This is the Report of the Invitational Workshop on Integrity Policy in Computer Information Systems which was sponsored by the IEEE Computer Society's Technical Committee on Security and Privacy, the Special Interest Group on Security, Audit, and Control (SIGSAC) of the Association for Computing Machinery, the National Computer Security Center, and the Institute for Computer Sciences and Technology at the National Bureau of Standards. The workshop established a foundation for further progress in defining a model for information integrity. The workshop was held in response to the paper by David Clark of M.I.T. and David Wilson of Ernst and Whinney entitled "A Comparison of Military and Commercial Data Security Policy." The report's 10 sections contain an introduction, the composition of the organizing committee with a list of participants and a workshop agenda, a summary report by Donn Parker and Peter Neumann of SRI International, the reports of the five working groups, a response by Clark and Wilson, and a proposal by the National Bureau of Standards for continuing the effort to define an integrity policy. The appendices include a copy of the original Clark-Wilson paper, a summary of the Clark-Wilson rules, a number of position papers submitted in advance of the workshop, several papers submitted during and following the workshop, and a list of reference materials related to the integrity policy effort.
Citation: Special Publication (NIST SP) - 500-160
NIST Pub Series: Special Publication (NIST SP)
Pub Type: NIST Pubs
audit, computer security, information system integrity