A Guideline on Office Automation Security

Citation
NIST, National Computer Security Center, A Guideline on Office Automation Security (Dec. 5, 1986) (full-text).

Overview
This guideline provides security guidance to users of OA systems, to the ADP System Security Officers responsible for their operational security, and to others who are responsible for the security of an OA system or its magnetic storage media at some point during its life-cycle.

This guideline explains how OA system security issues differ from those associated with mainframe computers. It discusses some of the threats and vulnerabilities of OA systems, and some of the security controls that can be used. It also discusses some of the environmental considerations necessary for the safe, secure operation of an OA system.

This guideline suggests some security responsibilities of OA system users, and of ADP System Security Officers. Also described are some of the security responsibilities of the organization that owns or leases the OA system.

In addition, guidance is given to the procurement officer who must purchase OA systems or components, and guidance is also provided to the officer who is responsible for securely disposing of OA systems, components, or the associated magnetic media.