A LETTER FROM THE COMPUTER SYSTEMS LABORATORY February 1993 INDUSTRY GOVERNMENT OPEN SYSTEMS SPECIFICATION PROPOSED NIST, the Canadian Government, the World Federation of MAP/TOP User Groups, and the electric power industry have joined forces to develop a common open systems specification for the acquisition of computer networking products and services based on international Open Systems Interconnection (OSI) standards. The result of this cooperative effort is the Industry Government Open Systems Specification (IGOSS), now available for public review and comment. Later this year, NIST expects to propose IGOSS as the next version of Federal Information Processing Standard (FIPS) 146-1, Government Open Systems Interconnection Profile (GOSIP). IGOSS will provide common requirements for OSI products and services and will enable the computer industry to develop products that meet the requirements of a broad user market. IGOSS is expected to become the primary reference for functional profiles to be issued by the individual IGOSS organizations in the future. Comments The developers of IGOSS invite review and comments on the technical content of IGOSS. Send written comments, prior to May 15, 1993, to Gerard Mulvenna, National Institute of Standards and Technology, Technology Building, Room B217, Gaithersburg, MD 20899-0001, telephone (301) 975-3631. Copies of IGOSS may be obtained from the Standards Processing Coordinator (ADP), National Institute of Standards and Technology, Technology Building, Room B-64, Gaithersburg, MD 20899-0001, telephone (301) 975-2816. To Access IGOSS Electronically Via anonymous ftp, the address is osi.ncsl.nist.gov (129.6.48.100). IGOSS is located in directory /pub/igoss. The file names are igoss_v1.asc (ASCII file), igoss_v1.ps (PostScript file), and igoss_v1.ps.Z (compressed PostScript file). You must retrieve one of the PostScript files in order to obtain all figures. To access via anonymous FTAM use: Paddr={1,1,1,47:0005:80:005a00:0000:0001:e137:080020079efc:00} userid = anon, realstore = unix If using ISODE, the corresponding "isoentities" entry is: osi.ncsl.nist.gov filestore NULL \ #1/#1/#1/NS+47000580005a0000000001e137080020079efc00 FTAM using RFC-1006 is also supported on osi.ncsl.nist.gov FEDERAL CRITERIA FOR INFORMATION TECHNOLOGY SECURITY Also released for public review and comment by NIST and the National Security Agency (NSA) is the draft Version 1 of the U.S. Federal Criteria (FC) for Information Technology Security (ITS). Version 1 consists of two volumes: Volume I, "Protection Profile Development," describes how to write ITS product criteria called protection profiles; Volume II, "Registry of Protection Profiles," contains seven protection profiles using the structure described in volume I. The FC is the next generation of criteria intended to supersede the Department of Defense (DoD) Trusted Computer System Evaluation Criteria (known as the "Orange Book") which has been the Dod standard and the de facto national standard for the past decade. Comments We are soliciting technical, substantive comments on the document; the comment deadline is March 31, 1993. All who contribute substantive comments will be invited to attend a workshop to resolve comments, to be held in the Washington- Baltimore area in April 1993. Send your comments via e-mail to: lynch@csmes.ncsl.nist.gov or send a 3.5" or 5.25" disk in MSDOS or UNIX format (please indicate which) to: Federal Criteria Comments, ATTN: Nickilyn Lynch, NIST/CSL, Bldg. 224/A241, Gaithersburg, MD 20899-0001. Our FAX number is (301)926-2733. We welcome your views. Electronic Access The FC can be obtained through the Internet by either ftp or by Internet-accessible e-mail. The ftp address is csrc.nist.gov or 129.6.54.11. Log in as "anonymous" and use your Internet address as the password. The FC files are in directory /bbs/nistpubs. The filenames are as follows: Postscript Ascii fcvol1.ps.Z (Unix compressed) fcvol1.txt.Z (Unix compressed) fcvol2.ps.Z (Unix compressed) fcvol2.txt.Z (Unix compressed) fcvol1.ps (not compressed) fcvol1.txt (not compressed) fcvol2.ps (not compressed) fcvol2.txt (not compressed) fcvol1ps.zip (Pkzip compressed) fcvol1.zip (Pkzip compressed) fcvol2ps.zip (Pkzip compressed) fcvol2.zip (Pkzip compressed) For Internet-accessible e-mail, send an e-mail message to docserver@csrc.nist.gov. Leave the subject blank and on the first line of the message type: send filename. Another file can be requested at the same time by repeating the send message on the next line. The filename must be entered in lower-case, e.g., send fcvol1.ps To obtain a copy through modem access, dial 301-948-5717 (300-2400/8/N/1) or 301-948-5140 (9600/8/N/1). The files to download are as follows: Postscript Ascii fcvol1ps.zip (Pkzip compressed) fcvol1.zip (Pkzip compressed) fcvol2ps.zip (Pkzip compressed) fcvol2.zip (Pkzip compressed) fcvol1.ps (not compressed) fcvol1.txt (not compressed) fcvol2.ps (not compressed) fcvol2.txt (not compressed) Registering Your Name When you receive an electronic copy of the draft FC, please let us know by sending your name, mailing address, telephone, and e-mail address to the address listed above. If you distribute the document to additional people in your organization, please send us the same information on those people as well. We will put the names into our database for any further announcements. UPDATE ON NEW PUBLICATIONS CSL publishes the results of studies, investigations, and research. The reports listed below may be ordered from the following sources as indicated for each: *Superintendent of Documents U.S. Government Printing Office (GPO) Washington, DC 20402 Telephone (202) 783-3238 *National Technical Information Service (NTIS) 5285 Port Royal Road Springfield, VA 22161 Telephone (703) 487-4650 Guidelines for the Evaluation of Virtual Terminal Implementations By Carol A. Edgar NIST Spec. Pub. 500-205 November 1992 SN003-003-03189-5 $3.75 Order from GPO This document advances the goals of the Government Open Systems Interconnection Profile (GOSIP) by providing guidelines for evaluating Virtual Terminal (VT) implementations. The guidelines assist the user in determining which implementation, among several candidates, best meets the functional requirements of the user. A Guide to the Selection of Anti-Virus Tools and Techniques By W. Timothy Polk and Lawrence E. Bassham NIST Spec. Pub. 800-5 December 1992 SN003-003-03188-7 $3.75 Order from GPO This guide gives criteria for judging the functionality, practicality, and convenience of anti-virus tools so that users can determine which tools are best suited to target environments. Automated Tools for Testing Computer System Vulnerability By W. Timothy Polk NIST Spec. Pub. 800-6 December 1992 SN003-003-03187-9 $3.25 Order from GPO This document discusses the use of automated tools to perform system vulnerability tests. The tests examine a system for vulnerabilities that can result from improper use of controls or mismanagement, such as easily guessed passwords or improperly protected system files. Incorporating CALS Requirements into the CGM Standard and the CALS Application Profile - MIL-D-28003 By Daniel R. Benigni NISTIR 4775 February 1992 PB93-118123 $44.50 paper Order from NTIS $17.50 microfiche This report describes NIST's efforts to augment the Computer Graphics Metafile (CGM) standard with functionality necessary to fulfill Department of Defense Computer-aided Acquisition and Logistic Support (CALS) requirements for graphical data interchange. Automatic Indexing By Donna Harman NISTIR 4873 July 1992 PB92-238674 $17.50 paper Order from NTIS $ 9.00 microfiche This paper discusses issues for automatic indexing of different types of full-text and presents a survey of much of the current research into new techniques for automatic indexing. Database Language SQL: Integrator of CALS Data Repositories By Leonard Gallagher and Joan Sullivan NISTIR 4902 September 1992 PB93-113637 $19.50 paper Order from NTIS $ 9.00 microfiche This report presents the new "Object SQL" facilities proposed for inclusion in SQL3, introduces SQL abstract data types (ADTs), discusses the benefits of "generic ADT packages" for management of application-specific objects, and proposes a new external repository interface (ERI) that would allow integration of heterogenous, non-SQL data repositories. Software Quality Assurance: Documentation and Reviews By Dolores Wallace, Wendy Peng, and Laura Ippolito NISTIR 4909 September 1992 PB93-113694 $19.50 paper Order from NTIS $ 9.00 microfiche This study examines the contents of a software quality assurance standard for nuclear applications and gives recommendations for the documentation of software systems. Many recommendations are applicable for software quality assurance in general. Comparison of Massively Parallel Hand-Print Segmenters By R. Allen Wilkinson and Michael D. Garris NISTIR 4923 September 1992 PB93-113561 $17.50 paper Order from NTIS $ 9.00 microfiche This report compares three different character segmenters within a modular recognition system. The system exemplifies a new and more effective method of information archiving, retrieving, and processing. Computer Security Bulletin Board System User's Guide By Mark Skandera and Marianne Swanson NISTIR 4933 (supersedes NISTIR 4667) September 1992 PB93-113553 $17.50 paper Order from NTIS $ 9.00 microfiche This document describes CSL's Computer Security Bulletin Board and provides detailed instructions on how to use its many functions. Protocol Implementation Conformance Statement (PICS) Proforma for the SDNS Security Protocol at Layer 4 (SP4) By Wayne A. Jansen NISTIR 4934 October 1992 PB93-120731 $17.50 paper Order from NTIS $ 9.00 microfiche This report specifies the Protocol Implementation Conformance Statement (PICS) proforma for SP4, the Transport Layer of the reference model for Open System Interconnection (OSI). The PICS identifies the capabilities and options of the protocol that have been implemented. Using Self-Organizing Recognition as a Mechanism for Rejecting Segmentation Errors By R. Allen Wilkinson, Michael D. Garris, and Charles L. Wilson NISTIR 4938 October 1992 PB93-138972 $17.50 paper Order from NTIS $ 9.00 microfiche This publication describes optical character recognition research focusing on the development of a self-organized neural network- based method that concurrently detects segmentation errors while performing character recognition. Threat Assessment of Malicious Code and External Attacks By Lawrence E. Bassham and W. Timothy Polk NISTIR 4939 October 1992 PB93-120699 $17.50 paper Order from NTIS $ 9.00 microfiche This report provides an assessment of the threats associated with malicious code and external attacks on systems using commercially available hardware and software. Computer-Aided Acquisition and Logistic Support (CALS) Testing: Programs, Status, and Strategy By Sharon J. Kemmerer NISTIR 4940 October 1992 PB93-125029 $27.00 paper Order from NTIS $12.50 microfiche This report describes testing activities which have been or are funded by CALS, by Department of Defense services, or by industry to support CALS. NIST Scoring Package User's Guide, Release 1.0 By Michael Garris and Stanley Janet NISTIR 4950 October 1992 PB93-120707 $19.50 paper Order from NTIS $ 9.00 microfiche This guide assists users of optical character recognition technology in evaluating and selecting the commercially available product best suited to their requirements. User's Guide for the PHIGS Validation Tests (Version 2) By John Cugini, Mary T. Gunn, and Lynne S. Rosenthal NISTIR 4953 October 1992 PB93-126365 $27.00 paper Order from NTIS $12.50 microfiche This document describes the general rules and procedures for using the Programmer's Hierarchical Interactive Graphics System (PHIGS) Validation Test (PVT) suite developed by CSL. Report on the Raster Capabilities of MIL-R-28002A and MIL-D- 28003A By Lynne S. Rosenthal NISTIR 4970 November 1992 PB93-140820 $17.50 paper Order from NTIS $ 9.00 microfiche This report compares the tile raster graphics capabilities of military specifications MIL-R-28002A and MIL-D-28003A. Assessing Federal and Commercial Information Security Needs By David F. Ferraiolo, Dennis M. Gilbert, and Nickilyn Lynch NISTIR 4976 November 1992 PB93-138956 $17.50 paper Order from NTIS $ 9.00 microfiche This report presents the results of a NIST study to assess the current and future information technology (IT) security needs of the commercial, civil, and military sectors. OCR Error Rate Versus Rejection Rate for Isolated Handprint Characters By John Geist and R. Allen Wilkinson NISTIR 4990 December 1992 PB93-146652 $17.50 paper Order from NTIS $ 9.00 microfiche This report presents an analysis of test material submitted to NIST as part of the First Census Optical Character Recognition (OCR) Systems Conference held in 1992. Effectiveness of Feature and Classifier Algorithms in Character Recognition Systems By C.L. Wilson NISTIR 4995 December 1992 PB93-147197 $17.50 paper Order from NTIS $ 9.00 microfiche This study uses data obtained from the First Census Optical Character Recognition (OCR) Systems Conference to compare recognition methods that use different algorithms for feature extraction and recognition. Validated Products List 1993 No. 1 Judy B. Kailey, Editor NISTIR 5103 (supersedes 4951) January 1993 PB93-937301 $27.00 paper Order from NTIS $108.00 subscription This document, published quarterly, identifies the COBOL, FORTRAN, Pascal, C, MUMPS, and Ada programming language processors with current validation certificates and the SQL language processors with registered test reports. Also included are GOSIP Conformance Testing Registers, NIST POSIX Testing Laboratories and Validated Products, Graphics, and Computer Security testing programs. UPCOMING TECHNICAL CONFERENCES Open System Environment (OSE) Implementors Workshop (OIW) This workshop is part of a continuing series to develop implementation specifications from international standard design specifications for computer network protocols. Sponsors: NIST and the IEEE Computer Society Dates: March 8-12, 1993 June 7-11, 1993 September 13-17, 1993 December 6-10, 1993 Place: NIST, Gaithersburg, MD Contact: Brenda Gray (301) 975-3664 DARPA Spoken Language Technology and Applications Day A special showcase event aimed at unveiling spoken language understanding technology and catalyzing rapid transfer of this technology into real human-computer interaction systems, including government and military. Sponsors: DARPA, in cooperation with NIST Date: April 13, 1993 Place: National Academy of Sciences Technical Contact: David Pallett, (301) 975-2935 Registration: Deborah Dahl, (215) 648-2027 SIGCAT '93 National Conference on CD-ROM This educational symposium will feature three full days of presentations from government and industry speakers on the applications and technology of CD-ROM. Sponsors: U.S. Geological Survey and Federation of Government Information Processing Councils, in cooperation with NIST Dates: April 19-21, 1993 Place: NIST and Gaithersburg Marriott Contact: Mike Rubinfeld (301) 975-3064 Lecture Series on High Integrity Systems This lecture series addresses problems and solutions for developing and operating high integrity systems. Date: April 28, 1993 Speaker: Elliott Chikofsky, Chair, IEEE TC on Software Engineering Topic: "Software Re-engineering" Place: NIST Green Auditorium Contact: Dolores Wallace (301) 975-3340 6th Annual Data Administration Management Association (DAMA) Symposium This symposium will disseminate knowledge and experience about data administration and provide a forum for the exchange of ideas and resolution of problems. Sponsors: NIST and DAMA Date: May 11-12, 1993 Place: NIST, Gaithersburg, MD Contact: Judith Newton (301) 975-3256 Applications Portability Profile (APP)/Open Systems Environment (OSE) Workshop This workshop is designed as a user's forum to discuss the latest developments in the APP/OSE. Dates: May 25-26, 1993 Place: NIST, Gaithersburg, MD Contact: Joe Hungate (301) 975-3368 COMPASS '93, Eighth Annual Conference on Computer Assurance With a theme of "Practical Paths to Assurance," the conference strives to bridge the gap between emerging technology for computer assurance from research laboratories into industrial computer systems development. Sponsors: IEEE and the IEEE Aerospace and Electronic Systems Society, in cooperation with the British Computer Society Date: June 14-17, 1993 Place: NIST, Gaithersburg, MD Contact: Laura Ippolito (301) 975-5248 North American ISDN Users' Forum (NIUF) The NIUF addresses many concerns over a broad range of Integrated Services Digital Network (ISDN) issues and seeks to reach consensus on ISDN Implementation Agreements. Participants include ISDN users, implementors, and service providers. Dates: June 21-25, 1993 October 18-22, 1993 Place: NIST, Gaithersburg, MD Contact: Dawn Hoffman (301) 975-2937