System Security Principles (GSSP), which would provide a set of requirements guidelines for trustworthy computer and communications system design and use.

  • Conducting research and development, especially into criteria and evaluation procedures, in support of the above.

  • Evaluating the quality of security measures in industry-developed products during their development and throughout their life cycle, and publishing evaluation results. In particular, evaluating products for conformance to GSSP. Eventually evaluations should also consider other aspects of system trustworthiness, such as safety. (See "Assurance Evaluation" in Chapter 5.)

  • Developing and maintaining a system for tracking and reporting security and safety incidents, threats, and vulnerabilities.

  • Promoting effective use of security and safety tools, techniques, and management practices through education for commercial organizations and users.

  • Brokering and enhancing communications between industry and government where commercial and national security interests may conflict.

  • Focusing efforts to achieve standardization and harmonization of commercial security practice and system safety in the U.S. and internationally.

These actions are complementary and would be pursued most effectively and economically by a single organization. At present, some of these actions are attempted by the National Security Agency (NSA), the National Institute of Standards and Technology (NIST), and other organizations. However, current efforts fall short of what is needed to accomplish the tasks at hand, and the dominant missions of existing agencies and organizations limit the scope of their involvement in addressing the issues of computer security and trustworthiness. In particular, relevant government agencies are poorly suited to represent the needs of nongovernmental system users (although they may take some input from major system users and generate publications of interest to users).


The ISF should have the following attributes and functions:

  • It should be free from control by the computer and communication vendors, but it must communicate and work effectively with them. This quality is important to prevent the appearance or reality

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement