[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

National Cryptologic School



DAW provided this URL:

   http://csrc.nist.gov/training/in170.zip

   1996-04-29 Introduction to Computer Security
   National Cryptologic School
   Interactive Courseware Trainee Guide
   (formerly, CP-133) (37 zipped files, DOS program) 

We've had a look at this course, a primer on CompSec
and a required course for all DoD employees. It takes 
some fiddling to get past the sign-on block. Hint: after
unzipping execute "student.exe" and enter "CP" as the 
lesson. Repeat for other listed files, CPxxx - CPxxx.

It's basic stuff but worthwhile for its claims, these among 
others:

1. Most hackers are employees of the target.

2. Negligence, accidents and sloppy sys-administration are 
prime causes of disruptions, perhaps more than deliberate 
attacks.

3. Environmental weaknesses are often overlooked by
security experts too focussed on computer systems.

It lists these security documents as references:

   EO 12356 [superceded by EO 12958]
   DCID 1/16 [Director of Central Intelligence Directive]
   DoDDir 5200.28
   DoD 5200.28 STD
   Public Law 100-235
   NSA/CSS Dir 10-27
   NSA/CSS Manual 130-1 (NSAM 130-1)
   NSA/CSS Manual 130-2 (NSAM 130-2)
   NSA/CSS Reg 130-2
   NTISSAM COMPSEC 1-87
   The Rainbow Series
   OMB A-130

Does anyone know of a source for the DCID series and the
NSA/CSS series? Some of the others are available on the Web 
-- see AltaVista.

While looking for these we ran across an informative implementation 
of infosec and compsec:

   Information Systems Accreditation Document, 4 Volumes

   System Security Requirements for the
   Department of Defense Intelligence Information System

   Automated Message Handling System (AMHS) V2.x

   By:   McDonnell Douglas Aerospace
   For:   Electronic Systems Center,  Air Force Materiel Command

Which we've put at:

   http://jya.com/amhs.htm