In Carrying out its charter to help federal agencies meet thier individual information technology (IT) security requirements, the National Institute of standards and Technology (NIST) must understand what agencies need to meet those requirements.  The initial effort to improve NIST\‘s ability to identify sources of IT security-related requirements and needs, conducting an in-depth study, and establishing ongoing mechanisms to facilitate communiction between NIST and agencies.  Thhe recently conducted study involved interviews with federal agency staff and a survey in which respondents indicated the importance and immediacy of a set three dozen candidate needs.  Study participants, applications, individual perspectives, and data processing environments. The result of the study contribute to a sound basis for plannning future NIST IT security standards, guidance, and related activities.  NIST is committed to developing and documenting a clear understanding of agency needs in this area and to using the documented, validated needs as input to its program. The report documents the study.

Environmental bugs are bugs caused by limitations of precision or capacity in the nvironment of a piece of software. These bugs may be difficult to activate and even more difficult to find. This paper reports on a n extension to traditional matational testing that enables testing specifically for environmental bugs involving integer arithmetic. This method is both simple and effective, and provides some insight into other possible extensions of mutation testing methodology that can be used to expose environmental bugs.

This paper addresses the problem of tracing intruders who obscure their identity by logging on through a chain of different machines.

this handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls.  It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations. The handbook provides a broad overview of computer security to help readers understand their computer security needs and develop a sound approach to the selection of appropriate security controls.  It does not describe detailed steps necessary to implement a computer security program,provide detailed implementation procedures for security controls, or give guidance for auditing the security of specific systems.  General references are provided at teh end of this chapter, and references of \“how-to\” books and articls are provided at the end of each chapter in Part II, II, and IV. the purpose of this handbook is not to specify requirements but, rather, to discuss the benefits of various computer security controls and situations in which their application may be appropriate.  SOme requirements for federal systems are noted in the text.  Thsi document provides advice and guidance; no penaltie are stipulated.

the database Language SQL (SQL) is a widely used language for accessing and manipulating relational databases. Assuch, SQL can be of use in many different operational environments, with correspondingly different needs for security.  One specific application of this standard is in Product Data Exchange using STEp (PDES).[PDE93a] This paperexamines the security implications of the versions of the SQL standard as used to implement STEP.  STEP does not imply any particular security policy, so a variety of security policies are examined.  The paper has been written as a companion document to NIST\‘s general SQL security document, Security ISSUES in the Database Language SQL [PB93], and references that document frequently.