NCSL BULLETIN SEPTEMBER, 1990 BIBLIOGRAPHY OF COMPUTER SECURITY GLOSSARIES Many computer security glossaries and dictionaries have been published since 1976, when NIST issued Federal Information Processing Standards Publication (FIPS PUB) 39, "Glossary for Computer Systems Security." Recognizing the need to update FIPS PUB 39 and taking advantage of the variety of good glossaries that are now available from federal government agencies, industry, standards-making bodies, and other organizations within the computer security community, NIST has compiled a bibliography of selected material instead of developing another glossary. This compilation includes work developed by the Department of Defense (DoD), the American National Standards Institute (ANSI) Accredited Standards Committee X3K5, and private sector organizations. The bibliography includes glossaries that cover a broad spectrum of computer security terminology and concepts. The terms defined reflect those commonly used, as well as current specialized terminology and acronyms. Some are amplified by illustrations. The bibliography will assist the security practitioner in becoming familiar with a variety of glossaries, many of which point to other reference sources. The bibliography is arranged in alphabetical order by title, indicating the author or work of an organization and a brief narrative by which the reader may select the most appropriate glossary. "Computer Security Terms, Abbreviations, and Acronyms" AFSSM 5000, Department of the Air Force, Air Force Systems Security Memoranda, July 31, 1989 (Draft). This glossary will be released in 1991. This 84-page glossary was developed for the U.S. Air Force. Many of its terms and definitions are consistent with those in use in other defense and civilian federal government agencies. "Data & Computer Security - Dictionary of Standards Concepts and Terms" Dennis Longley and Michael Shain, Macmillan Publishers Ltd., 1987. Order copies from CRC Press, Inc., 2000 Corporate Blvd., N.W., Boca Raton, FL 33431. This document contains 376 pages and approximately 4,000 terms. The dictionary provides in-depth definitions and descriptions of computer security terms and concepts. Extensive cross-referencing of terms allows users to compare or contrast terms and definitions. The many illustrations, models, and diagrams further assist users in understanding more complex computer security concepts. The dictionary provides multiple definitions for most of its terms. "Datapro Reports on Information Security" McGraw-Hill, Datapro Research, October 1989. Send subscription requests to McGraw-Hill, Datapro Research, Delran, NJ 08075. This glossary contains over 1,000 terms and definitions. Although developed by a private sector organization, the publication contains many terms and definitions that are consistent with those used throughout federal government agencies. "Glossary of Computer Security Terminology" National Telecommunications and Information Systems Security Committee (NTISSC), September 11, 1987. When the draft is finalized, the document will be available through the Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20402. This 125-page draft glossary is composed largely of terms and definitions taken from official documents of U.S. government departments and agencies, although some definitions have been provided by private sector organizations. The glossary contains multiple definitions for most of its terms. "Glossary of Computer Security Terminology" Douglass L. Mansur (work performed under the auspices of the U.S. Department of Energy by the Lawrence Livermore National Laboratory under Contract No. W-7405-Eng-48) and Maj. Mary C. Curtis, U.S. Air Force, HQ/SCTT. Requests for copies should be sent to Douglass L. Mansur, Lawrence Livermore National Laboratory, L-303, P.O. Box 808, Livermore, CA 94550. This glossary contains approximately 750 computer security terms. Its definitions are taken from official documents of departments and agencies of the U.S. government as well as private sector organizations. The glossary contains multiple definitions for most of its terms. "Glossary of Computer Security Terms" NCSC-TG-004, Version-1, October 21, 1988, National Computer Security Center (NCSC). Copies may be ordered from the Superintendent of Documents, Congressional Sales Office, U.S. Government Printing Office, Washington, DC 20402. This glossary contains approximately 300 terms and definitions and is issued by the National Computer Security Center. It is intended for use by U.S. government agencies or contractors that apply the criteria of DoD Directive 5200.28-STD, "DoD Trusted Computer System Evaluation Criteria" in the use of their computer systems. "Supplement A: Computer Security - Results of 179th Meeting, March 16, 1990" ANSI Accredited Standards Committee X3K5, Computer Security Supplement (Draft) to the American National Standard Dictionary for Information Systems. This document, currently in draft, contains brief definitions of approximately 250 computer security terms. The ANSI Accredited Standards Committee X3K5 has yet to decide if the document will be published separately or will be included in the "American National Dictionary for Information Processing Systems." "Tutorial - Computer and Network Security" Marshall D. Abrams and Harold J. Podell, IEEE Computer Society Order Number 756, Library of Congress Number 86- 46217, IEEE Catalog Number EH0255-0, ISBN 0-8186-0756-4, published by IEEE Computer Society Press. Copies can be ordered from the IEEE Computer Society, P.O. Box 80452, Worldway Postal Center, Los Angeles, CA 90080. This brief glossary is in the form of an index to a tutorial and provides definitions for approximately 250 network and computer security terms. The glossary addresses civil government, military (unclassified but sensitive), and private sector use of computer security terminology. The glossary contains multiple definitions for some of its terms.