Publications
Withdrawn on February 08, 2005.
Guidelines for Security of Computer Applications
Documentation
Topics
Date Published: June 30, 1980
Planning Note (2/8/2005):
The withdrawal of this FIPS was announced in the Federal Register.
Author(s)
National Bureau of Standards
Security decisions should be an integral part of the entire planning, development, and operation of a computer application. This guideline describes the technical and managerial decisions that should be made in order to assure that adequate controls are included in new and existing computer applications to protect them from natural and human-made hazards and to assure that critical functions are performed correctly and with no harmful side effects. The multifaceted nature of computer security is described, and differences in security objectives, sensitivity levels, and vulnerabilities that must be considered are identified. Fundamental security controls such as data validation, user identity verification, authorization, journalling, variance detection, and encryption are discussed as well as security-related decisions that should be made at each stage in the life cycle of a computer application. These include questions about security feasibility and risk assessment that should be asked during initial planning, decisions that should be made during the design, programming and testing phases, controls that should be enforced during the development process, and security provisions that should be enforced during the day-to-day operation of the system.
Security decisions should be an integral part of the entire planning, development, and operation of a computer application. This guideline describes the technical and managerial decisions that should be made in order to assure that adequate controls are included in new and existing computer...
See full abstract
Security decisions should be an integral part of the entire planning, development, and operation of a computer application. This guideline describes the technical and managerial decisions that should be made in order to assure that adequate controls are included in new and existing computer applications to protect them from natural and human-made hazards and to assure that critical functions are performed correctly and with no harmful side effects. The multifaceted nature of computer security is described, and differences in security objectives, sensitivity levels, and vulnerabilities that must be considered are identified. Fundamental security controls such as data validation, user identity verification, authorization, journalling, variance detection, and encryption are discussed as well as security-related decisions that should be made at each stage in the life cycle of a computer application. These include questions about security feasibility and risk assessment that should be asked during initial planning, decisions that should be made during the design, programming and testing phases, controls that should be enforced during the development process, and security provisions that should be enforced during the day-to-day operation of the system.
Hide full abstract
Keywords
ADP security; application system security: computer applications; computer reliability; computer security; data confidentiality; data integrity; data security; Federal Information Processing Standards Publication; security controls; system life cycle; ADP availability; system security
Control Families
None selected