REFERENCES

1.  DOE 5639.6A, CLASSIFIED AUTOMATED INFORMATION SYSTEM (AIS) SECURITY
    PROGRAM, of 7-15-94, which establishes uniform policy, responsibilities,
    and authorities for implementation of the DOE Classified AIS Security
    Program.

2.  CSC-STD-002-85, "Department of Defense Password Management Guideline,"
    of 4-12-85, which provides guidance related to the design,
    implementation, and use of password-based user authentication measures.

3.  DoD 5200.28-STD, "Department of Defense Trusted Computer System
    Evaluation Criteria," of 12-26-85, which defines the classes of computer
    security protection and provides a basis for the evaluation of
    effectiveness of security controls built into AISs.

4.  NCSC-TG-005, Trusted Network Interpretation, of 7-31-87, which provides
    interpretations of DoD 5200.28-STD, "Department of Defense Trusted
    Computer System Evaluation Criteria," for trusted computer/
    communications network systems published by the National Center for
    Computer Security.

5.  FIPS PUB 146 (Federal Information Processing Standard Publication 146),
    "Government Open Systems Interconnection Profile," of 7-89, which
    establishes open systems interconnection requirements for computer
    network products or services and communications systems or services
    acquired for use in the Federal Government.

6.  Information Systems Security Products and Services Catalogue, of 1-92,
    published by the National Security Agency, contains the Evaluated
    Products List for Trusted Computer Systems.