Survey of Federal Computer Security Policies,
Abstract
This report documents the subcommittee's survey of current Government computer security policy documents at the national and Federal department/agency levels. The review was undertaken to identify what policy exists, what it addresses, and what responsibilities are assigned. The following criteria were established for 'computer security policy' documents: (1) they must be authoritative and directive in nature and (2) they must reflect in content the multi-disciplinary, total systems approach axiomatic in current computer security policy. Total coverage of Executive Branch agencies and departments (over 70) was deemed impractical - the effort focused on fifteen agencies that represented over 88% of the Government ADP systems reflected in the GSA inventory and included the majority of Cabinet-level departments. A questionnaire format was developed to extract on a common basis key attributes of document policy coverage, and this was to be completed by subcommittee members in the interests of reliability and consistency. A key objective of the process was to identify national level policies and authorities. Existence of policy/program oversight mechanisms was identified as a secondary but very important focus.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 1980
- Accession Number
- ADA103676
Entities
People
- Eugene V. Epperly
Organizations
- Office of the Secretary of Defense