`
`The attached publication has been archived (withdrawn), and is provided solely for historical purposes.
`It may have been superseded by another publication (indicated below).
`
`Archived Publication
`Series/Number:
`Title:
`
`Publication Date(s):
`Withdrawal Date:
`Withdrawal Note:
`
`NIST Special Publication 800-12
`An Introduction to Computer Security: the NIST Handbook
`
`October 1995
`June 21, 2017
`SP 800-12 is superseded in its entirety by the publication of SP
`800-12 Revision 1.
`
`Superseding Publication(s)
`The attached publication has been superseded by the following publication(s):
`
`Series/Number:
`Title:
`
`NIST Special Publication 800-12 Revision 1
`An Introduction to Information Security
`
`Author(s):
`
`Michael Nieles; Kelley Dempsey; Victoria Yan Pillitteri
`
`Publication Date(s):
`URL/DOI:
`
`June 2017
`https://doi.org/10.6028/NIST.SP.800-12r1
`
`Additional Information (if applicable)
`Contact:
`Computer Security Division (Information Technology Laboratory)
`Latest revision of the
`SP 800-12 Rev. 1 (as of June 21, 2017)
`attached publication:
`Related information:
`
`Withdrawal
`announcement (link):
`
`N/A
`
`Date updated: (cid:58)(cid:437)(cid:374)(cid:286)(cid:3)(cid:1006)(cid:1005)(cid:853)(cid:3)(cid:1006)(cid:1004)(cid:1005)(cid:1011)
`
`Nintendo - Ancora Exh. 1040
`Page 1
`
`
`
`HATl INST. OF STAND & TECH R.I.C.
`
`AlllOB SEDS3fl
`
`NIST
`
`PUBLICATIONS
`
`NIST Special Publication 800-12
`
`U.S. DEPARTMENT OF
`COMMERCE
`Technology Administration
`National Institute of Standards
`and Technology
`
`An Introduction to Computer
`Security: The NIST Handbook
`
`Barbara Guttman and Edward A. Roback
`
`COMPUTER
`
`SECURITY
`
`Assurance 1)
`
`User
`Issues
`
`Contingency
`Planniii^
`
`I&A
`
`Personnel
`
`Trairang
`
`Access
`
`Controls O
`
`Audit
`
`Planning
`
`Risk
`Managen»nt
`
`) Crypto
`
`Kiysfcal
`Security
`
`Policy
`
`^ J
`& v_
`
`Support/-"^
`
`Operations
`
`U
`
`Program
`Management
`
`~^Tiireats
`
`f
`
`\
`
`i
`
`QC
`
`100
`.U57
`NO. 800-12
`
`1995
`
`Nisr
`
`Nintendo - Ancora Exh. 1040
`Page 2
`
`
`
`The National Institute of Standards and Technology was established in 1988 by Congress to "assist industry
`
`.
`
`. needed to improve product quality, to modernize manufacturing processes,
`in the development of technology .
`. and to facilitate rapid commercialization ... of products based on new scientific
`
`to ensure product reliability .
`
`.
`
`discoveries."
`NIST, originally founded as the National Bureau of Standards in 1901, works to strengthen U.S. industry's
`competitiveness; advance science and engineering; and improve public health, safety, and the environment. One of the
`agency's basic functions is to develop, maintain, and retain custody of the national standards of measurement, and
`provide the means and methods for comparing standards used in science, engineering, manufacturing, commerce,
`industry, and education with the standards adopted or recognized by the Federal Government.
`As an agency of the U.S. Commerce Department's Technology Administration, NIST conducts basic and applied
`research in the physical sciences and engineering, and develops measurement techniques, test methods, standards, and
`related services. The Institute does generic and precompetitive work on new and advanced technologies. NIST's
`research facilities are located at Gaithersburg, MD 20899, and at Boulder, CO 80303. Major technical operating units
`and their principal activities are listed below. For more information contact the Public Inquiries Desk, 301-975-3058.
`
`Office of the Director
`• Advanced Technology Program
`• Quality Programs
`• International and Academic Affairs
`
`Technology Services
`• Manufacturing Extension Partnership
`
`• Standards Services
`
`• Technology Commercialization
`• Measurement Services
`• Technology Evaluation and Assessment
`
`• Information Services
`
`Materials Science and Engineering
`Laboratory
`• Intelligent Processing of Materials
`
`• Ceramics
`
`• Materials Reliability'
`
`• Polymers
`
`• Metallurgy
`
`• Reactor Radiation
`
`Chemical Science and Technology
`Laboratory
`• Biotechnology
`• Chemical Kinetics and Thermodynamics
`• Analytical Chemical Research
`• Process Measurements
`• Surface and Microanalysis Science
`
`• Thermophysics^
`
`Physics Laboratory
`• Electron and Optical Physics
`• Atomic Physics
`• Molecular Physics
`
`• Radiometric Physics
`• Quantum Metrology
`• Ionizing Radiation
`• Time and Frequency'
`• Quantum Physics'
`
`'At Boulder. CO 80303.
`^Some elements at Boulder, CO 80303.
`
`Manufacturing Engineering Laboratory
`• Precision Engineering
`• Automated Production Technology
`• Intelligent Systems
`• Manufacturing Systems Integration
`
`• Fabrication Technology
`
`Electronics and Electrical Engineering
`Laboratory
`• Microelectronics
`• Law Enforcement Standards
`• Electricity
`
`• Semiconductor Electronics
`
`• Electromagnetic Fields'
`
`• Electromagnetic Technology'
`
`• Optoelectronics'
`
`Building and Fire Research Laboratory
`• Structures
`
`• Building Materials
`• Building Environment
`
`• Fire Safety
`
`• Fire Science
`
`Computer Systems Laboratory
`• Office of Enterprise Integration
`
`• Information Systems Engineering
`• Systems and Software Technology
`• Computer Security
`• Systems and Network Architecture
`• Advanced Systems
`
`Computing and Applied Mathematics
`Laboratory
`• Applied and Computational Mathematics^
`
`• Statistical Engineering^
`• Scientific Computing Environments^
`• Computer Services
`• Computer Systems and Communications^
`• Information Systems
`
`Nintendo - Ancora Exh. 1040
`Page 3
`
`
`
`NIST Special Publication 800-12
`
`An IlltrOdUCtion tO CompUtCr
`Security: The NIST Handbook
`
`Barbara Guttman and Edward Roback
`
`COMPUTER SECURITY
`
`Computer Systems Laboratory
`
`National Institute of Standards
`and Technology
`Gaithersburg, MD 20899-0001
`
`October 1995
`
`U.S. Department of Commerce
`Ronald H. Brown, Secretary
`
`Technology Administration
`Mary L. Good, Under Secretary for Technology
`
`National Institute of Standards and Technology
`Arati Prabhakar, Director
`
`Nintendo - Ancora Exh. 1040
`Page 4
`
`
`
`Reports on Computer Systems Technology
`
`The National Institute of Standards and Technology (NIST) has a unique responsibility for computer
`systems technology within the Federal government. NIST's Computer Systems Laboratory (CSL) devel-
`ops standards and guidelines, provides technical assistance, and conducts research for computers and
`related telecommunications systems to achieve more effective utilization of Federal information technol-
`ogy resources. CSL's responsibilities Include development of technical, management, physical, and ad-
`ministrative standards and guidelines for the cost-effective security and privacy of sensitive unclassified
`Information processed In Federal computers. CSL assists agencies in developing security plans and in
`Improving computer security awareness training. This Special Publication 800 series reports CSL re-
`search and guidelines to Federal agencies as well as to organizations In industry, government, and
`academia.
`
`National Institute of Standards and Technology Special Publication 800-12
`Natl. Inst. Stand. Technol. Spec. Publ. 800-12, 272 pages (Oct. 1995)
`CODEN: NSPUE2
`
`U.S. GOVERNMENT PRINTING OFFICE
`WASHINGTON: 1995
`
`For sale by the Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20402
`
`Nintendo - Ancora Exh. 1040
`Page 5
`
`
`
`Table of Contents
`
`I. INTRODUCTION AND OVERVIEW
`
`Chapter 1
`
`INTRODUCTION
`
`1.1
`
`1.2
`
`1.3
`
`1.4
`
`1.5
`
`2.1
`
`2.2
`
`2.3
`
`2.4
`
`2.5
`
`2.6
`
`2.7
`
`2.8
`
`Purpose
`Intended Audience
`Organization
`Important Terminology
`Legal Foundation for Federal Computer Security
`Programs
`
`Chapter 2
`
`ELEMENTS OF COMPUTER SECURITY
`
`Computer Security Supports the Mission of the
`Organization
`Computer Security is an Integral Element of Sound
`Management
`Computer Security Should Be Cost-Effective
`Computer Security Responsibilities and Accountability
`Should Be Made Explicit
`Systems Owners Have Security Responsibilities Outside
`Their Own Organizations
`Computer Security Requires a Comprehensive and
`Integrated Approach
`Computer Security Should Be Periodically Reassessed.
`
`Computer Security is Constrained by Societal Factors.
`
`iii
`
`3
`
`3
`
`4
`
`5
`
`7
`
`9
`
`10
`
`11
`
`12
`
`12
`
`13
`
`13
`
`14
`
`Nintendo - Ancora Exh. 1040
`Page 6
`
`
`
`3.1
`
`3.2
`
`3.3
`
`3.4
`
`3.5
`
`3.6
`
`4.1
`
`4.2
`
`4.3
`
`4.4
`
`4.5
`
`4.6
`
`4.7
`
`4.8
`
`4.9
`
`Chapter 3
`
`ROLES AND RESPONSIBILITIES
`
`Senior Management
`Computer Security Management
`Program and Functional Managers/Application Owners
`
`Technology Providers
`Supporting Functions
`Users
`
`Chapter 4
`
`COMMON THREATS: A BRIEF OVERVIEW
`
`Errors and Omissions
`Fraud and Theft
`Employee Sabotage
`Loss of Physical and Infrastructure Support
`Malicious Hackers
`Industrial Espionage
`Malicious Code
`Foreign Government Espionage
`Threats to Personal Privacy
`
`II. MANAGEMENT CONTROLS
`
`Chapter 5
`
`COMPUTER SECURITY POLICY
`
`5.1
`
`5.2
`
`5.3
`
`Program Policy
`Issue-Specific Policy
`
`System-Specific Policy
`
`iv
`
`16
`
`16
`
`16
`
`16
`
`18
`
`19
`
`22
`
`23
`
`24
`
`24
`
`24
`
`26
`
`27
`
`27
`
`28
`
`35
`
`37
`
`40
`
`Nintendo - Ancora Exh. 1040
`Page 7
`
`
`
`5.4
`
`5.5
`
`Interdependencies
`Cost Considerations
`
`Chapter 6
`
`COMPUTER SECURITY PROGRAM MANAGEMENT
`
`Structure of a Computer Security Program
`Central Computer Security Programs
`Elements of an Effective Central Computer Security
`Program
`System-Level Computer Security Programs
`Elements of Effective System-Level Programs
`Central and System-Level Program Interactions
`Interdependencies
`Cost Considerations
`
`Chapter 7
`
`COMPUTER SECURITY RISK MANAGEMENT
`
`Risk Assessment
`Risk Mitigation
`Uncertainty Analysis
`Interdependencies
`Cost Considerations
`
`6.1
`
`6.2
`
`6.3
`
`6.4
`
`6.5
`
`6.6
`
`6.7
`
`6.8
`
`7.1
`
`7.2
`
`7.3
`
`7.4
`
`7.5
`
`Chapter 8
`
`SECURITY AND PLANNING
`IN THE COMPUTER SYSTEM LIFE CYCLE
`
`8.1
`
`8.2
`
`8.3
`
`Computer Security Act Issues for Federal Systems
`Benefits of Integrating Security in the Computer
`System Life Cycle
`Overview of the Computer System Life Cycle
`
`V
`
`42
`
`43
`
`45
`
`47
`
`51
`
`53
`
`53
`
`56
`
`56
`
`56
`
`59
`
`63
`
`67
`
`68
`
`68
`
`71
`
`72
`
`73
`
`Nintendo - Ancora Exh. 1040
`Page 8
`
`
`
`i
`
`8.4
`
`8.5
`
`8.6
`
`9.1
`
`9.2
`
`9.3
`
`9.4
`
`9.5
`
`9.6
`
`Security Activities in the Computer System Life Cycle
`
`Interdependencies
`Cost Considerations
`
`Chapter 9
`
`ASSURANCE
`
`Accreditation and Assurance
`Planning and Assurance
`Design and Implementation Assurance
`Operational Assurance
`Interdependencies
`Cost Considerations
`
`III. OPERATIONAL CONTROLS
`
`Chapter 10
`
`PERSONNEL/USER ISSUES
`
`10.1
`
`10.2
`
`10.3
`
`10.4
`
`10.5
`
`10.6
`
`Staffing
`User Administration
`Contractor Access Considerations
`Public Access Considerations
`Interdependencies
`Cost Considerations
`
`Chapter 11
`
`74
`
`86
`
`86
`
`90
`
`92
`
`92
`
`96
`
`101
`
`101
`
`107
`
`110
`
`116
`
`116
`
`117
`
`117
`
`PREPARING FOR CONTINGENCIES AND DISASTERS
`
`11.1
`
`Step 1: Identifying the Mission- or Business-Critical
`Functions
`
`120
`
`vi
`
`Nintendo - Ancora Exh. 1040
`Page 9
`
`
`
`11.2
`
`11.3
`
`11.4
`
`11.5
`
`11.6
`
`11.7
`
`11.8
`
`Step 2: Identifying the Resources That Support Critical
`Functions
`Step 3:
`
`Anticipating Potential Contingencies or
`
`Disasters
`Step 4: Selecting Contingency Planning Strategies
`Step 5: Implementing the Contingency Strategies
`Step 6: Testing and Revising
`Interdependencies
`Cost Considerations
`
`Chapter 12
`
`COMPUTER SECURITY INCIDENT HANDLING
`
`12.1
`
`12.2
`
`12.3
`
`12.4
`
`12.5
`
`Benefits of an Incident Handling Capability
`Characteristics of a Successful Incident Handling
`Capability
`Technical Support for Incident Handling
`Interdependencies
`Cost Considerations
`
`Chapter 13
`
`AWARENESS, TRAINING, AND EDUCATION
`
`13.1
`
`13.2
`
`13.3
`
`13.4
`
`13.5
`
`13.6
`
`13.7
`
`13.8
`
`Behavior
`Accountability
`Awareness
`Training
`Education
`Implementation
`Interdependencies
`Cost Considerations
`
`vii
`
`120
`
`122
`
`123
`
`126
`
`128
`
`129
`
`130
`
`134
`
`137
`
`139
`
`140
`
`141
`
`143
`
`144
`
`144
`
`146
`
`147
`
`148
`
`152
`
`152
`
`Nintendo - Ancora Exh. 1040
`Page 10
`
`
`
`Chapter 14
`
`SECURITY CONSIDERATIONS
`IN
`COMPUTER SUPPORT AND OPERATIONS
`
`14.1
`
`14.2
`
`14.3
`
`14.4
`
`14.5
`
`14.6
`
`14.7
`
`14.8
`
`14.9
`
`User Support
`Software Support
`Configuration Management
`Backups
`Media Controls
`Documentation
`Maintenance
`Interdependencies
`Cost Considerations
`
`Chapter 15
`
`PHYSICAL AND ENVIRONMENTAL SECURITY
`
`15.1
`
`15.2
`
`15.3
`
`15.4
`
`Physical Access Controls
`Fire Safety Factors
`Failure of Supporting Utilities
`Structural Collapse
`Plumbing Leaks
`Interception of Data
`Mobile and Portable Systems
`Approach to Implementation
`Interdependencies
`15.9
`15.10 Cost Considerations
`
`15.5
`
`15.6
`
`15.7
`
`15.8
`
`viii
`
`156
`
`157
`
`157
`
`158
`
`158
`
`161
`
`161
`
`162
`
`163
`
`167
`
`168
`
`170
`
`170
`
`171
`
`171
`
`172
`
`172
`
`174
`
`174
`
`Nintendo - Ancora Exh. 1040
`Page 11
`
`
`
`IV. TECHNICAL CONTROLS
`
`Chapter 16
`
`IDENTIFICATION AND AUTHENTICATION
`
`16.1
`
`16.2
`
`16.3
`
`16.4
`
`16.5
`
`16.6
`
`I&A Based on Something the User Knows
`I&A Based on Something the User Possesses
`I&A Based on Something the User Is
`Implementing I&A Systems
`Interdependencies
`Cost Considerations
`
`Chapter 17
`
`LOGICAL ACCESS CONTROL
`
`17.1
`
`17.2
`
`17.3
`
`17.4
`
`17.5
`
`17.6
`
`17.7
`
`Access Criteria
`Policy: The Impetus for Access Controls
`Technical Implementation Mechanisms
`Administration of Access Controls
`Coordinating Access Controls
`Interdependencies
`Cost Considerations
`
`Chapter 18
`
`AUDIT TRAILS
`
`18.1
`
`18.2
`
`18.3
`
`18.4
`
`18.5
`
`Benefits and Objectives
`Audit Trails and Logs
`Implementation Issues
`Interdependencies
`Cost Considerations
`
`ix
`
`180
`
`182
`
`186
`
`187
`
`189
`
`189
`
`194
`
`197
`
`198
`
`204
`
`206
`
`206
`
`207
`
`211
`
`214
`
`217
`
`220
`
`221
`
`Nintendo - Ancora Exh. 1040
`Page 12
`
`
`
`Chapter 19
`
`CRYPTOGRAPHY
`
`19.1
`
`19.2
`
`19.3
`
`19.4
`
`19.5
`
`Basic Cryptographic Technologies
`Uses of Cryptography
`Implementation Issues
`Interdependencies
`Cost Considerations
`
`V. EXAMPLE
`
`Chapter 20
`
`ASSESSING AND MITIGATING THE RISKS
`TO A HYPOTHETICAL COMPUTER SYSTEM
`
`Initiating the Risk Assessment
`HGA's Computer System
`Threats to HGA's Assets
`Current Security Measures
`Vulnerabilities Reported by the Risk Assessment Team
`
`Recommendations for
`Vulnerabilities
`Summary
`
`Mitigating
`
`the
`
`Identified
`
`20.1
`
`20.2
`
`20.3
`
`20.4
`
`20.5
`
`20.6
`
`20.7
`
`Cross Reference and General Index
`
`223
`
`226
`
`230
`
`233
`
`234
`
`241
`
`242
`
`245
`
`248
`
`257
`
`262
`
`266
`
`269
`
`X
`
`Nintendo - Ancora Exh. 1040
`Page 13
`
`
`
`Acknowledgments
`
`NIST would like to thank the many people who assisted with the development of this handbook. For their
`initial recommendation that NIST produce a handbook, we thank the members of the Computer System
`Security and Privacy Advisory Board, in particular, Robert Courtney, Jr. NIST management officials who
`supported this effort include: James Burrows, F. Lynn McNulty, Stuart Katzke, Irene Gilbert, and Dennis
`
`Steinauer.
`
`In addition, special thanks is due those contractors who helped craft the handbook, prepare drafts, teach
`classes, and review material:
`
`Daniel F. Sterne of Trusted Information Systems (TIS, Glenwood, Maryland) served as Project
`Manager for Trusted Information Systems on this project. In addition, many TIS employees
`contributed to the handbook, including: David M. Balenson, Martha A. Branstad, Lisa M. Jaworski,
`Theodore M.P. Lee, Charles P. Pfleeger, Sharon P. Osuna, Diann K. Vechery, Kenneth M. Walker,
`and Thomas J. Winkler-Parenty.
`
`Additional drafters of handbook chapters include:
`
`Lawrence Bassham EI (NIST), Robert V. Jacobson, International Security Technology, Inc. (New
`York, NY) and John Wack (NIST).
`
`Significant assistance was also received from:
`
`Lisa Camahan (NIST), James Dray (NIST), Donna Dodson (NIST), the Department of Energy, Irene
`Gilbert (NIST), Elizabeth Greer (NIST), Lawrence Keys (NIST), Elizabeth Lennon (NIST), Joan
`O'Callaghan (Bethesda, Maryland), Dennis Steinauer (NIST), Kibbie Streetman (Oak Ridge National
`Laboratory), and the Tennessee Valley Authority.
`
`Moreover, thanks is extended to the reviewers of draft chapters. While many people assisted, the following
`two individuals were especially tireless:
`
`Robert Courtney, Jr. (RCI) and Steve Lipner (MITRE and TIS).
`
`Other important contributions and comments were received from:
`
`Members of the Computer System Security and Privacy Advisory Board, and the
`Steering Committee of the Federal Computer Security Program Managers' Forum.
`
`Finally, although space does not allow specific acknowledgement of all the individuals who contributed to
`this effort, their assistance was critical to the preparation of this document.
`
`Disclaimer:
`
`Note that references to specific products or brands is for explanatory purposes only; no
`endorsement, explicit or implicit, is intended or implied.
`
`xi
`
`Nintendo - Ancora Exh. 1040
`Page 14
`
`
`
`Nintendo - Ancora Exh. 1040
`Page 15
`
`Nintendo - Ancora Exh. 1040
`Page 15
`
`
`
`I. INTRODUCTION AND OVERVIEW
`
`!
`
`1
`
`Nintendo - Ancora Exh. 1040
`Page 16
`
`
`
`Nintendo - Ancora Exh. 1040
`Page 17
`
`Nintendo - Ancora Exh. 1040
`Page 17
`
`
`
`Chapter 1
`
`INTRODUCTION
`
`1.1
`
`Purpose
`
`This handbook provides assistance in securing computer-based resources (including hardware,
`software, and information) by explaining important concepts, cost considerations, and
`interrelationships of security controls. It illustrates the benefits of security controls, the major
`techniques or approaches for each control, and important related considerations.'
`
`The handbook provides a broad overview of computer security to help readers understand their
`computer security needs and develop a sound approach to the selection of appropriate security
`controls. It does not describe detailed steps necessary to implement a computer security program,
`
`provide detailed implementation procedures for security controls, or give guidance for auditing
`the security of specific systems. General references are provided at the end of this chapter, and
`references of "how-to" books and articles are provided at the end of each chapter in Parts II, III
`and IV.
`
`The purpose of this handbook is not to specify requirements but, rather, to discuss the benefits of
`various computer security controls and situations in which their application may be appropriate.
`Some requirements for federal systems^ are noted in the text. This document provides advice and
`guidance; no penalties are stipulated.
`
`1.2
`
`Intended Audience
`
`The handbook was written primarily for those who have computer security responsibilities and
`need assistance understanding basic concepts and techniques. Within the federal government,^
`this includes those who have computer security responsibilities for sensitive systems.
`
`' It is recognized that the computer security field continues to evolve. To address changes and new issues, NIST's
`Computer Systems Laboratory publishes the CSL Bulletin series. Those bulletins which deal with security issues can be
`thought of as supplements to this publication.
`
`^ Note that these requirements do not arise from this handbook, but from other sources, such as the Computer
`Security Act of 1987.
`
`^ In the Computer Security Act of 1987, Congress assigned responsibility to NIST for the preparation of standards
`and guidelines for the security of sensitive /(?<iera/ systems, excluding classified and "Warner Amendment" systems
`(unclassified intelligence-related), as specified in 10 USC 2315 and 44 USC 3502(2).
`
`3
`
`Nintendo - Ancora Exh. 1040
`Page 18
`
`
`
`/. Introduction and Overview
`
`For the most part, the concepts presented in
`the handbook are also applicable to the private
`sector."* While there are differences between
`federal and private-sector computing,
`especially in terms of priorities and legal
`constraints, the underlying principles of
`computer security and the available safeguards
`- managerial, operational, and technical - are
`the same. The handbook is therefore useful to
`anyone who needs to learn the basics of
`computer security or wants a broad overview
`of the subject. However, it is probably too
`detailed to be employed as a user awareness
`guide, and is not intended to be used as an
`
`audit guide.
`
`1.3 Organization
`
`The first section of the handbook contains
`background and overview material, briefly
`discusses of threats, and explains the roles and
`responsibilities of individuals and
`organizations involved in computer security.
`
`It explains the executive principles of
`computer security that are used throughout
`the handbook. For example, one important
`
`Definition of Sensitive Information
`
`Many people think that sensitive information only
`reqtiires protection fi-om unauthorized disclosure.
`However, the Computer Security Act provides a
`much broader definition of the term "sensitive"
`
`information:
`
`any information, tlie loss, misuse, or unauthorized
`access to or modification of which could adversely
`affect the national interest or the conduct of
`federal programs, or the privacy to which
`individuals are entitled under section 552a of title
`5, United States Code (the Privacy Act), but
`which has not been sprecificaiiy authorized under
`criteria established by an Executive Order or an
`Act of Congress to be kept secret in the interest of
`national defense or foreign policy.
`
`The above definition can be contrasted with the long-
`
`standing confidentiality-based information
`
`classification s>«tem for national security information
`(i.e., cONFiDEhrnAL, secret, and top secret). This
`system is based only upon the need to protect
`classified information fi"om unauthorized disclosure;
`the U.S. Government does not have a similar system
`for unclassified information. No governmentwide
`schemes (for either classified or unclassified
`information) exist which are based on tiie need to
`protect the integrity or availability of information.
`
`principle that is repeatedly stressed is that only
`security measures that are cost-effective
`should be implemented. A familiarity with the principles is fiindamental to understanding the
`handbook's philosophical approach to the issue of security.
`
`The next three major sections deal with security controls: Management Controls^ (II), Operational
`Controls (III), and Technical Controls (IV). Most controls cross the boundaries between
`management, operational, and technical. Each chapter in the three sections provides a basic
`explanation of the control; approaches to implementing the control, some cost considerations in
`selecting, implementing, and using the control; and selected interdependencies that may exist with
`
`"* As necessary, issues that are specific to the federal environment are noted as such.
`
`' The term management controls is used in a broad sense and encompasses areas that do not fit neatly into
`operational or technical controls.
`
`4
`
`Nintendo - Ancora Exh. 1040
`Page 19
`
`
`
`1. Introduction
`
`other controls. Each chapter in this portion of the handbook also provides references that may be
`useflil in actual implementation.
`
`•
`
`•
`
`•
`
`The Management Controls section addresses security topics that can be characterized as
`managerial. They are techniques and concerns that are normally addressed by management in
`the organization's computer security program. In general, they focus on the management of
`the computer security program and the management of risk within the organization.
`
`The Operational Controls section addresses security controls that focus on controls that are,
`broadly speaking, implemented and executed by people (as opposed to systems). These
`controls are put in place to improve the security of a particular system (or group of systems).
`They often require technical or specialized expertise - and often rely upon management
`activities as well as technical controls^
`
`The Technical Controls section focuses on security controls that the computer system
`executes. These controls are dependent upon the proper functioning of the system for their
`effectiveness. The implementation of technical controls, however, always requires significant
`operational considerations - and should be consistent with the management of security within
`the organization.
`
`Finally, an example is presented to aid the reader in correlating some of the major topics discussed
`in the handbook. It describes a hypothetical system and discusses some of the controls that have
`been implemented to protect it. This section helps the reader better understand the decisions that
`must be made in securing a system, and illustrates the interrelationships among controls.
`
`1.4 Important Terminology
`
`To understand the rest of the handbook, the reader must be familiar with the following key terms
`and definitions as used in this handbook. In the handbook, the terms computers and computer
`systems are used to refer to the entire spectrum of information technology, including application
`and support systems. Other key terms include:
`
`Computer Security: The protection afforded to an automated information system in order to attain
`the applicable objectives of preserving the integrity, availability and confidentiality of information
`system resources (includes hardware, software, firmware, information/data, and
`
`telecommunications).
`
`Integrity: In lay usage, information has integrity when it is timely, accurate, complete, and
`consistent. However, computers are unable to provide or protect all of these qualities.
`Therefore, in the computer security field, integrity is often discussed more narrowly as having two
`
`5
`
`Nintendo - Ancora Exh. 1040
`Page 20
`
`
`
`/. Introduction and Overview
`
`Location of Selected Security Topics
`
`Because this handbook is structured to focus on computer security controls, there may be several security
`topics that the reader may have trouble locating. For example, no separate section is devoted to mainframe or
`personal computer security, since the controls discussed in the handbook can be applied (albeit in different
`ways) to various processing platforms and systems. The following may help the reader locate areas of interest
`not readily found in the table of contents:
`
`Topic
`
`Chapter
`
`Accreditation
`
`8.
`
`9.
`
`Life Cycle
`
`Assurance
`
`Firewalls
`
`1 7.
`
`Logical Access Controls
`
`Security Plans
`
`Trusted Systems
`
`8.
`
`9.
`
`Life Cycle
`
`Assurance
`
`Security features, including those incorporated into trusted systems, are discussed
`throughout.
`
`Viruses &
`Other Malicious
`Code
`
`9.
`
`12.
`
`Assurance (Operational Assurance section)
`Incident Handling
`
`Network Security Network security uses the same basic set of controls as mainframe security or PC security.
`In many of the handbook chapters, considerations for using the control is a networked
`environment are addressed, as appropriate. For example, secure gateways are discussed as a
`part of Access Control; transmitting authentication data over insecure networks is discussed
`in the Identification and Authentication chapter; and the Contingency Planning chapter talks
`about data conununications contracts.
`
`For the same reason, there is not a separate chapter for PC, LAN, minicomputer, or
`mainframe security.
`
`facets: data integrity and system integrity. "Data integrity is a requirement that information and
`programs are changed only in a specified and authorized manner."^ System integrity is a
`requirement that a system "performs its intended function in an unimpaired manner, free from
`deliberate or inadvertent unauthorized manipulation of the system."'' The definition of integrity
`
`* National Research Council, Computers at Risk, (Washington, DC: National Academy Press, 1991), p. 54.
`
`' National Computer Security Center, Pub. NCSC-TG-004-88.
`
`6
`
`Nintendo - Ancora Exh. 1040
`Page 21
`
`
`
`/. Introduction
`
`has been, and continues to be, the subject of much debate among computer security experts.
`
`Availability: A "requirement intended to assure that systems work promptly and service is not
`denied to authorized users.
`
`Confidentiality: A requirement that private or confidential information not be disclosed to
`unauthorized individuals.
`
`1.5 Legal Foundation for Federal Computer Security Programs
`
`The executive principles discussed in the next chapter explain the need for computer security. In
`addition, within the federal government, a number of laws and regulations mandate that agencies
`protect their computers, the information they process, and related technology resources (e.g.,
`telecommunications).^ The most important are listed below.
`
`•
`
`•
`
`The Computer Security Act of 1987 requires agencies to identify sensitive systems, conduct
`computer security training, and develop computer security plans.
`
`The Federal Information Resources Management Regulation (FIRMR) is the primary
`regulation for the use, management, and acquisition of computer resources in the federal
`government.
`
`• 0MB Circular A-1 30 (specifically Appendix III) requires that federal agencies establish
`security programs containing specified elements.
`
`Note that many more specific requirements, many of which are agency specific, also exist.
`
`Federal managers are responsible for familiarity and compliance with applicable legal
`requirements. However, laws and regulations do not normally provide detailed instructions for
`protecting computer-related assets. Instead, they specify requirements - such as restricting the
`availability of personal data to authorized users. This handbook aids the reader in developing an
`effective, overall security approach and in selecting cost-effective controls to meet such
`
`requirements.
`
`" Computers at Risk, p. 54.
`
`' Although not Hsted, readers should be aware that laws also exist that may affect nongovernment organizations.
`
`7
`
`Nintendo - Ancora Exh. 1040
`Page 22
`
`
`
`/. Introduction and Overview
`
`References
`
`Auerbach Publishers (a division of Warren Gorham & Lament). Data Security Management.
`Boston, MA. 1995.
`
`British Standards Institute. A Code of Practice for Information Security Management, 1993.
`
`Caelli, William, Dennis Longley, and Michael Shain. Information Security Handbook. New York,
`NY: Stockton Press, 1991.
`
`Fites, P., and M. Kratz. Information Systems Security: A Practitioner's Reference. New York,
`NY: Van Nostrand Reinhold, 1993.
`
`Garfinkel, S., and G. Spafford. Practical UNIX Security. Sebastopol, CA: O'Riley & Associates,
`Inc., 1991.
`
`Institute of Internal Auditors Research Foundation. System Auditability and Control Report.
`Altamonte Springs, FL: The Institute of Internal Auditors, 1991.
`
`National Research Council. Computers at Risk: Safe Computing in the Information Age.
`Washington, DC: National Academy Press, 1991.
`
`Pfleeger, Charles P. Security in Computing. Englewood Cliffs, NJ: Prentice HaU, 1989.
`
`Russell, Deborah, and G.T. Gangemi, Sr. Computer Security Basics. Sebastopol, CA: O'Reilly &
`Associates, Inc., 1991.
`
`Ruthberg, Z., and Tipton, H., eds. Handbook of Information Security Management. Boston, MA:
`Auerbach Press, 1993.
`
`8
`
`Nintendo - Ancora Exh. 1040
`Page 23
`
`
`
`Chapter 2
`
`ELEMENTS OF COMPUTER SECURITY
`
`This handbook's general approach to computer security is based on eight major elements:
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`6.
`
`7.
`
`8.
`
`Computer security should support the mission of the organization.
`
`Computer security is an integral element of sound management.
`
`Computer security should be cost-effective.
`
`Computer security responsibilities and accountability should be made explicit.
`
`System owners have computer security responsibilities outside their own
`organizations.
`
`Computer security requires a comprehensive and integrated approach.
`
`Computer security should be periodically reassessed.
`
`Computer security is constrained by societal factors.
`
`Familiarity with these elements wiU aid the reader in better understanding how the security
`controls (discussed in later sections) support the overall computer security program goals.
`
`2.1 Computer Security Supports the Mission of the Organization.
`
`The purpose of computer security is to protect an organization's valuable resources, such as
`information, hardware, and software. Through the selection and application of appropriate
`safeguards, security helps the organization's mission by protecting its physical and financial
`resources, reputation, legal position, employees, and other tangible and intangible assets.
`Unfortunately, security is sometimes viewed as thwarting the mission of the organization by
`imposing poorly selected, bothersome rules and procedures on users, managers, and systems. On
`the contrary, well-chosen security rules and procedures do not exist for their own sake - they are
`put in place to protect important assets and thereby support the overall organizational mission.
`
`Security, therefore, is a means to an end and not an end in itself For example, in a private- sector
`business, having good security is usually secondary to the need to make a profit. Security, then,
`ought to increase the firm's ability to make a profit. In a public-sector agency, security is usually
`secondary to the agency's service provided to citizens. Security, then, ought to help improve the
`service provided to the citizen.
`
`9
`
`Nintendo - Ancora Exh. 1040
`Page 24
`
`
`
`/. Introduction and Overview
`
`To act on this, managers need to
`understand both their organizational
`mission and how each information
`system supports that mission. After a
`system's role has been defined, the
`security requirements implicit in that
`role can be defined. Security can then
`be explicitly stated in terms of the
`organization's mission.
`
`The roles and functions of a system may
`not be constraine