Foundations of a Security Policy for Use of the National Research and Educational Network

The National Research and Education Network (NREN) is an integral part of the planned High-Performance Computing and Communication (HPCC) infrastructure that will extend throughout the scientific, technical and education communities. The projected vision is one of desks and laboratory benches as entry points to a nation-wide electronic network of information technologies with shared access to services and resources such as high-performance computing systems, specialized software tools, databases, scientific instruments, digital libraries, and other research facilities. The purpose of this report is to explore the foundations of a security policy and propose a security policy for the NREN, one that is applicable to and identifies responsibilities of all major network constituents: end users, system administrators, management at all levels, vendors, system developers, service providers, and the Federal Networking Council.