1-Information Security: Opportunities for Improved OMB Oversight of Agency Practices (GAO/AIMD-96-110, September 24, 1996).
2 High-Risk Series: Information Management and Technology (GAO/HR-97-9, February 1997).
3 Appendix II lists the principles identified in NIST's Generally Accepted Principles and Practices for Securing Information Technology Systems, September 1996.
4 In GAO's recently revised .Standards for Internal Control in the Federal Government, Exposure Draft (GAO/AIMD-98-21.3.1, December 1997), controls over computerized information and information processing are discussed in the context of the larger body of an agency's internal control activities.
5 The CISSP certification was established by the International Information Systems Security Certification Consortium. The consortium was established as a joint effort of several information security-related organizations, including the Information Systems Security Association and the Computer Security Institute, to develop a certification program for information security professionals.
6 At the time of publication, this document, along with other publications pertaining to information security, was available on NIST's Computer Security Resource Clearinghouse internet page at http://csrc.nist.gov/publications.html. The listed documents are also available through either the Government Printing Office or the National Technical Information Service, for more information call (202) 783-3238 or (703) 487-4650, respectively.