The use of personal computer systems (often called desktop or professional computers) in the office and home environment has placed increasingly powerful information system technology in the hands of growing numbers of users. While providing many benefits, the use of such small computer systems may introduce serious potential information security risks. Although considerable progress has been made in security management and technology for large-scale centralized data processing systems, relatively little attention has been given to the protection of small systems. As a result, significant exposures may exist which can threaten the confidentiality, integrity, or availability of information resources associated with such systems. To ensure effective protection of these valuable resources, managers, system designers, and users must be aware of the vulnerabilities which exist and control measures which should be applied. This report describes management and technical security considerations associated with the use of personal computer systems. The primary objective is to identify and discuss several areas of potential vulnerability and associated protective measures. The issues discussed include: o Physical and environmental protection o System and data access control o Integrity of software and data o Backup and contingency planning o Auditability o Communications protection In addition, a general plan of action for the management of personal computer information security is presented. References to additional information, a self-audit checklist, and a guide to security products for personal computers are provided as appendices. In general, the term "personal computer" refers to single-user systems. However, most of the discussion in this report applies equally to other types of microprocessor-based systems designed for use in a general office environment (e.g. word processors, workstations, and various types of office and home computer systems).
Citation: Special Publication (NIST SP) - 500-120
NIST Pub Series: Special Publication (NIST SP)
Pub Type: NIST Pubs
access control, auditability, backup, computer security, contingency planning, cryptology, microcomputers, office automation, personal computers, small computers