A methodology for performing computer security reviews
- Los Alamos National Lab., NM (United States)
This paper reports on DIE Order 5637.1, Classified Computer Security, which requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, the authors have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system.
- OSTI ID:
- 5491139
- Report Number(s):
- CONF-910774-; CODEN: NUMMB
- Journal Information:
- Nuclear Materials Management. Annual Meeting Proceedings; (United States), Vol. 20; Conference: 32. Institute of Nuclear Materials Management (INMM) annual meeting, New Orleans, LA (United States), 28-31 Jul 1991; ISSN 0362-0034
- Country of Publication:
- United States
- Language:
- English
Similar Records
Evaluation Report on "The Department's Unclassified Cyber Security Program"
The methodology of integrated DOE safeguards and security surveys at the Savannah River Site