This document was produced by RARE CERT-TF team in 1993 based on the
authoritative writings of individuals either working in, or connected with,
operating CERTs, although the informal advice and contacts made with CERT
operatives also provided valuable input to the guide.
This handbook is a guide to setting computer security policies and
procedures for sites that have systems on the Internet (however, the information
provided should also be useful to sites not yet connected to the Internet).
This guide lists issues and factors that a site must consider when setting
their own policies. It makes a number of recommendations and provides
discussions of relevant areas.
This document describes the general Internet community's expectations
of Computer Security Incident Response Teams (CSIRTs). It is not possible
to define a set of requirements that would be appropriate for all teams,
but it is possible and helpful to list and describe the general set of
topics and issues which are of concern and interest to constituent communities.
This document provides guidance to the end-users of computer systems
and networks about what they can do to keep their data and communication
private, and their systems and networks secure. Part Two of this document
concerns "corporate users" in small, medium and large corporate and campus
sites. Part Three of the document addresses users who administer
their own computers, such as home users. System and network administrators
may wish to use this document as the foundation of a site-specific users'
security guide; however, they should consult the Site Security Handbook
The purpose of this document is to express what the engineering community
as represented by the IETF expects of Internet Service Providers (ISPs)
with respect to security. It is not the intent of this document to define
a set of requirements that would be appropriate for all ISPs, but rather
to raise awareness among ISPs of the community's expectations, and to provide
the community with a framework for discussion of security expectations
with current and prospective service providers.