- Author
- Oldehoeft, A. E.
- Title
- Foundations of a Security Policy for Use of the National Research and Educational Network.
- Coporate
- National Institute of Standards and Technology, Gaithersburg, MD
- Report
- NISTIR 4734, February 1992, 54 p.
- Distribution
- Available from National Technical Information Service
- Contract
- PO-43-NANB112737
- Keywords
- security | standards | computers
- Abstract
- The National Research and Education Network (NREN) is an integral part of the planned High-Performance Computing and Communications infrastructure that will extend throughout the scientific, technical and education communities. The problem of computer and network information security is an important issue that is complicated by the diversity of users and interconnecting networks in the NREN environment. One major impediment to improved security in computer and network systems is the lack of a clearly stated security policy for general computing. In order to establish an appropriate context for developing such a policy for the NREN, this report traces the evolution of a "national" network in the U. S., reviews the fundamental concepts of information security and policies, and identifies the need for developing a policy. A security policy is then proposed for the NREN; one that is intended to provide the basis for continuing discussion and further development. This draft policy identifies responsibilities of all major network constituents: end users, local system administrators, management at all levels, vendors, system developers, service providers, and a national council. It is abstractly stated in order to remain independent of current technologies and organization-specific practices.