csl92-03.txt文件.

释放双眼,带上耳机,听听看~!

csl92-03.txt,

csl92-03.

txt,标签纸,电话,计算机系统实验室公报,1992年3月,安全电话终端简介本公报解决了关于安全电话终端的几个常见问题,从联邦用户的角度讨论了实际的安全问题,并提供了附加信息的来源.

安全电话终端是连接到电话线或蜂窝电话系统并为正在传输的会话或信息提供各种安全服务的设备.

安全电话终端越来越广泛地用于保护机密和非机密的语音、数据和传真(传真)通信(大多数现代安全电话都有一个连接计算机或传真机的数据端口).

这些安全终端的功能范围从保护无绳电话中的手机和基础终端之间的对话到保护固定和移动通信中的国家安全机密信息.

背景联邦角色和职责每个联邦机构负责其自身信息处理和电信的安全.

根据1987年《计算机安全法》,各机构负责识别待保护的非机密但敏感的信息,并选择用于提供保护的设备或程序.

根据适用的国家安全指令(NSD),如NSD42,各机构还负责使用国家安全局(NSA)批准的信息安全系统保护机密信息.

国家标准与技术研究所(NIST)负责为机构制定标准,并向其提供帮助,以保护其非机密信息.

国家安全局负责提供必要的安全保护机密信息和“华纳修正案”敏感信息.

关于NIST和NSA在计算机安全领域的作用的更多信息,见1991年2月的CSL公报.

其他机构,如总务管理局、国家电信和信息管理局以及国家通信局,也在使用安全电信方面提供具体服务和指导.

技术概述目前大多数电话终端和传输设施都是基于和使用模拟机电和电子技术.

这项技术模拟了人类的语音通信系统,它产生(在语音箱中)、接收(通过耳朵)和处理(在大脑中)连续的语音波形.

早期形式的安全语音通信只是扰乱语音信号,产生难以理解的噪声,然后传输.

解扰设备将把噪声转换回可识别的语音.

现代电话终端和传输设备使用数字技术,利用二进制数字0和1的序列来表示计算机数据、人类语音或传真图片.

现有的模拟电信系统可以使用一种称为调制解调器的特殊设备来传输数字化的语音、数据和图片.

调制解调器提供的传输速率通常高达每秒9600位.

每秒数千位可与中等技术数字通信系统通信,每秒数百万位可与高技术系统通信.

语音、数据和图片可以在同一传输介质(例如光纤)上混合,并分离以呈现给预期的接收者.

这是现代综合业务数字网(ISDN)的基础.

通过简单地排列或编码代表语音、数据和图像的位,可以为这些通信提供改进的安全性.

安全电话终端的现状商用“无绳”电话目前可用于保护手机与其基站之间的对话.

不受保护的无绳电话通常是用大约100英尺的Ge和对话有时可以由位于邻居家中的一个相同的基站来拾取.

这些“受保护”的电话通常使用一个简单的编码系统,其中包含许多用户选择的代码,以防止有人被动地听通话.

这些电话还可以防止有人从住宅外的手机打长途电话,以避免长途费用.

这些电话提供保护,防止被认为是低水平的威胁.

商用蜂窝电话易受扫描设备的攻击,扫描设备用于监视本地“蜂窝”内的电话对话.

一些蜂窝业务开始为本地用户在蜂窝终端和最近的蜂窝交换办公室之间的通信提供保护.

但是,它们不保护与远程电话或蜂窝终端的通信.

这些安全的蜂窝电话提供了对本地威胁的保护.

在20世纪80年代初,国家安全局赞助了一个开发项目,最终开发出了安全电话单元(STU)III终端.

STU-III看起来像一个典型的电话,但它提供了任何两个STU-III设备之间的端到端安全性,甚至是由不同供应商生产的设备.

三家美国厂商被授权生产这种设备:美国电话电报公司(AT&T)、通用电气(General Electric)和摩托罗拉(Motorola).

STU-III使用当前的模拟电话通信,但通过数字安全技术保护语音信号.

还有蜂窝式STU-III终端,其在任意两个蜂窝式STU-III终端之间或蜂窝式移动终端与固定终端之间提供“端到端”安全性.

STU-III终端提供保护,防止被视为高度威胁的情况发生.

政府的政策和法规存在于保护机密通信的政策上.

机密信息(语音/数据/传真)必须使用加密算法加密,以便在由国家安全局认可的设备中实现.

用于这些应用程序的加密密钥是通过NSA批准的通信安全(COMSEC)方法提供的.

没有具体的政府政策指导机构对所有非保密的敏感通信进行加密.

管理和预算办公室发布的A-130号通知指示各机构确保所有信息技术设施保持适当的安全水平,并定期进行风险分析,以确保使用适当的成本效益高的保障措施.

NIST制定了可用于该保护的技术标准.

机构决定何时需要这种保护.

密码算法和安全设备的类型四种密码算法和安全设备在国家信息安全(INFOSEC)词汇表[NSTISSI第3019号]中定义.

类型1密码设备由NSA认可,并包含NSA认可的保密算法,用于保护保密信息.

2类密码装置由美国国家安全局认可,并包含美国国家安全局批准的保密算法,用于保护美国国防部《华纳修正案》(10 USC 2315)所涵盖的非保密信息.

类型3密码算法是NIST标准,用于保护所有非机密、敏感、非华纳修正案的政府信息或商业信息.

类型4密码算法是非NIST标准的商业算法.

NIST计划建立一个计算机安全对象寄存器(CSOR),以包含有关这些算法的信息.

为了促进不同用户社区之间的互操作性,安全设备可以包含多种类型的算法.

例如,类型1 STU-III终端还包含类型2算法.

类型2 STU-III终端包含相同的类型2算法,但也实现了数据加密标准(DES).

摩托罗拉3型(即DES)安全电话终端不是STU-i i i,但在使用DES算法时,它与摩托罗拉2型STU-III互操作.

其他的STU-III供应商(即AT&T和通用电气)也在开发2类STU-III设备,这些设备包含用于保护敏感或有价值的非华纳修正信息的DES.

语音/数据/传真的安全现代电信应用将语音、数据和图片集成在一个数字通信系统中.

现代密码算法和安全设备可以保护所有这些集成的应用程序.

用户通常可以为所有应用程序使用一个设备.

根据应用程序和设备的不同,安全性可能包括不同的保护服务.

所有安全的电话终端都在不同程度上保护信息不被未经授权的泄露.

大多数为使用终端的人或计算机提供某种类型的终端认证和访问控制.

大多数提供通信完整性(即,保护传输的信息免受未经授权的修改或替换).

用户应在购买安全电话终端时指定所需的保护类型和级别.

出口安全电话终端所有加密信息的安全设备均受美国出口管制.

加密语音/数据/传真的设备必须有美国国务院颁发的出口许可证,才能合法运出或运出美国.

加密语音/数据/传真的软件系统也受到同样的限制.

因此,美国境内安全电话终端的用户如果希望与海外人士进行安全通信,必须了解出口限制.

只有得到国家安全局的许可,STU-III设备才能在美国和加拿大境外使用.

如果类型4安全设备仅包含批准导出的加密算法,则可以导出.

这些安全设备被指定为类型4(E)设备.

一些类型3安全电话还包含用于与兼容类型4(E)设备进行国际通信的类型4(E)算法.

目前,没有存在3型(E)(即可导出的DES保护)安全电话.

安全电话终端标准NSA STU-III开发计划证明需要严格控制标准,以确保不同供应商STU-III设备之间的互操作性.

STU-III程序不仅规定了要实现的算法和协议,还为STU-III终端提供了一致性和互操作性测试.

NIST已经发布了两个与数据加密相关的标准.

联邦信息处理标准(FIPS)46-1定义了数据加密标准(DES)算法.

FIPS 81规定了DES的四种操作模式.

此外,预计于1992年发布的FIPS 140-1将规定加密模块的物理和逻辑安全要求.

这些标准适用于3类安全电话终端.

NIST没有发布4类设备的标准.

STU-III设备通过NSA指定的算法和密钥管理系统提供安全性.

类型3设备使用DES加密信息,但目前使用专有技术生成或分发所需的DES密钥.

第4(E)类安全电话终端对两者都使用专有技术.

互操作性NSA指定在使用类型1和类型2模式时如何在STU-III终端中实现互操作性.

摩托罗拉详细说明了当他们的3型安全电话和2型STU-III电话都使用DES模式时,如何实现互操作性.

摩托罗拉还实现了同一类型3安全电话与其类型4(E)安全电话之间的互操作性.

它们使用公钥技术为其商业安全终端提供专有密钥管理系统.

其他STU-III供应商使用专有技术对3类操作模式进行密钥管理.

目前,一家供应商的3类终端无法与其他供应商的3类终端进行互操作.

商业用户在购买此类终端时应意识到这一点.

2型STU-III终端的政府用户不能与购买的3型终端进行交互操作从另一个供应商.

不同制造商的4型或4(E)型终端通常也不互操作.

采购文件应规定所需的互操作性.

附加安全要求用户在使用安全电话终端时应了解附加安全要求.

1类STU-III要求在操作安全条令(NSTISSI第3013号)中规定.

2类STU-III要求在临时作战安全原则(NSTISSI草案)中有详细说明.

3类和4类安全终端的用户应了解并遵循类似的安全要求和做法.

必须为安全终端提供足够的物理安全性,以保护其及其物理环境免受未经授权使用、获取、访问、修改或安装监控设备的影响.

必须支持物理和逻辑访问控制系统.

终端和用户识别系统是必需的,必须为授权用户提供管理支持.

能够在无人值守数据通信模式下工作的终端必须具有足够的内部访问控制机制,以防止未经授权的传出或传入传输.

需要足够的加密密钥控制.

由于终端的整个安全性基于保护加密密钥不被未经授权的泄露、替换或使用,因此必须持续提供这种保护.

钥匙不再有用时应销毁.

支持基础设施类似于国家和国际上支持电话通信的通信服务基础设施,必须提供安全服务基础设施来支持安全电话之间的通信.

NSA为STU-III终端的授权用户提供这些服务.

类型3或类型4安全设备的用户应注意,必须提供密钥管理和可信维护以维护安全操作.

除加拿大外,STU-III终端(1型和2型)的销售仅限于美国政府及其承包商.

可购买1类STU-III终端,以保护美国政府机密信息.

可购买2类STU-III终端,以保护所有美国政府敏感的非机密信息:2类模式用于华纳修正信息,3类模式用于所有其他敏感的非机密信息.

如果3类安全电话终端包含并按照适用的联邦信息处理标准制造,则美国政府也可以采购.

这些终端也应按照适用的NIST标准使用.

3类安全终端可在美国境内购买,用于保护商业信息和与兼容的2类STU-III终端的互操作性.

4(E)类终端可在任何地方购买,用于海外商业应用,以及与美国境内支持兼容4(E)类算法的安全终端的互操作性.

1型STU-III终端不得转售,2型STU-III终端只能转售给NSA批准的终端.

3类安全终端可以在美国的任何地方出售和转售.

4(E)类安全终端可以在任何地方出售.

商业产品的生产提供了广泛的安全性.

用户应了解商业安全产品的好处和局限性.

联邦用户应仅采购和使用适当的政府批准的安全设备,以保护联邦机密或非机密但敏感的信息.

参考1987年《计算机安全法》,公法100-235.

联邦信息处理标准46-1,数据加密标准(DES).

联邦信息处理标准81,DES操作模式.

联邦信息处理标准140-1草案,密码模块的安全要求.

国家安全指令42(由国家安全电信和信息系统安全委员会发布).

国家安全电信和信息系统安全指令(NSTISSI)第3013号,1型STU-III终端的操作安全原则.

NSTISSI草案,2型STU-III航站楼的临时操作安全原则.

管理和预算办公室通告A-130,联邦信息资源管理.

联系点STU-III用户支持:(800)328-7883(MD外部)(301)684-7073(MD内部)NIST计算机安全部门:(301)975-293.

,网络安全教程csl92-03.txt,tags |
paper,
telephony, Computer Systems Laboratory Bulletin
March, 1992

AN INTRODUCTION TO SECURE TELEPHONE TERMINALS

This bulletin addresses several frequently asked questions about
secure telephone terminals, discusses practical security issues
from a federal user's viewpoint, and provides sources for
additional information. A secure telephone terminal is a device
that connects to a telephone line or a cellular telephone system
and provides a variety of security services to the conversation
or information being transmitted.

Secure telephone terminals are becoming more widely available for
the protection of both classified and unclassified voice, data,
and facsimile (fax) communications (most modern secure telephones
have a data port for connecting to computers or fax machines).
The secure terminals range in capability from protecting
conversations between the handset and the base terminal in
cordless telephones to protecting national security classified
information in fixed and mobile telecommunications.

BACKGROUND

Federal Roles and Responsibilities
Each federal agency is responsible for the security of its own
information processing and telecommunications. In accordance
with the Computer Security Act of 1987, each agency is
responsible for identifying the unclassified, but sensitive,
information to be protected and for selecting the equipment or
procedures to be used in providing the protection. In accordance
with applicable National Security Directives (NSDs) such as NSD
42, agencies are also responsible for protecting classified
information using National Security Agency (NSA)-approved
information security systems.

The National Institute of Standards and Technology (NIST) is
responsible for developing standards for, and providing
assistance to, agencies in protecting their unclassified
information. NSA is responsible for providing the security
necessary to protect classified information and "Warner
Amendment" sensitive information.

Additional information on the roles of NIST and NSA in the
computer security area is contained in the CSL Bulletin of
February 1991. Other agencies, such as the General Services
Administration, the National Telecommunications and Information
Administration, and the National Communications Agency, also
provide specific services and guidance in utilizing secure
telecommunications.

Technology Overview
Most current telephone terminals and transmission facilities are
based on and use analog electromechanical and electronic
technology. This technology models the human speech
communication system which produces (in the voice box), receives
(through the ears), and processes (in the brain) continuous
waveforms of speech. Early forms of secure voice communication
simply scrambled the voice signals to produce unintelligible
noise which was then transmitted. The descrambling equipment
would convert the noise back to recognizable speech.

Modern telephone terminals and transmission facilities use
digital technology which utilizes a sequence of the binary digits
0 and 1 to represent computer data, human speech, or fax
pictures. Existing analog telecommunications systems can
transmit digitized voice, data, and pictures using a special
device called a modem.

Modems provide transmission rates generally up to 9600 bits per
second. Thousands of bits per second can be communicated with
moderate technology digital communications systems and millions
of bits per second can be communicated with high technology
systems. Voice, data, and pictures can be mixed on the same
transmission medium (e.g., optical fiber) and separated for
presentation to the intended recipient. This is the basis of the
modern Integrated Services Digital Network (ISDN). Improved
security can be provided to these communications by simply
permuting or encoding the bits that represent the speech, data,
and pictorial images.

Current Status of Secure Telephone Terminals
Commercial "cordless" telephones are presently available which
protect conversations between a handset and its base station.
Unprotected cordless telephones have a usual range of
approximately 100 feet and conversations can sometimes be picked
up by an identical base station located in a neighbor's house.
These "protected" telephones typically use a simple coding
system, with a number of user-selected codes, to prevent someone
from passively listening to a conversation. These telephones
also protect against someone making a long-distance telephone
call from a handset outside a residence to avoid the long-
distance charges. These telephones provide protection against
what is considered a low level of threat.

Commercial cellular telephones are vulnerable to scanning devices
that are designed to monitor telephone conversations within a
local "cell." Some cellular services are beginning to offer
protection to local subscribers for their communications between
a cellular terminal and the nearest cellular switching office.
However, they do not protect the communications to a remote
telephone or cellular terminal. These secure cellular telephones
provide protection against local threats.

During the early 1980s, NSA sponsored a development program which
resulted in the Secure Telephone Unit (STU) III terminal. The
STU-III looks like a typical telephone but provides end-to-end
security between any two STU-III devices, even those manufactured
by different vendors. Three U.S. vendors are authorized to make
the devices: AT&T, General Electric, and Motorola. The STU-III
utilizes current analog telephone communications but secures the
speech signals by digital security techniques. There are also
cellular STU-III terminals which provide "end-to-end" security
between any two cellular STU-III terminals or between a cellular
mobile terminal and a fixed terminal. The STU-III terminals
provide protection against what is considered a high level of
threat.

GOVERNMENT POLICY AND REGULATIONS

Government policy exists on the protection of classified
communications; classified information (voice/data/fax) must be
encrypted for transmission using cryptographic algorithms
implemented in devices endorsed by NSA. Cryptographic key used
for these applications is provided via NSA-approved Communication
Security (COMSEC) methods.

There is no specific government policy that directs agencies to
encrypt all unclassified sensitive communications. Circular A-
130, issued by the Office of Management and Budget, directs
agencies to assure that an appropriate level of security is
maintained in all information technology installations and to
conduct periodic risk analyses to assure that appropriate cost-
effective safeguards are used. NIST develops the technical
standards that can be used for this protection. An agency
determines when such protection is needed.

Types of Cryptographic Algorithms and Security Devices
Four types of cryptographic algorithms and security devices are
defined in the National Information Security (INFOSEC) glossary
[NSTISSI No. 3019]. Type 1 cryptographic devices are endorsed by
NSA and contain classified algorithms approved by NSA for
securing classified information. Type 2 cryptographic devices
are endorsed by NSA and contain classified algorithms approved by
NSA for protecting Department of Defense unclassified information
covered by the Warner Amendment (10 USC 2315). Type 3
cryptographic algorithms are NIST standards to be used for
protecting all unclassified, sensitive, non-Warner Amendment
government information or commercial information. Type 4
cryptographic algorithms are commercial algorithms that are not
NIST standards. NIST plans to establish a Computer Security
Objects Register (CSOR) to include information about these
algorithms.

In order to facilitate interoperability among diverse user
communities, security devices may contain more than one type of
algorithm. For instance, a Type 1 STU-III terminal also contains
a Type 2 algorithm. A Type 2 STU-III terminal contains the same
Type 2 algorithm but also implements the Data Encryption Standard
(DES). A Motorola Type 3 (i.e., DES) secure telephone terminal
is not a STU-III but does interoperate with the Motorola Type 2
STU-III when using the DES algorithm. The other STU-III vendors
(i.e., AT&T and General Electric) are also developing Type 2
STU-III devices that contain the DES for protecting sensitive or
valuable non-Warner Amendment information.

Security for Voice/Data/Fax
Modern telecommunications applications integrate voice, data, and
pictures in a single digital communication system. Modern
cryptographic algorithms and security devices can protect all of
these integrated applications. Users can often utilize one
device for all applications.

Security may include different protection services, depending on
the application and device. All secure telephone terminals
protect information from unauthorized disclosure to varying
degrees. Most provide some type of authentication of the
terminals and access control for the person or computer using the
terminal. Most provide communications integrity (i.e.,
protection of the transmitted information from unauthorized
modification or replacement). Users should specify the type and
level of protection desired when procuring a secure telephone
terminal.

EXPORT OF SECURE TELEPHONE TERMINALS

All security devices that encrypt information are subject to U.S.
export control. Devices that encrypt voice/data/fax must have an
export license issued by the U.S. Department of State before they
can be legally shipped or taken out of the country. Software
systems that encrypt voice/data/fax are subject to the same
restrictions. Thus users of secure telephone terminals within
the U.S. must be aware of export restrictions if they wish to
communicate securely with someone overseas.

STU-III devices may be used outside the U.S. and Canada only with
NSA permission. Type 4 security devices may be exportable if
they contain only cryptographic algorithms approved for export;
these are designated as Type 4(E) devices. Some Type 3 secure
telephones also contain a Type 4(E) algorithm for international
communication with a compatible Type 4(E) device. At present,
there are no Type 3(E) (i.e., exportable DES protected) secure
telephones in existence.

SECURE TELEPHONE TERMINAL STANDARDS

The NSA STU-III development program demonstrated the need for
tightly controlled standards in order to assure interoperability
among STU-III devices of different vendors. The STU-III program
not only specified the algorithms and protocols to implement but
also provided conformance and interoperability tests for the
STU-III terminals.

NIST has issued two standards related to data encryption.
Federal Information Processing Standard (FIPS) 46-1 defines the
Data Encryption Standard (DES) algorithm. FIPS 81 specifies four
modes of operation for the DES. In addition, FIPS 140-1,
expected to be issued in 1992, will specify physical and logical
security requirements for a cryptographic module. These
standards are applicable to Type 3 secure telephone terminals.
NIST does not issue standards for Type 4 devices.

Security
Security is provided in STU-III devices via NSA-specified
algorithms and key management systems. Type 3 devices use the
DES for encrypting information but presently use proprietary
techniques for generating or distributing the needed DES keys.
Type 4(E) secure telephone terminals use proprietary techniques
for both.

Interoperability
NSA specifies how interoperability is achieved in STU-III
terminals when using the Type 1 and Type 2 modes. Motorola
specifies how interoperability is achieved between their Type 3
secure telephone and their Type 2 STU-III telephone when both are
using the DES mode. Motorola also achieves interoperability
between the same Type 3 secure telephone and their Type 4(E)
secure telephone. They provide a proprietary key management
system for their commercial secure terminals using public-key
technology. The other STU-III vendors use proprietary techniques
for key management for the Type 3 mode of operation.

At the present time, Type 3 terminals from one vendor do not
interoperate with Type 3 terminals from other vendors.
Commercial users should be aware of this when procuring such
terminals. Government users of Type 2 STU-III terminals cannot
interoperate with Type 3 terminals procured from a different
vendor. Type 4 or 4(E) terminals of different manufacturers also
typically do not interoperate. Procurement documents should
specify the interoperability required.

ADDITIONAL SECURITY REQUIREMENTS

Users should be aware of additional security requirements when
using secure telephone terminals. Type 1 STU-III requirements
are specified in the Operational Security Doctrine (NSTISSI No.
3013). Type 2 STU-III requirements are specified in an Interim
Operational Security Doctrine (Draft NSTISSI). Users of Type 3
and Type 4 secure terminals should be aware of and follow similar
security requirements and practices.

A secure terminal must be provided adequate physical security to
protect it and its physical environment from unauthorized use,
acquisition, access, modification, or installation of monitoring
devices. A physical and logical access control system must be
supported. Terminal and user identification systems are required
and must be administratively supported for authorized users.
Terminals capable of operating in unattended data communication
modes must have adequate internal access control mechanisms to
prevent unauthorized outgoing or incoming transmissions.
Adequate cryptographic key control is required. Since the entire
security of the terminal is based on protecting the cryptographic
key from unauthorized disclosure, replacement, or use, such
protection must be continuously provided. Keys should be
destroyed when no longer useful.

SUPPORT INFRASTRUCTURE

Similar to the communications services infrastructure that is
available nationally and internationally to support telephone
communications, a security services infrastructure must be
available to support communications among secure telephones. NSA
provides these services for authorized users of STU-III
terminals. Users of Type 3 or Type 4 security devices should be
aware that key management and trusted maintenance must be
provided to maintain secure operation.

Sales
With the exception of Canada, sales of STU-III terminals (Type 1
and Type 2) are limited to the U.S. government and their
contractors. Type 1 STU-III terminals may be purchased for the
protection of U.S. government classified information. Type 2
STU-III terminals may be purchased to protect all U.S. government
sensitive unclassified information: Type 2 mode for Warner
Amendment information and Type 3 mode for all other sensitive
unclassified information. Type 3 Secure Telephone Terminals may
also be procured by the U.S. government if they contain and are
built to applicable Federal Information Processing Standards.
These terminals should also be used in accordance with applicable
NIST standards.

Type 3 secure terminals may be purchased within the U.S. for the
protection of commercial information and for interoperability
with compatible Type 2 STU-III terminals. Type 4(E) terminals
may be purchased anywhere for use in commercial applications
overseas and for interoperability with secure terminals within
the U.S. that support a compatible Type 4(E) algorithm.

Type 1 STU-III terminals may not be resold and Type 2 STU-III
terminals can be resold only to those approved by NSA. Type 3
secure terminals may be sold and resold anywhere in the U.S.
Type 4(E) secure terminals may be sold anywhere.

Commercial products are being manufactured which provide a wide
range of security. Users should be aware of the benefits and
limitations of commercial security products. Federal users
should procure and use only appropriate government-approved
security devices for protecting federal classified or
unclassified, but sensitive, information.

REFERENCES

Computer Security Act of 1987, Public Law 100-235.

Federal Information Processing Standard 46-1, Data Encryption
Standard (DES).

Federal Information Processing Standard 81, DES Modes of
Operation.

Draft Federal Information Processing Standard 140-1, Security
Requirements for Cryptographic Modules.

National Security Directive 42 (Issued by the National Security
Telecommunications and Information Systems Security Committee).

National Security Telecommunications and Information Systems
Security Instruction (NSTISSI) No. 3013, Operational Security
Doctrine for the Type 1 STU-III Terminal.

Draft NSTISSI, Interim Operational Security Doctrine for the Type
2 STU-III Terminal.

Office of Management and Budget Circular A-130, Management of
Federal Information Resources.

POINTS OF CONTACT

STU-III Users Support: (800) 328-7883 (Outside MD)
(301) 684-7073 (Inside MD)

NIST Computer Security Division: (301) 975-2934

人已赞赏
安全工具

<p>csl92-11.txt文件.</p>

2020-2-6 3:15:35

安全工具

<p>csl92-02.txt文件.</p>

2020-2-6 3:15:37

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索