NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Minimum Security Requirements for Multi-User Operating Systems

Published

Author(s)

David F. Ferraiolo, N Lynch, Patricia R. Toth

Abstract

[NOTE: THIS DOCUMENT HAS BEEN SUPERSEDED BY THE FEDERAL CRITERIA.] The Minimum Security Requirements for Multi-User Operating Systems (MSR) document provides basic commercial computer system security requirements applicable to both government and commercial organizations. These requirements include technical measures that can be incorporated into multi-user, remote-access, resource-sharing, and information-sharing computer systems. The MSR document was written from the prospective of protecting the confidentiality and integrity of an organization's resources and promoting the continual availability of these resources. The MSR presented in this document form the basis for the commercially oriented protection profiles in Volume II of the draft Federal Criteria for Information Technology Security document (known as the Federal Criteria). The Federal Criteria is currently a draft and supersedes this document. The MSR document has been developed by the MSR Working Group of the Federal Criteria Project under National Institute of Standards and Technology (NIST) leadership with a high level of private sector participation. Its contents are based on the Trusted Computer System Evaluation Criteria (TCSEC) C2 criteria class, with additions from current computer industry practice and commercial security requirements specifications.
Citation
NIST Interagency/Internal Report (NISTIR) - 5153
Report Number
5153
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs
Information technology and Cybersecurity and privacy

Citation

Ferraiolo, D. , Lynch, N. and Toth, P. (1993), Minimum Security Requirements for Multi-User Operating Systems, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created March 1, 1993, Updated February 19, 2017
Was this page helpful?