Information Systems Security Manager (ISSM) - Marine Corps ...

More documents

Recommendations

Info

NAVSO P-5239-04SEPTEMBER 1995NCSC-TG-001 , A Guide to Understanding Audit in Trusted Systems, Version 2, 1 June1988.This document provides a set of good practices related to the use of auditing in automatic dataprocessing systems employed for processing classified and other sensitive information.*NCSC-TG-003 , A Guide To Understanding Discretionary Access Control In TrustedSystems, Version 1, 30 September 1987.This document discusses issues involved in designing, implementing, and evaluating DACmechanisms. Its primary purpose is to provide guidance to manufacturers on how to selectand build effective DAC mechanisms.NCSC-TG-005 , Trusted Network Interpretation of the Trusted Computer System EvaluationCriteria, National Computer Security Center, Version 1 , July 1987.The TNI or "Red" Book" was issued by the National Computer Security Center (NCSC) aspart of its program to promulgate technical computer security guidelines. The interpretationextends the evaluation classes of the "Orange Book" to trusted network systems andcomponents.NCSC-TG-017 , A Guide To Understanding Identification And Authentication In TrustedSystems, Version 1, September 1991.This document provides guidance to vendors on how to design and incorporate effectiveidentification and authentication (I&A) mechanisms into their systems. It also aids vendorsand evaluators in understanding I&A requirements.*NCSC-TG-027 , A Guide to Understanding Information System Security OfficerResponsibilities for Automated Information Systems, National Computer Security Center,Version 1, May 1992.This document helps ISSOs understand their responsibilities for implementing andmaintaining security in a system. This guideline also discusses the roles and responsibilitiesof other individuals who are responsible for security and their relationship to the ISSO, asdefined in various component regulation and standards.NCSC-TG-028 , Assessing Controlled Access Protection, Version 1, 25 May 1992.This document explains the controlled access protection requirements of the TrustedComputer System Evaluation Criteria.A-6
NAVSO P-5239-04SEPTEMBER 1995NCSC-TG-029 , Introduction to Certification and Accreditation, Version 1, January 1994.This document provides an introduction to C&A concepts, provides an introductorydiscussion of some basic concepts related to C&A, and sets the baseline for furtherdocuments.National Institute of Standards and Technology*Federal Information Processing Standard s Publication 87 , Guidelines for ContingencyPlanning, 27 March 1981.This document provides guidelines to be used in the preparation of IS contingency plans. Theobjective is to ensure that IS personnel and others who may be involved in the planningprocess, are aware of the types of information that should be included in such plans; toprovided a recommended structure and a suggested format; and generally to make thosepersons responsible aware of the criticality of the contingency planning process.Federal Information Processing Standard on Trusted Systems Technology , MinimumSecurity Functionality Requirements for Multi-User Operating Systems, Issue 1, 16 January1992.This document provides basic commercial computer system security requirements applicableto both government and commercial organizations. These requirements include technicalmeasures that can be incorporated into multi-user, remote-access, resource-sharing, andinformation-sharing computer systems.Federal Information Processing Standard on Trusted Systems Technology , FederalCriteria for Information Technology Security, Protection Profile Development, Volume 1,Version 1.0, December 1992.This document provides a basis for developing, analyzing, and registering criteria forinformation technology (IT) product security development and evaluation. It explains how touse provided generic requirements as building blocks to create unique sets of IT productsecurity criteria called protection profiles. There are four principal objectives:• Develop an extensible and flexible framework for defining new requirements for ITproduct security• Enhance existing IT product security development and evaluation criteria, 3) Facilitateinternational harmonization of IT product security development and evaluation criteria• Preserve the fundamental principles of IT product security.A-7
Page 1:
Department of the Navy NAVSO P-5239
Page 5:
NAVSO P-5239-04SEPTEMBER 1995FOREWO
Page 8 and 9:
NAVSO P-5239-04SEPTEMBER 1995TABLE
Page 10 and 11: NAVSO P-5239-04SEPTEMBER 1995· Sec
Page 12 and 13: NAVSO P-5239-04SEPTEMBER 1995techni
Page 14 and 15: NAVSO P-5239-04SEPTEMBER 1995ISEASS
Page 16 and 17: NAVSO P-5239-04SEPTEMBER 19953.0 IN
Page 18 and 19: NAVSO P-5239-04SEPTEMBER 1995· Sit
Page 20 and 21: NAVSO P-5239-04SEPTEMBER 1995the DO
Page 22 and 23: NAVSO P-5239-04SEPTEMBER 19953.2 Ri
Page 24 and 25: NAVSO P-5239-04SEPTEMBER 1995workin
Page 26 and 27: NAVSO P-5239-04SEPTEMBER 19953.3 Ac
Page 28 and 29: NAVSO P-5239-04SEPTEMBER 19953.4 Ad
Page 30 and 31: NAVSO P-5239-04SEPTEMBER 1995Virus
Page 32 and 33: NAVSO P-5239-04SEPTEMBER 19953.5 Tr
Page 34 and 35: NAVSO P-5239-04SEPTEMBER 1995- Expl
Page 36 and 37: NAVSO P-5239-04SEPTEMBER 19953.6 Ph
Page 38 and 39: NAVSO P-5239-04SEPTEMBER 1995· Eva
Page 40 and 41: NAVSO P-5239-04SEPTEMBER 19953.7 Au
Page 42 and 43: NAVSO P-5239-04SEPTEMBER 19953.8 In
Page 44 and 45: NAVSO P-5239-04SEPTEMBER 19953.9 Se
Page 46 and 47: NAVSO P-5239-04SEPTEMBER 19953.10 C
Page 48 and 49: NAVSO P-5239-04SEPTEMBER 19953.11 S
Page 50 and 51: NAVSO P-5239-04SEPTEMBER 199542
Page 52 and 53: NAVSO P-5239-04SEPTEMBER 1995update
Page 55 and 56: NAVSO P-5239-04SEPTEMBER 1995Securi
Page 57 and 58: NAVSO P-5239-04SEPTEMBER 1995SECNAV
Page 59: NAVSO P-5239-04SEPTEMBER 1995This d
Page 63 and 64: NAVSO P-5239-04SEPTEMBER 1995NTISSP
Page 65 and 66: NAVSO P-5239-04SEPTEMBER 1995primar
show all

Information Systems Security Manager (ISSM) - Marine Corps ...

Create successful ePaper yourself

Delete template?

Save as template?