The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

This site's design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device. (Why?)

Center for Education and Research in Information Assurance and Security

COAST Security Archive Logo Category Index: /pub/doc/policy


No Pointing!

This WWW page was generated automatically. Link makers should not point their links to this page. If you must, please make a link to the search entry point.

Canadian Systems Security Centre, The Canadian Trusted Computer Product Evaluation Criteria
Abstract: This criteria have been developed to provide the Government of Canada with metric wth which to evaluate the degree of assurance that can be placed in computer products used for the processing of sensitive information. It is a guide to manufacturers as to what security services to build into their commercial products in order to produce widely available products that satisfy requirements for sensitive applications; and a guide which may be used in procurements of trusted products.

EFF, Root of the EFF Policy tree
Abstract: This is the root of the mirrored directory tree from the EFF archive. There are many sub-directories here, some of them linked to by other subject areas. It is not very well indexed.

National Institute of Standards and Technology, Federal Criteria for Information Technology Security
Abstract: This paper is giving the community a clear view of the FC Project's direction in moving beyond the TCSEC method of expressing requirements in order to meet new IT security challenges, and also obtaining feedback on the innovative approaches taken, the method of presentation, and garnularity; finally, making a substantial contribution on the dialogue among nations leading to the harmonization of IT security requirements and evaluations.

Unknown, Index For NSFNET Policies and Procedures
Abstract: This directory contains information about the policies and procedures established by the National Science Foundation Network (NSFNET) and its associated networks. These documents were collected by the NSF Network Service Center (NNSC). With thanks to the NNSC and Bolt Berenek and Newman, Inc., they are now available by anonymous FTP from InterNIC Directory and Database Services on ds.internic.net.

NIST, Federal Information Processing Standards
Keywords: fips, Federal, Standards
Abstract: Federal Information Processing guidelines as published by the NIST

Roe, Computer Security Act 0 1987
Abstract: Report on Computer Security Act of 1987.

Department of Commerce, Department of Commerce's Software Copyright Policy
Abstract: Department of Commerce's Software Copyright Policy. United States Code, Title 17.

Department of Commerce, Information Technology Security Manual
Abstract: Department of Commerce beginning sections of the DOC "Information Technology Security Manual".

Department of Commerce, Information Technology Security
Abstract: Department of Commerce's Chapter 10 of the DOC IT Management Handbook, which contains the IT Security policies for the Dep}A130.ZIP, 06-06-94 Proposed Revision to OMB Circular A-130.

Office Of Personnel Management, Training Requirement for the Computer Security Act
Abstract: This regulation implements Public Law 100-235, the Computer Security Act of 1987, which requires training for all employees responsible for the management and use of Federal computer systems that process sensitive information. Under the regulation agencies will be responsible for identifying the employees to be trained and providing appropriate training.

United States Government, United States Code(U.S.C.) TITLE 10, Armed Forces
Abstract: Very good summary of site security policies. For the purposes of this guide, a "site" is any organization that owns computers or network-related resources. These resources may include host computers that users use, routers, terminal servers, PC's or other devices that have access to the Internet. A site may be a end user of Internet services or a service provider such as a regional network. However, most of the focus of this guide is on those end users of Internet services.

Dave Grisham , University Policies
Abstract: This directory contains computer security policies of universities.

National Institute of Standards and Technology, Executive Guide to the Protection of Information Resources
Abstract: The National Institute of Standards and Technology (NIST), is responsible for developing standards, providing technical assistance, and conducting research for computers and related telecommunications systems. These activities provide technical support to government and industry in the effective, safe, and economical use of computers. With the passage of the Computer Security Act of 1987 (P.L. 100-235), NIST's activities also include the development of standards and guidelines needed to assure the cost-effective security and privacy of sensitive information in Federal computer systems. This guide is just one of three brochures designed for a specific audience. The "Managers Guide to the Protection of Information Resources" and the "Computer User's Guide to the Protection of Information Resources" complete the series.

European Commission, Green book on the Security of Information Systems v3.6
Abstract: European Strategic policy on Security for Information Systems. The "Green Book" represents an intermediate step towards the formulation of the Action Plan foreseen in the Council Decision. It is to state the main issues related to the security of information systems in its context. A deliberate effort has been made to present the subject matter in as objective a fashion as possible. By progressively widening the consultation in the preparation of the document the wish is, to obtain a representative and balanced view of the issues and the nature and implications of the options for action one may wish to consider.

Lance J. Hoffman, Civilizing Cyberspace: Priority Policy Issues in a National Information Infrastructure (A related WWW homepage exists for this item)
Keywords: Privacy, Policy, security, intellectual property
Abstract: In the next 15 years, rapid technology development will drive the merging of voice and data communications and, to some extent, of common carriers and enhanced service providers. A new technological environment will emerge that combines public and private elements in a highly competitive marketplace. Although technological development is moving rapidly, the United States is just starting to address hard policy questions about governance, accountability, privacy, security, and intellectual property in a national information infrastructure. Because U.S. policies will have international ramifications, they also need to be coordinated globally. This report offers tentative directions, and suggests further steps to address these issues..

Lance J. Hoffman, Encryption Policy for the Global Information Infrastructure (A related WWW homepage exists for this item)
Keywords: export control policy, encryption policy
Abstract: Cryptology policy deals not only with various technological encryption methods but also with thorny political and administrative problems. It is a challenge to address these in a timely and open manner. The problems arise in law enforcement, civil liberties, and export control policy. They must be confronted if a rational cryptographic policy is to provide a framework in which technological solutions can operate.

Sally Hambridge, Jeffrey C. Sedayao, Horses and Barn Doors: Evolution of Corporate Guidelines for Internet Usage
Abstract: Intel's Internet usage policy evolved from practically non-existent to explicitly defined - all in reaction to changing conditions and security threats. This paper covers the evolution of Intel Internet access policy, a continual struggle to close the barn doors before the horses get out . Throughout the paper, it outline key lessons author have learned during the policy-making process. It discusses Intel's first taste of the Internet, Intel's policy-making process, the open access policy of that period, and the resulting security challenges. It then covers the imposition of a stricter policy and implementing a firewall to enforce that policy The paper proceeds to describe today's problems, the majority of which center around Intel people accessing the Internet. In response to this problem and growing numbers of people wanting to use the Internet, Intel has drawn up explicit corporate guidelines on Internet use. These guidelines are then compared to various Acceptable Use Policies and Netiquette guides. The paper concludes with some additional tasks Intel is planning in order to keep the barn doors closed .

Bureau of Politico-Military Affairs, Full Text of the Amendments to the International Traffic in Arms Regulations Part II 58 FR 39280
Abstract: SUMMARY: This rule amends the regulations implementing section 38 of the Arms Export Control Act, which governs the import and export of defense articles and services. The rule clarifies existing regulations and reduces the regulatory burden on exporters of defense articles and services. Although this is a final rule public comment is welcome and will be taken into account to the extent possible.

National Institute of Standards and Technology, Management Guide to the Protection of Information Resources
Abstract: The National Institute of Standards and Technology (NIST), is responsible for developing standards, providing technical assistance, and conducting research for computers and related systems. These activities provide technical support to government and industry in the effective, safe, and economical use of computers. With the passage of the Computer Security Act of 1987 (P.L. 100-235), NIST's activities also include the development of standards and guidelines needed to assure the cost-effective security and privacy of sensitive information in Federal computer systems. This guide represents one activity towards the protection and management of sensitive information resources.

P. Holbrook, J. Reynolds, Site Security Policy Handbook
Abstract: This is an archive directory for the Internet Engineering Task Force (IETF) Site Security Policy Handbook Working Group (SSPHWG). This group is chartered to create a handbook to help sites develop their own security policies.

Richard Pethia, Steve Crocker, Barbara Y. Fraser, Guidelines for the Secure Operation of the Internet
Abstract: The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet.

Richard Pethia, Steve Crocker, Barbara Y. Fraser, Guidelines for the Secure Operation of the Internet
Abstract: The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet.

Paul Holbrook, Joyce K. Reynolds, Security Policy Handbook
Abstract: This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet. This guide lists issues and factors that a site must consider when setting their own policies. It makes some recommendations and gives discussions relevant areas. This guide is only a framework for setting security policies and procedures. In order to have an effective set of policies and procedures, a site will have to make many decisions, gain agreement, and then communicate and implement the policies.

J. Paul Holbrook, Site Security Policy Handbook Outline
Abstract: The outline of Site Security Policy Handbook. Including Introduction, how to establishing official site policy on computer security, how to how to establishing procedures to prevent security problems, etc.

Paul Holbrook, Joyce K. Reynolds, Site Security Handbook
Abstract: This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet. This guide lists issues and factors that a site must consider when setting their own policies. It makes some recommendations and gives discussions relevant areas. This guide is only a framework for setting security policies and procedures. In order to have an effective set of policies and procedures, a site will have to make many decisions, gain agreement, and then communicate and implement the policies.

Richard Pethia, Steve Crocker, Barbara Y. Fraser, Guidelines for the Secure Operation of the Internet
Abstract: The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet.

Richard Pethia, Steve Crocker, Barbara Y. Fraser, Guidelines for the Secure Operation of the Internet
Abstract: The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet.

Richard Pethia, Steve Crocker, Barbara Y. Fraser, Internet Security Policy Recommendations
Abstract: The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet.

Richard Pethia, Steve Crocker, Internet Security Policy Recommendations(WORKING DRAFT)
Abstract: This is a revised working draft of a proposed Internet security policy for your review and comment. This is a revision of the original October 9 draft.

Richard Pethia, Steve Crocker, Internet Security Policy(WORKING DRAFT)
Abstract: This is a working draft of a proposed Internet security policy for your review and comment.

Paul Holbrook, Joyce K. Reynolds, Security Policy Handbook
Abstract: This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet. This guide lists issues and factors that a site must consider when setting their own policies. It makes some recommendations and gives discussions relevant areas. This guide is only a framework for setting security policies and procedures. In order to have an effective set of policies and procedures, a site will have to make many decisions, gain agreement, and then communicate and implement the policies.

Paul Holbrook, Joyce K. Reynolds, Security Policy Handbook(DRAFT - 26-Nov-90)
Abstract: This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet. This guide lists issues and factors that a site must consider when setting their own policies. It makes some recommendations and gives discussions relevant areas. This guide is only a framework for setting security policies and procedures. In order to have an effective set of policies and procedures, a site will have to make many decisions, gain agreement, and then communicate and implement the policies.

Paul Holbrook, Joyce K. Reynolds, Current_Meeting_Report_Ssphwg Minutes
Abstract: SSPHWG meeting report. The first pass draft of the Handbook was well received, and the general consensus of attendees is to keep with the direction of the document with one more pass at the next IETF in Colorado. Submission of the Handbook to the Internet Draft process is projected to be in mid-December, for publication as an RFC FYI at the end of 1990.

Paul Holbrook, Joyce K. Reynolds, Current_Meeting_Report_Ssphwg Minutes
Abstract: SSPHWG meeting report. Including the agenda, needs, what procedures and policies should be in place, also including an overview of the handbook, and list and discussion of issues, etc.

Paul Holbrook, Joyce K. Reynolds, Current_Meeting_Report_Ssphwg Minutes
Abstract: SSPHWG meeting report. Discussion of Handbook's current draft status from 29-Nov-90. It has been decided to go ahead with the I-D process to RFC publication.

Site Security Policy Handbook Working Group, Site Security Policy Handbook Working Group
Abstract: This is a copy of the charter for Site Security Policy Handbook Working Group (ssphwg).

SSPHWG, SSPHWG Collection
Abstract: This is the mail archives for the ssphwg@cert.sei.cmu.edu mailing list. This is in MH packf format, with each message surrounded by control-A characters so you can read the messages individually with your favorite mailer.

SSPHWG, SSPHWG Short Collection
Abstract: This is an abridged copy of the mail archives with some of the less useful messages removed (adminstrivia about upcoming meetings and such). Also in packf format.

_____

O Built by Mark Crosbie and Ivan Krsul.

Security Archive Page Security Archive Homepage.

COAST Homepage COAST Project (CERIAS)Page.

Purdue CS Homepage Purdue CS Dept page.


security-archive@cerias.purdue.edu (COAST Security Archive)