file -
[50,491 bytes]
- "Guidelines for the Secure Operation
of the Internet".
B. Fraser and R. Pethia, CERT, S.Crocker,
TIS. December 7, 1992.
Postscript (.ps) file
- [85,234 bytes]
- "ID and Analysis of Foreign Laws and
Regulations Pertaining to the Use of Commercial Encryption Products
for Voice and Data Communications".
March 1, 1994.
WordPerfect (.wp) file
- [54,561 bytes]
- "Improving the Security of your Unix
System".
David A. Curry, SRI International.
Postscript (.ps) file
- [274,262 bytes]
- "Information Technology Security Evaluation
Criteria".
June 6, 1994.
Text (.txt) file - [298,257
bytes]
- "Legal Issues - A Site Manager's Nightmare".
March 18, 1993.
Text (.txt) file - [15,105
bytes]
- "Limitations of the Kerberos Authentication
System".
Steven M. Bellovin & Michael Merrit,
AT&T Bell Labs. December 8, 1992.
Postscript (.ps) file
- [149,573 bytes]
- "Network (In)Security Through IP Packet
Filtering".
Brent Chapman.
July 20, 1993.
Postscript (.ps) file
- [123,151 bytes]
- "OARnet Security Procedures".
Kannan Varadhan, OARnet.
Postscript (.ps) file
- [226,259 bytes]
- "Organizing a Corporate Anti-Virus Program".
March 18, 1993.
Text (.txt) file - [26,215
bytes]
- "Potential Liabilities of Computer Security
Response Centers".
November 8, 1992.
Postscript (.ps) file
- [146,119 bytes]
- "Rainbow Series"
rainbow/
(.html pages)
- Redefining Security: "A Report to the
Secretary of Defense and the Dir. of Central Intelligence".
April 15, 1994.
Text (.txt) file -
[440,528 bytes]
- "Relating Functionality Class and Security
Sub-profile Specifications".
March 18, 1993.
Postscript (.ps) file
- [178,872 bytes]
- "Review and Analysis of U.S. Laws, Regulation
and Case Laws Pertaining to the Use of Commercial Encryption Products
for Voice and Data Communications".
March 1, 1994.
WordPerfect (.wp) file
- [185,562 bytes]
- "Security Problems in the TCP/IP Protocol
Suite".
Steve Bellovin.
July 20, 1993.
Postscript (.ps) file
- [107,383 bytes]
- "Suggested Actions & Proc. for Software
Maintenance".
December 1, 1985.
Text (.txt) file -
[13,249 bytes]
- "Summary of the Trusted Information
Systems, (TIS) Report on Intrusion Detection Systems."
April 16, 1991.
Text (.txt) file -
[12,681 bytes]
- "The COPS Security Checker System".
December 7, 1992.
Postscript (.ps) file
- [202,735 bytes]
- "The Design of a Secure Internet Gateway".
December 4, 1992.
Postscript (.ps) file
- [42,373 bytes]
- "The Economic Impact of Role-Based
Access Control (Planning Report #02-1)"
March 2002
pdf file (596 KB)
- "The Economic Impacts of NIST's
Data Encryption Standard (DES) Program (Planning Report 01-2)"
October 2001
pdf file (690 KB)
- "The Social Organization of the Computer
Underground, Thesis".
G. Meyer, Illinois.
June 4, 1990.
Text (.txt) file - [148,104
bytes]
- "There Be Dragons". - A description
of cracker assults vs. the ramparts of ATT.COM
Steven M. Bellovin.
December 4, 1992.
Postscript (.ps) file
- [185,040 bytes]
- "Thinking About Firewalls".
Marcus Ranum.
July 20, 1993.
Postscript (.ps) file
- [108,975 bytes]
|