Foundations of a Security Policy for Use of the National Research and Educational Network







Deposit Papers 


Oldehoeft, Arthur E. (1992) Foundations of a Security Policy for Use of the National Research and Educational Network. Technical Report TR92-07, Department of Computer Science, Iowa State University.

Full text available as:Postscript
Adobe PDF


Foundations of a Security Policy for Use
of the
National Research and Educational Network
Arthur E. Oldehoeft
March, 1992
The National Research and Education Network (NREN) is an integral part
of the planned High-Performance Computing and Communication (HPCC)
infrastructure that will extend throughout the scientific, technical
and education communities.  The projected vision is one of desks and
laboratory benches as entry points to a nation-wide electronic network
of information technologies with shared access to services and
resources such as high-performance computing systems, specialized
software tools, databases, scientific instruments, digital libraries,
and other research facilities.
The problem of computer and network information security (one of the
major computing issues of the day), will be complicated by the
diversity of requirements as the NREN is designed, developed, and
operated in collaboration with potential users in government, industry,
research laboratories, and educational institutions.  One major
impediment to improved security is the lack of a clearly stated
security policy for general computing. In recognition of this problem,
national organizations are beginning to develop and publish codes of
ethics for the use of computers.  An Internet working group has
recently published guidelines for the secure operation of the Internet.
Recent Congressional legislation for HPCC reaffirms the role of the
National Institute of Standards and Technology as the agency that is
"responsible for developing and proposing standards and guidelines
needed for cost-effective security and privacy of sensitive
information in Federal computer systems."
The purpose of this report is to explore the foundations of a security
policy and propose a security policy for the NREN, one that is
applicable to and identifies responsibilities of all major network
constituents: end users, system administrators, management at all
levels, vendors, system developers, service providers, and the Federal
Networking Council.
In order to establish an appropriate context for the development of a
national network security policy and also provide for an understanding
of the culture of open computer networks, this report first traces
the evolution of "national" networks in the U.S.  From the structure
and operation of the existing NSFNET and Internet, the probable
characteristics of the evolving NREN are projected.  Foundations for
specification of a policy are established through a review of the
basic concepts of "security" and "security policy" and through the
examination of existing policies, codes of ethics, and Federal
legislation regarding computer information security.  A draft policy
is then abstractly stated, one that is independent of current
technologies and organization-specific practices.  Since the
development of a widely-accepted and meaningful security policy
requires the participation of all major constituents, this draft
policy is intended to provide the basis for continuing discussion
and further development.
This report is also appears as NISTIR 4734, published by the National
Institute of Science and Technology, Gaithersburg, MD.

Subjects:All uncategorized technical reports
ID code:00000013
Deposited by:Staff Account on 17 March 1992

Contact site administrator at: