Government Documents

The Committee on National Security Systems

www.cnss.gov
Policies
Document Title Reference # or Description
National Policy for Safeguarding and Control of Communications Security Material September 2004 CNSSP-1
National Policy for Granting Access to U.S. Classified Cryptographic Information October 2007 CNSSP-3
National Policy on Use of Cryptomaterial by Activities Operating in High Risk Environments January 1981 NCSC-5
National Policy on Certification and Accreditation of National Security Telecommunications and Information Systems October 2005 CNSSP-6
Fact Sheet for the National Information Assurance Acquisition Policy July 2003 NSTISSP-11
National Information Assurance Policy for Space Systems Used to Support National Security Missions March 2007 CNSSP-12
National Policy Governing the Release of Information Assurance (IA) Products and Services to Authorized U.S. Persons or Activities that are Not a Part of the Federal Government November 2002 CNSSP-14
Fact Sheet No. 1 for the National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information June 2003 CNSSP-15
National Information Assurance (IA) Policy on Wireless Capabilities August 2005 CNSSP-17
National Policy on Classified Information Spillage June 2006 CNSSP-18
National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products February 2007 CNSSP-19
National Information Assurance Policy on Enterprise Architectures for National Security Systems March 2007 CNSSP-21
Information Assurance Risk Management Policy for National Security Systems February 2009 CNSSP-22
National Policy For Public Key Infrastructure in National Security Systems March 2009 CNSSP-25
National Policy on Securing Voice Communications September 1999 NSTISSP-101
National Policy on Controlled Access Protection July 1987 NSTISSP-200
Directives
Document Title Reference # or Description
Information Assurance (IA) Education, Training, and Awareness August 2006 CNSSD-500
National Training Program for Information Systems Security (INFOSEC) Professionals November 1992 NSTISSD-501
National Directive On Security of National Security Systems December 2004 CNSSD-502
Governing Procedures of the Committee on National Security Systems (CNSS) December 2004 CNSSD-900
National Security Telecommunications and Information Systems Security (CNSS) Issuance System December 2004 CNSSD-901
Instructions
Document Title Reference # or Description
National COMSEC Instruction June 1984 NACSI-6002
National Information Assurance Certification and Accreditation Process April 2000 NSTISSI-1000
National Instruction On Classified Information Spillage February 2008 CNSSI-1001
Operational Security Doctrine for the FORTEZZA User PCMCIA Card December 2001 NSTISSI-3028
Communications Security (COMSEC) Utility Program November 2007 CNSSI-4007
Program for the Management and Use of National Reserve Information Assurance Security Equipment March 2007 CNSSI-4008
National Information Assurance Glossary May 2003 CNSSI-4009
National Training Standard for Information Systems Security (INFOSEC) Professionals June 1994 NSTISSI-4011
National Training Standard for Designated Approving Authority (DAA) August 1997 NSTISSI-4012
National Information Assurance Training Standard for Senior Systems Managers June 2004 CNSSI-4012
National Information Assurance Training Standard For System Administrators (SA) March 2004 CNSSI-4013
Information Assurance Training Standard for Information Systems Security Officers April 2004 CNSSI-4014
National Training Standard for Systems Certifiers December 2000 NSTISSI-4015
National Information Assurance Training Standard For Risk Analysts November 2005 CNSSI-4016
Guidelines for Voice Over Internet Protocol (VoIP) Computer Telephony April 2007 CNSSI-5000
Type-Acceptance Program for Voice Over Internet Protocol (VoIP) Telephones December 2007 CNSSI-5001
Protective Distribution Systems (PDS) December 1996 NSTISSI-7003
Advisory Memoranda
Document Title Reference # or Description
The Insider Threat to U.S. Government Information Systems July 1999 NSTISSAM INFOSEC 1-99
Advisory Memorandum for the Use of the Federal Information Processing Standards (FIPS) 140-1 Validated Cryptographic Modules in Protecting Unclassified National Security Systems February 2000 NSTISSAM INFOSEC 1-00
Advisory Memorandum for the Strategy for Using the National Information Assurance Partnership (NIAP) for the Evaluation of Commercial Off-The-Shelf (COTS) Security Enabled Information Technology Products February 2000 NSTISSAM INFOSEC 2-00
Advisory Memorandum on WebBrowser Security Vulnerabilities August 2000 NSTISSAM INFOSEC 3-00
Advisory Memorandum on Release of Communications Security Equipment October 1985 NSTISSAM COMSEC 1-85
AN/CYZ-10/10A Data Transfer Device Training August 1998 NSTISSAM COMSEC 1-98
Advisory Memorandum on Office Automation Security Guideline January 1987 NSTISSAM COMPUSEC 1-87
The Role of Firewalls and Guards in Enclave Boundary Protection December 1998 NSTISSAM COMPUSEC 1-98
Advisory Memorandum on the Transition From the Trusted Computer System Evaluation Criteria to the International Common Criteria for Information Technology Security Evaluation January 1987 NSTISSAM COMPUSEC 1-99
Maintenance and Disposition of TEMPEST Equipment December 2000 NSTISSAM TEMPEST 1-00
Advisory Memorandum for Information Assurance (IA) - Security Through Product Diversity July 2004 CNSSAM IA 1-04
Advisory Memorandum for Information Assurance (IA) - Retirement of Data Encryption Standard (DES) Based Cryptography to Protect National Security Systems March 2005 CNSSAM IA 2-04
TSG Standards
Document Title Reference # or Description
Introduction to Telephone Security March 1990 TSG STANDARD 1
TSG Guidelines for Computerized Telephone Systems March 1990 TSG STANDARD 2
NTSWG Guidelines for Computerized Telephone Systems Supplemental March 2001 NTSWG STANDARD 2a
Type-Acceptance Program for Telephones used with the Conventional Central Office Interface March 1990 TSG STANDARD 3
On-Hook Telephone Audio Security Performance Specification March 1990 TSG STANDARD 5
Telephone Security Group Approved Equipment March 1990 TSG STANDARD 6
Microphonic Response Criteria for Non-communications Devices October 1994 TSG STANDARD 8
TSG Information Series
Document Title Reference # or Description
Computerized Telephone Systems (CTSs): A Review of CTS Deficiencies, Threats and Risks January 1996 Executive Overview
Computerized Telephone Systems (CTSs): A Review of CTS Deficiencies, Threats and Risks November 1997 Central Office (CO) Interfaces
CNSS Report
Document Title Reference # or Description
Committee on National Security Systems (CNSS) Report: Progress Against 2008 Priorities April 2009 CNSS Report: Progress Against 2008 Priorities
2007/2008 Committee on National Security Systems (CNSS) Report: An Agenda for Safeguarding National Security Systems March 2008 CNSS Report: An Agenda for Safeguarding National Security Systems
Other
Document Title Reference # or Description
National Information Assurance (IA) Approach to Incident Management May 2007 CNSS-048-07
Frequently Asked Questions (FAQ) on Incidents and Spills August 2007 CNSS-079-07