Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security of Personal Computer Systems: A Management Guide



Dennis D. Steinauer


The use of personal computer systems (often called desktop or professional computers) in the office and home environment has placed increasingly powerful information system technology in the hands of growing numbers of users. While providing many benefits, the use of such small computer systems may introduce serious potential information security risks. Although considerable progress has been made in security management and technology for large-scale centralized data processing systems, relatively little attention has been given to the protection of small systems. As a result, significant exposures may exist which can threaten the confidentiality, integrity, or availability of information resources associated with such systems. To ensure effective protection of these valuable resources, managers, system designers, and users must be aware of the vulnerabilities which exist and control measures which should be applied. This report describes management and technical security considerations associated with the use of personal computer systems. The primary objective is to identify and discuss several areas of potential vulnerability and associated protective measures. The issues discussed include: o Physical and environmental protection o System and data access control o Integrity of software and data o Backup and contingency planning o Auditability o Communications protection In addition, a general plan of action for the management of personal computer information security is presented. References to additional information, a self-audit checklist, and a guide to security products for personal computers are provided as appendices. In general, the term "personal computer" refers to single-user systems. However, most of the discussion in this report applies equally to other types of microprocessor-based systems designed for use in a general office environment (e.g. word processors, workstations, and various types of office and home computer systems).
Special Publication (NIST SP) - 500-120
Report Number


access control, auditability, backup, computer security, contingency planning, cryptology, microcomputers, office automation, personal computers, small computers


Steinauer, D. (1985), Security of Personal Computer Systems: A Management Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 22, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created January 1, 1985, Updated November 10, 2018