Title: A Guideline On Office Automation Security Authors:National Computer Security Center File name:pubdocguidelinesNCSC_office_automation_guideline.txt.Z File size:43340 bytes Abstract: Office Automation Systems (OA systems) are small, microprocessor-based Automated Information Systems that are used for such functions as typing, filing, calculating, sending and receiving electronic mail, and other data processing tasks. They are becoming commonly used by managers, technical employees, and clerical employees to increase efficiency and productivity. Examples of OA systems include personal computers, word processors, and file servers. This guideline provides security guidance to users of OA systems, to the ADP System Security Officers responsible for their operational security, and to others who are responsible for the security of an OA system or its magnetic storage media at some point during its life-cycle. This guideline explains how OA system security issues differ from those associated with mnframe computers. It discusses some of the threats and vulnerabilities of OA systems, and some of the security controls that can be used. It also discusses some of the environmental considerations necessary for the safe, secure operation of an OA system. This guideline suggests some security responsibilities of OA system users, and of ADP System Security Officers. Also described are some of the security responsibilities of the organization that owns or leases the OA system. In addition, guidance is given to the procurement officer who must purchase OA systems or components, and guidance is also provided to the officer who is responsible for securely disposing of OA systems, components, or the associated magnetic media. This document is issued as a National Telecommunications and Information Systems Security Advisory Memorandum, and is therefore intended as guidance only. Nothing in this guideline should be construed as encouraging or permitting the circumvention of existing Federal Government or organiaional policies.