FIPS PUB 73 : 0
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
GUIDELINE FOR SECURITY OF COMPUTER APPLICATIONS
08-02-2005
1. INTRODUCTION
2. SECURITY OBJECTIVES AND VULNERABILITIES
2.1 Integrity, Confidentiality and Availability
2.2 Accidental and Deliberate Events
2.3 Examples of Sensitive Applications
2.3.1 Applications Providing General Processing Support
2.3.2 Funds Disbursement, Accounting, Asset Management
Systems
2.3.3 General-Purpose Information Systems
2.3.4 Automated Decisionmaking Systems
2.3.5 Real-Time Control Systems
2.3.6 System Affecting National Security or Well-Being
2.4 Vulnerabilities
3 BASIC CONTROLS
3.1 Data Validation
3.1.1 Consistency and Reasonableness Checks
3.1.2 Validation During Data Entry
3.1.3 Validation During Processing
3.1.4 Data Elements Dictionary/Directory
3.1.5 Management Considerations
3.2 User Identity Verification
3.2.1 Requirements for Identity Verification
3.2.2 Basic Techniques
3.2.3 Management Considerations
3.3 Authorization
3.3.1 Authorization Schemes
3.3.2 Delegation of Authority
3.3.3 Protecting the Authorization Data
3.3.4 Authorization Schemes for Confidential Data
3.3.5 Management Considerations
3.4 Journalling
3.4.1 Contents of the Journal
3.4.2 The Journal as Legal Evidence
3.4.3 Management Considerations
3.5 Variance Detection
3.5.1 Management Inspection of Event Journals
3.5.2 External Variance Detection Methods
3.5.3 Response to Variances
3.5.4 Dynamic Monitoring
3.5.5 Management Considerations
3.6 Encryption
3.6.1 Encrypting Computer Communications
3.6.2 Encrypting Off-Line Storage
3.6.3 Encrypting On-Line Files
3.6.4 Management Considerations
4 SELECTION OF CONTROLS THROUGHOUT THE SYSTEM LIFE CYCLE
4.1 The Application System Life Cycle
4.2 Improving Security for Existing Applications
4.3 Auditor Involvement in the System Life Cycle
5 PLANNING FOR SECURITY DURING THE INITIATION PHASE
5.1 Security Feasibility
5.1.1 Source Data Accuracy
5.1.2 User Identity Verification
5.1.3 Restricted interfaces
5.1.4 Separation of Duties
5.1.5 Facility Security
5.2 Initial Assessment of Risks
5.2.1 Impact of Major Failures
5.2.2 Frequency of Major Failures
6 BUILDING IN SECURITY DURING THE DEVELOPMENT PHASE
6.1 Definitions of Security Requirements
6.1.1 Applications System Interfaces
6.1.2 Responsibilities Associated with Each Interface
6.1.3 Separation of Duties
6.1.4 Sensitive Objects and Operations
6.1.5 Error Tolerance
6.1.6 Availability Requirements
6.1.7 Requirements for Basic Controls
6.1.8 Management Considerations
6.2 Designing for Security
6.2.1 Unnecessary Programming
6.2.2 Restricted User Interfaces
6.2.3 Human Engineering
6.2.4 Shared Computer Facilities
6.2.5 Isolation of Critical Code
6.2.6 Backup and Recovery
6.2.7 Use of Available Controls
6.2.8 Design Review
6.3 Programming Practices for Security
6.3.1 Peer Review
6.3.2 Program Library
6.3.3 Documentation of Security-Related Code
6.3.4 Programmer Association with Operational System
6.3.5 Redundant Computation
6.3.6 Program Development Tools
6.4 Test and Evaluation of Security Software
6.4.1 Test Plan
6.4.2 Static Evaluation
6.4.3 Dynamic Testing
7 PRESERVING SECURITY DURING OPERATIONS
7.1 Control of Data
7.1.1 Input Verification
7.1.2 Data Storage Management
7.1.3 Output Dissemination Control
7.2 Employment Practices
7.2.1 Hiring Procedures
7.2.2 Assignment Procedures
7.2.3 Termination Procedures
7.3 Security Training
7.3.1 Task Training
7.3.2 Security Awareness Training
7.4 Response to Security Variances
7.5 Software Modification and Hardware Maintenance
7.5.1 Modification of Software
7.5.2 Maintenance of Hardware
7.6 Contingency Planning
7.6.1 Identification of Critical Functions
7.6.2 Alternate Site Operations
7.6.3 Manual Replacement of Limited Processing
7.6.4 Backup of Data
7.6.5 Recovery of Data
7.6.6 Restoration of the Facility
REFERENCES AND ADDITIONAL READINGS
Describe methods and techniques that can reduce the hazards associated with computer applications.
Committee |
AREA IPSC
|
DevelopmentNote |
NOTICE OF WITHDRAWAL. (01/2008)
|
DocumentType |
Standard
|
Pages |
60
|
PublisherName |
US Military Specs/Standards/Handbooks
|
Status |
Withdrawn
|
BS IEC 62055-41:2014 | Electricity metering. Payment systems Standard transfer specification (STS). Application layer protocol for one-way token carrier systems |
13/30284056 DC : 0 | BS EN 62055-41 - ELECTRICITY METERING - PAYMENT SYSTEMS - PART 41: STANDARD TRANSFER SPECIFICATION (STS) - APPLICATION LAYER PROTOCOL FOR ONE-WAY TOKEN CARRIER SYSTEMS |
IEC 62055-41:2014 RLV | Electricity metering – Payment systems – Part 41: Standard transfer specification (STS) – Application layer protocol for one-way token carrier systems |
IEC 62055-41:2018 RLV | Electricity metering - Payment systems - Part 41: Standard transfer specification (STS) - Application layer protocol for one-way token carrier systems |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.