Information Assurance

• Committee on National Security Systems library
  • CNSS Instruction No. 4009: National Information Assura nce (IA) Glossary
• National Training Standards Workshop, 1998
• DOD preps office for cyberdefense, by Daniel Verton, Federal Computer Week, July 13, 1998
• National Information Assurance Partnership, NIST/NSA
• Information Assurance Technology Analysis Center, DoD
• Information Assurance Support Environment, DISA
• NSA/CSS INFOSEC page, NSA Information Assurance Directorate
• National INFOSEC Education & Training Program, NSA
• IEEE Task Force on Information Assurance
• Critical Infrastructure Assurance Office, DHS Information Analysis and Infrastructure Protection Directorate
• Information Assurance Web Site, Defense Security Service
• IA: The Challenge of Enforcement, by Mickey McCarter, Military Information Technology
• The new face of security: Five Cyber Corps recruits reflect the changing culture of government security, by Colleen O'Hara, August 5, 2002

• Recommended readings for INFO498AA course
  • NSTISSI 4009: CNSS Instruction 4009, National Information Assurance Glossary
  • NSITSSI standards 4011, 4012, 4013, 4014, and 4015
  • Complete Committee on National Security Standards (CNSS) Library
  • Jobs!
    • Cyber Dudes to the Rescue, by Janet Reitman, The Los Angeles Times Magazine, November 17, 2002
    • No Recession for Cybersecurity, by Gail Repsher Emery, Washington Technology, November 29, 2001
    • Scholarships and DoD Jobs for Students at Centers of Academic Excellence in Information Assurance Education (CAEs)
  • Laws, legal issues
    • Critical Information Infrastructure Protection and the Law, Committee on Critical Infrastructure Protection and the Law, National Academies Press
    • Computer Fraud and Abuse Act
    • P.L. 97-255 -- (H.R. 1526) Federal Managers Financial Integrity Act of 1982, September 8, 1982
    • Federal Property and Administrative Services Act of 1949, as amended
    • United States Code TITLE 44--PUBLIC PRINTING AND DOCUMENTS, CHAPTER 33--DISPOSAL OF RECORDS
    • National Archives and Records Act and Freedom of Information Act
    • The Privacy Act of 1974 (5 U.S.C. § 552a)
    • FindLaw's pages on the Freedom of Information Act and the Federal Privacy Law of 1974
    • FCIC: Your Right to Federal Records
    • FEDERAL PROPERTY AND ADMINISTRATIVE SERVICES ACT OF 1949 (P.L. 81-152, 63 Stat. 377)
    • Legal Issues White Paper, Critical Infrastructure Assurance Office, Office of the President
  • Federal policy, procedure and guidance
    • NIST Computer Security Resource Center
    • U.S. Policies, Directives, Standards and Guidelines (Provides history, purpose, and relationships)
    • Practices for Securing Critical Information Assets, January 2000, Critical Infrastructure Assurance Office (CIAO)
    • NCSC-TG-029: Introduction to Certification and Accreditation ("Blue Book") (part of the NCSC's "Rainbow series")
    • DoD 5200.28-STD: Department of Defense Trusted Computer System Evaluation Criteria ("Orange Book") (part of the NCSC's "Rainbow series")
    • NCSC-TG-029: Introduction to Certification and Accreditation ("Blue Book") (part of the NCSC's "Rainbow series")
    • NCSC-TG-005: Trusted Network Interpretation ("Red Book") (part of the NCSC's "Rainbow series")
    • The Rainbow Series Library
    • DoD 5200 39r, Defense Manual on Research and Technology Protection Procedures
    • Executive Order 12958: CLASSIFIED NATIONAL SECURITY INFORMATION
    • 32 CFR 2003: NATIONAL SECURITY INFORMATION--STANDARD FORMS (marking of sensitive/classified information)
    • NSD 42: Governing Procedures of the National Security Telecommunications and Information Systems Security Committee (NSTISSC)
    • Office of Management and Budget CIRCULAR NO. A-130, Revised February 8, 1996
    • Department of Defense DIRECTIVE NUMBER 5400.11 (DoD Privacy Program), December 13, 1999
    • Office of Management and Budget Financial Management Integrity information
  • Communications Security (COMSEC)/Operations Security (OPSEC)
    • NACSI - 6002: National COMSEC Instruction
    • Secure Internet Data Transmission
    • TEMPEST
    • NSTISSAM TEMPEST/2-95: Red/Black Installation Guidance
    • The Complete, Unofficial TEMPEST Information Page
    • DoD Directive 5200.2: DoD Personnel Security Program
    • Field Manual 3-19.30: Physical Security
    • National Industrial Security Program Operating Manual (NISPOM)
    • Public Safety Wireless Network Land Mobile Radio System Recommended Security Policy, October 1999
    • Contractor Self-Inspection Handbook (for contractor COMSEC/OPSEC audit and assurance)
    • COMSC Instruction 2020.1: Organizational E-Mail and Facsimile Implementation, Department of the Navy
  • Continuity of Operations (COOP)
    • DoDD 3020.26: Continuity of Operations, Policies and Planning
    • SANS InfoSec Reading Room: Disaster Recovery
    • NIST 800-12 -- An Introduction to Computer Security: The NIST Handbook, October 1995
    • Example: U.S. Treasury's Continuity of Operations (COOP) Plan
    • CERT/CC Distributed System Intruder Tools Workshop, December 1999
  • Example Security Policies of Government Agencies
    • White House Privacy and Security Policy
    • USDA Food Safety and Inspection Service Privacy & Security Policy
    • Department of Defense (DoD) Level Policy References
    • SANS Institute Security Policy Project
    • NIST Draft Introduction to Computer Security Policy
  • Critical Infrastructure Protection
    • Presidential Decision Directive 63 (.pdf)
    • Critical Infrastructures: What Makes an Infrastructure Critical? (.pdf)
    • The National Strategy for Homeland Security (July 2002)
    • National Strategy for the Physical Protection of Critical Infrastructures and Key Assets (.pdf)
    • National Strategy to Secure Cyberspace (.pdf)
    • Practices For Securing Critical Information Assets
    • Whitepaper on the IT-ISAC
    • Common Vulnerabilities and Exposures Impact Statement (.pdf)
    • Vulnerability Assessment Framework 1.1 (.pdf)
    • President's Commission on Critical Infrastructure Protection documents list
    • Critical Information Infrastructure Protection and the Law, Committee on Critical Infrastructure Protection and the Law, National Academies Press
  • Other related references
    • How To Spot Insider - Attack Risks In The IT Department, by Larry Greenemeier, InformationWeek, December 11, 2006
    • Summary of Discussions at a Planning Meeting on Cyber-Security and the Insider Threat to Classified Information, Computer Science and Telecommunications Board, The National Research Council, November 1-2, 2000
    • Caller ID: Maintaining Investigative Security, By David P. Williams, FBI (Caller-ID and ANI security/countermeasures)
    • One Man Against Secrecy: Newsletter Editor Works to Limit Classified Information, by Dana Priest, Washington Post, November 26, 2003 (This article shows two examples of sensitive information being accessed through web pages.)