In 1970, a task force organized for the Defense Science Board examined the problem of computer security in the defense establishment and published a report, [Security Controls for Computer Systems] (R-609-1). The insights and views of the task force are still valid, and can be usefully applied by civil government and industry to problems of safeguarding sensitive data. Civil government and industry have exactly the same computer security needs as defense; some details are different, but the broad principles are the same, even though there is a decade difference between Department of Defense and civilian awareness of information protection. A logical candidate to provide leadership and unifying force in civilian computer security development is the National Bureau of Standards Institute of Computer Science and Technology. This institute could create Federal Information Processing Standards for certifying secure software, as well as specifying the performance requirements of secure operating systems.
This report is part of the RAND Corporation Paper series. The paper was a product of the RAND Corporation from 1948 to 2003 that captured speeches, memorials, and derivative research, usually prepared on authors' own time and meant to be the scholarly or scientific contribution of individual authors to their professional fields. Papers were less formal than reports and did not require rigorous peer review.
Our mission to help improve policy and decisionmaking through research and analysis is enabled through our core values of quality and objectivity and our unwavering commitment to the highest level of integrity and ethical behavior. To help ensure our research and analysis are rigorous, objective, and nonpartisan, we subject our research publications to a robust and exacting quality-assurance process; avoid both the appearance and reality of financial and other conflicts of interest through staff training, project screening, and a policy of mandatory disclosure; and pursue transparency in our research engagements through our commitment to the open publication of our research findings and recommendations, disclosure of the source of funding of published research, and policies to ensure intellectual independence. For more information, visit www.rand.org/about/principles.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.