Steinauer, D.
(1985),
Security of Personal Computer Systems: A Management Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NBS.SP.500-120
(Accessed April 18, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Security of Personal Computer Systems: A Management Guide
Published
Author(s)
Abstract
The use of personal computer systems (often called desktop or professional computers) in the office and home environment has placed increasingly powerful information system technology in the hands of growing numbers of users. While providing many benefits, the use of such small computer systems may introduce serious potential information security risks. Although considerable progress has been made in security management and technology for large-scale centralized data processing systems, relatively little attention has been given to the protection of small systems. As a result, significant exposures may exist which can threaten the confidentiality, integrity, or availability of information resources associated with such systems. To ensure effective protection of these valuable resources, managers, system designers, and users must be aware of the vulnerabilities which exist and control measures which should be applied. This report describes management and technical security considerations associated with the use of personal computer systems. The primary objective is to identify and discuss several areas of potential vulnerability and associated protective measures. The issues discussed include: o Physical and environmental protection o System and data access control o Integrity of software and data o Backup and contingency planning o Auditability o Communications protection In addition, a general plan of action for the management of personal computer information security is presented. References to additional information, a self-audit checklist, and a guide to security products for personal computers are provided as appendices. In general, the term "personal computer" refers to single-user systems. However, most of the discussion in this report applies equally to other types of microprocessor-based systems designed for use in a general office environment (e.g. word processors, workstations, and various types of office and home computer systems).Citation
Special Publication (NIST SP) - 500-120
Report Number
500-120
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
access control, auditability, backup, computer security, contingency planning, cryptology, microcomputers, office automation, personal computers, small computers
Citation
Created January 1, 1985, Updated November 10, 2018