skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Computer assisted audit techniques for UNIX (UNIX-CAATS)

Conference ·
OSTI ID:7104664

Federal and DOE regulations impose specific requirements for internal controls of computer systems. These controls include adequate separation of duties and sufficient controls for access of system and data. The DOE Inspector General's Office has the responsibility to examine internal controls, as well as efficient use of computer system resources. As a result, DOE supported NIST development of computer assisted audit techniques to examine BSD UNIX computers (UNIX-CAATS). These systems were selected due to the increasing number of UNIX workstations in use within DOE. This paper describes the design and development of these techniques, as well as the results of testing at NIST and the first audit at a DOE site. UNIX-CAATS consists of tools which examine security of passwords, file systems, and network access. In addition, a tool was developed to examine efficiency of disk utilization. Test results at NIST indicated inadequate password management, as well as weak network resource controls. File system security was considered adequate. Audit results at a DOE site indicated weak password management and inefficient disk utilization. During the audit, we also found improvements to UNIX-CAATS were needed when applied to large systems. NIST plans to enhance the techniques developed for DOE/IG in future work. This future work would leverage currently available tools, along with needed enhancements. These enhancements would enable DOE/IG to audit large systems, such as supercomputers.

Research Organization:
National Inst. of Standards and Technology, Gaithersburg, MD (United States)
Sponsoring Organization:
USDOE; USDOE, Washington, DC (United States)
DOE Contract Number:
AI01-83IG00049
OSTI ID:
7104664
Report Number(s):
CONF-9105126-7; ON: DE92019011
Resource Relation:
Conference: 14. U.S. Department of Energy (DOE) computer security group conference, Concord, CA (United States), 7-9 May 1991
Country of Publication:
United States
Language:
English

Similar Records

Computer assisted audit techniques for UNIX (UNIX-CAATS)
Conference · Tue Dec 31 00:00:00 EST 1991 · OSTI ID:7104664
Audit Report on "Protection of the Department of Energy's Unclassified Sensitive Electronic Information"
Technical Report · Sat Aug 01 00:00:00 EDT 2009 · OSTI ID:7104664
Evaluation Report on "The Department's Unclassified Cyber Security Program"
Technical Report · Thu Oct 01 00:00:00 EDT 2009 · OSTI ID:7104664

Related Subjects

99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
AUDITS
COMPUTER-AIDED INSTRUCTION
COMPUTER ARCHITECTURE
COMPUTER NETWORKS
CONTROL
EXECUTIVE CODES
SECURITY
COMPUTER CODES
EDUCATION
TRAINING
990200* - Mathematics & Computers