1997-02-02 - National Cryptologic School

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: c6e2e1d899d0798b0a783e16b60870e330eb9a004ee969a56d9d1fcd4eecbc8b
Message ID: <1.5.4.32.19970202184922.006cda74@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1997-02-02 18:55:05 UTC
Raw Date: Sun, 2 Feb 1997 10:55:05 -0800 (PST)

Raw message

From: John Young <jya@pipeline.com>
Date: Sun, 2 Feb 1997 10:55:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: National Cryptologic School
Message-ID: <1.5.4.32.19970202184922.006cda74@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


DAW provided this URL:

   http://csrc.nist.gov/training/in170.zip

   1996-04-29 Introduction to Computer Security
   National Cryptologic School
   Interactive Courseware Trainee Guide
   (formerly, CP-133) (37 zipped files, DOS program) 

We've had a look at this course, a primer on CompSec
and a required course for all DoD employees. It takes 
some fiddling to get past the sign-on block. Hint: after
unzipping execute "student.exe" and enter "CP" as the 
lesson. Repeat for other listed files, CPxxx - CPxxx.

It's basic stuff but worthwhile for its claims, these among 
others:

1. Most hackers are employees of the target.

2. Negligence, accidents and sloppy sys-administration are 
prime causes of disruptions, perhaps more than deliberate 
attacks.

3. Environmental weaknesses are often overlooked by
security experts too focussed on computer systems.

It lists these security documents as references:

   EO 12356 [superceded by EO 12958]
   DCID 1/16 [Director of Central Intelligence Directive]
   DoDDir 5200.28
   DoD 5200.28 STD
   Public Law 100-235
   NSA/CSS Dir 10-27
   NSA/CSS Manual 130-1 (NSAM 130-1)
   NSA/CSS Manual 130-2 (NSAM 130-2)
   NSA/CSS Reg 130-2
   NTISSAM COMPSEC 1-87
   The Rainbow Series
   OMB A-130

Does anyone know of a source for the DCID series and the
NSA/CSS series? Some of the others are available on the Web 
-- see AltaVista.

While looking for these we ran across an informative implementation 
of infosec and compsec:

   Information Systems Accreditation Document, 4 Volumes

   System Security Requirements for the
   Department of Defense Intelligence Information System

   Automated Message Handling System (AMHS) V2.x

   By:   McDonnell Douglas Aerospace
   For:   Electronic Systems Center,  Air Force Materiel Command

Which we've put at:

   http://jya.com/amhs.htm







Thread