ED 327 156

AUTHORTITLE

INSTITUTION

PUB DATENOTEAVAILABLE FROM

PUB TYPE

EDRS PRICEDESCRIPTORS

ABSTRACT

DOCUMENT RESUME

IR 014 780

Helsing, Cheryl; And OthersComputer User's Guide to the Frotection ofInformation Resources. NT-3T Special Publication500-171.National Inst. of Standards and Technology,Gaithersburg, MD.Oct 8921p.

Superintendent of Documents, U.S. Government PrintingOffice, Washington, DC 20402.Guides - Non-Classroom Use (055)

MF01/PC01 Plus Postage.*Access to Information; *Computer Networks;*Confidentiality; Databases; *Information Management;Information Retrieval; Microcomputers; *Users(Information)

Computers have changed the way information resourcesare handled. Large amounts of information are stored in one centralplace and can be accessed from remote locations. Users have apersonal responsibility for the security of the system and the datastored in it. This document outlines the user's responsibilities andprovides security and control guidelines to be implemented. Theseprotective measures include: (1) protect user area; (2) protect userpassword; (3) protect user files; (4) back up user data; (5) lock upstorage media containing sensitive data; and (6) report securityviolations. (DB)

* * * * * * * * * * * * * * It * * * * * * * * * * * * X * * * * * * * * It * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ** Reproductions supplied by EDRS are the best that can be made *

* from the original document. *

*****************************************.*****************************

ComputerSystemsTechnology

S DEPARTMENT OFCOMMERCENatrona, InstduteStandards p,dTectmo,orgy

NISI"

NIST Special Publication 500-171-114

Computer User's Guideto the Protection ofIlifonnation Resources

Cheryl HelsingMananne SwansonMary Anne Todd

U S DEPARTMENT OF EDUCATIONOnrce 01 Educabonal Research and 1,n0,ovenlent

EDUCATIONAL RESOURCES INFORMATIONCENTER !ERIC)

C This document has been reproduced asrecspved Irom the person or organiabonongmatrng

C Minor changes har.re peen made to rrnprovereproductron guairty

Points of view or oprnons stared ctlhcsdOcc,ment do not necessardy represent ottrc.alOERI posdron or poIrcy

BEST COPY AVAILABLE.dn

SUNNY

Inc Nstionil Inaniure of Standards ano I echnotogs' 0 iS ctlailinheni bv WI act of t .rigress on Manchtool The [admire S OS er.d1 go..d IN I. NiRngith it Hit lnl,Jlh c 11,( itkileSstlence and technologs in.;

tan thiak their OSA rice sppli,alson tut pub!, broclit 1,, lb, en,1 the I, hick SOIldUCIS tesearch to assuri innnonal competitiveness and leadership s): U S ninnlinotiy. $.1efILS ant'. teLhnology NIST work involves developmentand transfer of measurements. standards and related M 'tote And te.hnology, in support of continually Immo, mgU S productivity, product quality and reliability, =ovation and underlying science arid engineering The Institute'technscal work is performed by the National Measurement Laboraiory, the National Engineering Laboratory, theNational Computer Systems Laboratory. and the Institute for Materials Science and Engineering

The luitional Measurement Laboratory

Provides the national system of physical and chemical measurement.coordinates the system with measurement systems of other nationsand furnishes essential services leading to accurate and uniformphysical and chemical measurement throughout the Nation's scientificcommunity, industry, and commerce, provides advisory and researchservices to other Government agencies, conducts physical and chemicalresearch, develops, produces, and distributes Standard ReferenceMaterials, provides calibration services, and manages the NationalStandard Reference Dat2 System The Laboratory consists of thefollowing centers

The National Engineering Laboratory

Basic Standards'Radiation ResearchChemical PhysicsAnalytical Chemistry

Provides technology and technical services to the public ann private Computing and Appliedsectors to address national nreds and to solve nanonal problems, Mathematicsconducts research in engineering and applied science in mpport of these Electronics and Electricalefforts, builds and maintains competence in the necessary disciplines Engineering'required to carry out this research and technical service, develops engi Manufacturing FogineeringDeering dam and measurement capabilities, provides engineering meamre- Building Technologyment traceability Services, develops test methods and proposes engi- Fire Researchnecting standards and code changes, develops and propos new Chemical Engineering'engineering ptacuces, and develops and improves nsecharusras totransfer results of its research to the ultimate user The Laboratoryconsists of the following centers.

The National Computer Systems Laboratory

Conducts research and prs. -"es scientific and technical sera ices to aid Information SystemsFederal agencies in the selection, acquisition. application, and use of EngineeringComputer technology to improve effectiveness and economy in Govern Systems and Softwaremeta operations in accordance a ith f'ublic Law 89-306 (SO U S C. 759), Technologyrelevant Executive Orders, and other directives, carries out this mission Computer Securityby managing the Federal Information Processing Standards Program, Systems and Networkdeveloping Federal ADP standards guidelines, and managmg Federal Architectureparticipation in ADP voluntary standardization activitie. provides scien Advanced Systemsufic and technological advisory services and assistance to Federalagencies, and provides the technical foundation for computer-reinedpolicies of the Federal Covernment, The Laboratory consists of thefollowIng divisions

The Institute for Materials Science and Engineering

Conducts research and provides measurements, data, standards, refer CeramicsMoe materials, quantitative understanding and other technical informa Fracture and Deformation'hos fundamental to the processing, structure, properties and perfor- Polymersmance of materials, addresses the scientific bans for new advanced Metallurgymaterials technologies, plans research around cross-cutting scientific Reactor Radiationthemes mch as nondestructive evaluation and phase diagram develop-ment; overSees 1nStitute.visie technical programs in nuclear reactorradiation research and nondestructive evaluation, and broadly dmem=WS generic technical information resulting from its programs TheInstitute consists of the following divisions.

likadquarrets sal Uescstonc a. OtIthenhilg, MO, saln . etherim rater, essass uldrerOutbestbaus, MD XrtSV

.Socist dmvuoas vuhaft tbe mks art komtell FloAlar, CO telot1.tni ti BoN-Skt. CO wIth onCnt ciconats ti CiatIscrItral, MD

r3t

NIST Special Publication 500-171

Computer User's Guideto the Protection ofInformation ResourcesCheryl He !singDe lotte. Haskins 8 Sets

Marianne SwansonMary Anne Tcdd

National Computer Systems LaboratoryNational Instlture of Standards and TechnologyGalthersburg, MD 20899

0Coter 1989

00,0 0 r

, .-.1. :t Z...

e.inaTts o' '..

U.S. DEPARTMENT OF COMMERCERobert A. Mosbather, SecretaryNATIONAL INSTITUTE OF STANDARDSAND TECHNOLOGYRaymond G Kammer. Acting Directc

Ntsr

. /1

Reports on Computer Systems Technology

The Natioral Institute of Standards and Technology (NIST) (formeny the National Bureau of :;.tandads)has a unique respor-Ability for computer systems technology within the Federal govcr.rnent NIST sNational Computer Systems Laboratory (NCSL) develops standards and guidelines, provides techniwlassistance, and conducts research for computers and related telecommunications systems to achievemore effective utilization of Federal information technology resourcas NCSL's responsibilities includedevelopment of technical, management, physical, and administrative standards and guidelines for thecost-effectiv2 security and prrvacy of sensitive unclassed information processed in Federal computersNCSL assists agencies in developing security plans and in improving computer security awareness train.tng This Special Publication 500 series reports NCSL research and guidelines to Federal agencies as wellas to organizations in industry, government, and academia

Library of Congress Catalog Card Number: 89-600764National Institute of Standards and Technology Special Publication 500-171

Natl. Inst. Stand. Technol. Spec. Publ. 500-171, 16 pages (Oct. 1989)CODEN: NSPUE2

U.S. GOVERNMENT PRINTING OFFICEWASHINGTON: 1989

For sale by the Superintendent of Documents, U S Government Printing Office, Washington, DC 20402

0

The National Institute of Standards and Technology (NIST) isresponsible for developing standards, providing technical assistance,and conducting research for computers and related systems. Theseactivities provide technical support to government and industry in theeffective, safe, and economical use of computers. With the passage ofthe Computer Security Act of 1987 (P.L. 100-235), NIST's activitiesalso includc the development of standards and guidelines needed toassure the cost-effect ivc security and privacy of sensitive inforinationin Federal computer systems. This guide is just onc of threebrochurcs designed for a specific audience. The "Executive Guide tothc Protection of Infilrmation Resources," and the "Managers Guideto the Protection of Information Resources" complete the series

ACKNOWLEDGMENTS

This guide was written by Cheryl He !sing of Deloitte, Haskins & Sellsin conjunction with Mari tane Swanson and Mary Anne Todd of theNational Institute of Standards and Technology.

Ill

6

IntroductionToday's computer technology, with microcomputers and on-line ac-cess, has placed the power of the computer where it belongs, inYOUR hands. YOU, the users, develop computer applications andperform other data processing functions which previously were orlydone by the computer operations personnel. These advances havegreatly improed our efficiency and effectiveness but, also present aserious challenge in achieving adequate data security.

While excellent progress has been made in computer technology,very little has been done to inform users of thc vulnerability of dataand information to such thrcats as unauthorized modification, dis-closure, and destruction, either deliberate or accidental. This guidewill makc you aware of somc of the undesirable things that can hap-pen to data and win provide some prac ical solutions for reducingyour risks te these threats.

WHO IS RESPONSIBLE FOR PROTECTING DATA AND INFOR-MATION?

The statement that "security is everyone's responsibility" is absolutelytruc. ONNncrs, developers, eperators and users of information systemseach has a personal responsibility to protect these resources. Func-tional managers have the, responsibility to provide appropriatesecurity controls for any information resources entrusted to them.These managers are personally responsible for understanding thesensitivity and criticahty of their data and the extent of losses thatcould occur if the resources are not protected. Managers must en-sure that all users of thcir data and systems are made aware of thepractices and procedures used to protect the information resources.When you don't know what your security responsibilities are, ASKYOUR MANAGER OR SUPER' ISOR.

WHAT IS "SENSITIVE DATA?

All data is sensitive to some degree, exactly how sensitiNe is unique toeach business environment. Within the Federal Government, per-sonal information is sensithe to unauthorized disclosure under the

1

Privacy Act of 1974. In some cases, data is far more sensitive to ac-cidental errors or omissions that compromise accuracy, integrity, oravailability. For example, in a Management Information System, in-accurate, incomplete, or obsolete information can result in erroneousmanagement decisions which could cause serious damage and re-quire time and money to rectify. Data and information which are criti-cal to an agency's ability to perform its mission are sensitive to non-availability.

Still other data are sensitke to fraudulent manipulation for personalgain. Systems that process electronic funds transfers, control inven-tories, issue checks, control accounts receivables and payables, etc.,can be fraudulently exploited resulting in serious losses t, an agency

One way to determine the sensitivity of data is to ask the questionsWhat will it cost if the data is wrong? Manipulated for fraudulent

purposes? Not available? Given to the wrong person?" If the damageis more than you can tolerate, then the data is st.nsitive and shouldha e adequate security controls to prevent or lessen the potential loss.

WHAT RISKS ARE ASSOCIATED WITH THE USE OF COM-PUTERS?

Over the past sexeral decades, computers have taken over virtuallyall of our major record-keeping functions. Recently, personal com-puters have made it cost-effective to automate many office functions.Computerization has many advantages and is here to stay; however,automated systems introduce new risks, and we should take steps tocontiol those risks.

We should be concerned with the same risks that existed whenmanual procedures were used, as well as some new risks created bythe unique nature of computers themselves. One risk introduced bycomputers is the concentration of tremendous amounts of data inone location. The greater the concentration, the greater the conse-quences of loss or damage. Another example k that computer usersaccess information from remote terminals. We must be able to posi-tively identify the user, as well as ensure that the user is only able toaccess information and functions that have been authorized.Newspaper accounts of computer "hackers," computer virus attacks,

2

and other types of intruders underscore the reality of the threat togovernment and commercial computer systems.

HOW MUCH SECURITY IS ENOUGH?

No matter how many controls or safeguards we use, we can neverachieve total security. We can, however, decrease the risk in propor-tion to the strength of the protective measures. The degree of protec-tion is based on the value of the information; in other words, howserious would be the consequences if a certain type of informationwere to be wrongfully changed, disclosed, delayed, or destroyed?

9

General ResponsibilitiesAll Federal computer system users share certain general respon-sibilities for information resource protection. The following con-siderations should guide your actions.

Treat information as you would any valuable asset.You would not walk away from your desk leaving cash or other valu-ables unattended. You should take the saac care to protect informa-tion. If you are not sure of the value or sensitivity of the various kindsof information ycu handle, ask your manager for guidance.

Use government computer systems only for lawfuland authorized purposes.

The Lomputer systems you use in your daily work should be used onlyfor authorized purposes and in a lawful manner. There are computercrime laws that prescribe criminal penalties for those who illegally aecess Federal computer systems or data. Additionally, the un-authorized use of Federal computer systems or use of authorizedpriileges for unauthorized purposes could result in disciplinary ac-tion.

Observe policies and procedures established byagency management.

Specific requirements for the prott ction of information have been es-tablished by your agency. These reLuirements may be found in policymanuals, rules, or procedures. Ask yout manager if you are unsureabout your own responsibilities for protection of information.

Recognize that you are accountable for your ac-tivities on computer systems.

After you receive authorization to use any Federal computer system,you become personally responsible and accountable for your activityon the system. Accordingly, your use should be restricted to thosefunctions needed to carry out job responsibilities.

51 0

Report unusual occurrences to your manager.Many losses would be avoided if computer users would report anycircumstances that seem unusual or irregular. Warning signals couldinclude such things as unexplainable system activity that you did notperform, data that appears to be of questionable accuracy, and unex-pected or incorrect processing results. If you should notice anythingof a questionable nature, bring it to your manager's attention.

6 n

Security and Control GuidelinesSome common-sense protecti\ e measures can reduce the risk of loss,damage, or distlosure of information. Following are the most important areas of information systems controls that assure that (ht. symcmis properly used, resistant to disruptions, and reliabk.

Make certain no one can impersonate you.a password is used to \ erify yOUT identity, this is the key to system

set urity. Do not disdosc your password to anyone, or allow anyoneto obsert e your password as you Lnter it during the sign-on processIf yoll !RAW: ur o n passworditoid selecting a password withany personal assotiations, or one that is wry simple or short. The aimis to select a password that would be difficult to guess or dui\ e"I REDDOG" wotdd be a better password than 'DUKE."

If your system allows you to change your c,wn password, do soregularly. Find out what your agency requirestnd change passwordsat Last that frequently. Periodic password changes keep umktettedInt rudtrs from tont inuously using the password of a legitimate user.

Aftt r you are logged on, tht computer will attribute all activity toyour user U. Therefore, never !caw rtur terminal without logging off-- even for a few, minutes. Aka), log off or otherwise inatti\ ate yourterminal so no (Int tould perform any aLtivit under your user id\then you are away from the area.

Safeguard sensitive information from disclosure toothers.

People often forget to lotk up sensitit c reports and computer mediatontaining st niti e data \Shen they lease their work areas Informa-tion carelessly It ft on top of desks and in unlotked storage can betasually obst red, or deliberatdy stolen. ENrery employee who \korkswith sensit it e information should hat e lock )l)le space atailable forstorage when infmmation is nin in use. If you ar en't sure what infor-

7

2

mation should be locked up or what locked storage is available, askyour manager.

While working, be aware of the visibility of data on your personalcomputer or terminal display screen. You may need to repositionequipment or furniture to eliminate over the-shoulder viewing. Beespecially careful near windows and in public areas. Label all sensi-tie diskettes and other computer media to alert other employees ofthe need to be especially careful. When no longer needed, sensitheinformation should be deleted or discarded in such a way that un-authorized individuals cannot recover the data. Printed reportsshould be finely shredded, vhile data on magnetic media should beoerwritten. Files that are merely deleted are not really erased andcan still be recovered.

Install physical security devices or software on per-sonal computers.

The %AL and popularity of personal computers make theft a bigproblem, especially in low-security office areas. Relatively inexpen-sic hardware devices grcatl:' reduce the risk of equipment loss. Suk hde ices in% ohe lock-down cabit's or enclosures that attach equip-ment to furniture. Another approach is to place equipment in lock-able cabinets.

When data is stored on a hard disk, take some steps to keep un-authorized indiNiduals from accessing that data. A power lock deieeonly allows key-holders to turn on power to the personal computer.Where there is a need to segregate information between multipleauthorized users of a personal computer, additional security in theform of software is probably needed. Specific files could beencrypted to make them unintelligible to unauthorized staff, or ac-ass control software can divide storage space among authorizedusers, restricting each user to their own files.

Avoid costly disruptions caused by data orhardware loss.

Disruptions and delays are expensive. No one enjoys wor' ng franti-cally to re-enter work, do the same iob twice, or fix problems whilenew work piles up. Most disruptions can be prevented, and the im-pact of disruptions can be minimized by advance p!anning. Proper cli-+.iriinmental conditions and power supplies minimize equipment out-

ages and information loss 9any electrical circuits in office areas donot constitute an adequate power source, so dedicated circuits forcomputer systems should be considered. Make certain that your sur-roundings meet the essential requirements for correct equipmentop:ration. Cover equipment when not in use to protect it from dust,water leakF, and other hamrds.

For protection from accidental or deliberate destruction of data,regular data backups arc essential. Complete system backups shouldbe taken at intervals determined by how quickly information changesor by the volume of transactions. Backups should be stored inanother location, to guard against the possibility of original and back-up copies being destroyed by the same fire or other disaster.

Maintain the authorized hardware/sofhvare con-figuration.

Some organintions have been affected by computer "viruses" ac-quired through seemingly useful or innocent software obta:ned frompublic access bulletin boards or other sources; others have been li-able for software illegally copied by employees. Thc installation of un-author :zed hardware can cause damage, invalidate warranties, orhave other negative conseq, ences. Install only hardware or softwarethat has been acquired through normal acquisition procedures andcomply with all software licensing agreement requirements.

9

4

Ultimatel: computer security is the user's responsibility. You, theuser, must be alert to possible breaches in security and adhere to thesecurity regulations that have been established within -our agency.The security practices listed arc not inclusive, but rather designed toremind you and raise your awareness toward!, securing your informa-tion resources:

PROTECT YOUR EQUIPMENTKeep it in a secure environment

Keep food, drink, and cigarettes AWAY from it

Know where the fire suppression equipment is lo-cated and know-how to use it

PROTECT YOUR AREAKeep unauthorized people AWAY from your equip-ment and data

Challenge strangers in your area

PROTECT YOUR PASSWORDNever write it down or give it to anyone

Don't use names nymbers or dates which are per-sonally identified vvith you

Change it often, but change it immediately if youthink it has been compromised

PROTECT YOUR FILESDon't allow unauthorized access to youifiles anddata

NEVER leave your equipment unattended withyour password activated - SIGN OFF!

PROTECT AGAINST VIRUSES

Don't use unauthorized software

Back up your files before implementing ANY newsoftware

11

LOCK UP STORAGE MEDIA CONTAINING SENSITIVE DATAIf the data qr information Ls sensitive or critical toyour operation, lock it up!

BACK UP YOUR DATA

Keep duplicates of your sensitive data in a safeplace, out of your irnm diate area

Back it up as often as necessaryREPORT SECURITY VIOLATIONS

Tell your manager if you see any unauthorizedchanges to your data

Immediately report any loss of data or programs,whether automated or hard copy

12

For Additional InformationNational Institute of Standards and Technology

Computer Security Prcgram OfficeA-216 TechnologyGaithersburg, MD 20899(301) 975-5200

For further information on the management of information resour-ces, NIST publishes Federal Information Processing StandardsPublications (FIBS PUBS). These publications deal with manyaspects of computer security, including password usage, data encryp-tion, ADP risk management and contingency planning, and computersystem security certification and accreditation. A list of current pub-lications is available from:

Standards Processing Coordinator (ADP)National Computer Systems LaboratoryNational Institute of Standards and TechnologyTechnology Building, B-64Gaithersburg, MD 20899Phone: (301) 975-2817

; 7

115 i Ito..--- -. s i t 1- ct, i t.i.i.

MWOGRAPHICDATASHEET oe, insu.istions)

1. PUN ICAlitiN klliREPORT NO

,

NIST/SP-500/171

2 l'snisi nwrig Oigan deport No 3. Publication Daie

October 19894 MCI: ANO SUBTITLE

oil (mltt, l . %LI ' s litilth, iii i lit 1 I i 1, i 11011 11 iiii, i iiggmla i., ,,,,,r,. ,

S. AUTHOR(S)

Cheryl Helsino, Marianne Sw,,son, .!'d Mary Anne Todd

4. PERFORMING ORGANIZATION ill loci' or other tsar NB). see in sirvction s)

NATIONAL INST7TUTE OF STANDARDS AND TEC1,140.000(liargaarty NATIONAL BUREAU OF STANDARDS)U S. DEPARTMENT OF COMMERCEGAITHERSBURG. 14) 20699

7. ContractiGrent No.

. Type of Report & Period Covered

Final

I. SPONSORING ORGANIZATION NAME AND CU LETIc ADDRESS i Sheet. City. State. ZiP)

Same as item k6

19. SUPPLEMENTARY NOTES

Library of Congress Cataloo Card Number 89-600764

{--1 Document describes a computer program, SF085, FIPS Software Summary, is attachedIL. ABSTRACT (A 200-word or less foltutsl summary ol most significant infoinnoticn. II document includes 0 significant

bibliography or literature survey. mentecn it here)

Computers have Lhanged the WaY we handle our Information resourtes. Large amountsof information are stored in one central place with the ab.lity to be acceasedfrom remote locations. Users have a personal responsibility for the security ofthe system and the data stored in it. Mis document outlines the user'sresponsibilities and provides security and ,untrol guidelincs to be Implemented.

12. KEY wows isin 10 twelve entriel. alphabetical order. capitalize oniyi proper names, Or J separate key wards by sertPCOlorts)controls, info:mation resources; protective measures, risks, sensiti,e data;vulnerabilities

0.AVAILAMLITY

CO Unlimited

Ei For OfficIM Distribution. Do Not Release to NTISg-_-; Order From Superintendent of Documents. U.S. Government Printing Office. Washington, D.C.

20402.

Li Order Froll filatiCelt Technicsil Information Service (NTIS), Springfield, VA, 22161

14.NO.OFPRMTEDPAGES16

IS Price

useCitow OC 50.63.00

ANNOUNCEMENT OF NEW PUBLICATIONS ONCOMPUTER SYSTEMS TECHNOLOGY

Superintendent of DocurnentsGoverment Printing OfficeWashington, DC 20402

Dear Slr:

Please add my name to the announcement list of new pttillcatloict to be issued Inthe series: National Institute of Standards and Technology Special Publication 500-

Name

Company

Address

City State Zip Code

(NotIficatlen key P1-503)

U S Government Printing Office 1989 251-395 (00899)

1 C)

NISTTechnical Publications

Pe/ wait al

Journal of itt \cart n of tht National Institut, of Standards and I t Itnolop,,s K s t s \ It. I it s,Arrtr 5.4 ltIs 1,1,1,11t lids lii iiit.shii 14 th, rpStis In I it t. s In ,his P it.. Ino I

(lIst lit. Twit phst, ti...01,t 111fir , ''l,tl is itlir iiii5pUlt 1 5,1,11, 5.

I ,tp, kis, 1 blO,Ssi 'an...A 1 I sithitils S,Ith maw: ttPp it ts,s'i''Iii , tts'thittlssiiigs id'5`014 r 5, 1 5 1 , 1.54, Stt isitith. i i . 5 4 , V5,4, ,5 : 5 5 5 , 4 1 1 1 1 r , Art 5 1 4 5 1 5 4 , t i I S

it ;us ts, itlttili list I11,14trir 55 1, .1;11. II Cid siitiil :5 , :I: , 15511155 151115 St

\ onperwd it (Ill

monographs M 5. 11,4,1 5115. 1 5 111, :r r5,515,11 lit r 41 11 Ii St il 555, 55, hir 4, ltttil 1 5 ril,Irlqinllt ,,ar-11111r ark! ill't5 11 5,15S rues

Ilandls<mks Fit, ,oem, .4; t. tins: 31151 11.JU54, I 41 ltJill l 'Is hiding sal, ts lll.ltSi ti,5, I iped 0,5p 1'111,511 r.rts's5.1 industrles mot, tt.11 iljltl is tnd It oil nor \ houli 5

Publicattons I , lilt 'Ii ,5,hruss L.! .oni. lttl es spi d is NIS I NISI annual rep, !IsOld p i, won, ti plopil it, iit this et rotipin.:. \ L. h as kt t lards, ar1.54,hibliogr mint,Apphed \lathe MatiCs Is1 tdsi m Oil al tahl, s in mu tls huh s ,J cps id intt test 1,, pr1,5155r5 ,nt.,iinet 5 , 51 11115,5 tti, INis Lsiniput, I pro, T 141r11, I, irk{ s5rher, ersg,451,1

s,tentlfti and tt, ittli, al ,Natlonal Standard Refer, tit t Data Series PI., s 41 .4 t 551,14.t I is lilt l15,51.ai And411,,tttes mart rrik 5 4': 111551 05 ss,s; Id s Illttatult aluthd \ clopcd tin

del 1 55orld, id( program ,,x5rdrrattr.1 hs NIS I unth I tis auttio, ds of ths Natl. mal Standard DataA, t Puhlis I ass 'PI -ls-Ort1 N, )1 I I he J,,,t: nal ol Pitsst,ti and & holm al Itt ft 1, me Data ()PS itD1ts publIsheLl Ltaaiterls t\ir NISI P5 the 'American t hemp, al sot els I At SI And the A Inert, an 1.1,al(kilt til Ph\ \Is, I All') 'whs.. (mu, tn. -eptints and supplt no nts us as (daH, fr on At S 115, Sixttenth Sr tlt 11 ashinoon 115 :ohs('Budding Scient-c Series 1)1.555crIlltlalt 5 Ill hri,..,t1 inks:matt, o mit St I 1011 at th, Institutt on buti,i'lit].firtienak, Lomptinents 5 5t, Ms Arld N rlsrle StrU,IUlt, I Ile irit 55 pi, it 'II, It St 11,h leslThs, testitt thOds, and pe'ror 11Itr.a 15:4Attrd 1, the stilt, tu. t .51 Ii 11th iltal 115111 non, and Mr

durahtlIty and 5.31515 5 ttao, ristuss of buildIng elem5nts and .5 St, insefluniCal Nate% 511 la II port. 55 tlich ate t otnplt t ti th, !list Is, s P,11 icstri.me Ill he.i irtar

Mein tif a slublt. Au 114,g5.A, ti 5 monographs hut not so 1114' tilt ISIS S III Stop( tit lit t-ifilliSe Intit atment ol (he s4h1t,t Arel Urttll stlc as a SthIcic In final r, ports 01 ss.41, pc: tot nit,: at "IS Iunder the sponsorship M other OIlS t ininent a,,etec les

oluntary Product Standards- l)t st undtr prskt duet s Imt lido 11 hs tlit partinentnItr,e itt Part hi 11110 5 ol the (ode ot I clic rat ketiulations I estahltsh nah mallsitsogntzed requirements lor produsts and pros ide all On,etrad init. It Is 551111 a hasis lii S 0111flsoll

UrldersrandIng 44 tht emu., tt lISILS lii tile previu, Is NIS 1 allnlyl skrs th, as a slippit Mk IIIto Mt act.s iti_s of the Nis ate ses tor standardair,g orgammtlons

onsumer Information Series Piastiyal intot-hatimi, based 011 \ Is I I, St ttt h and t , ..555

ermg area-, ot ineerest I., the sonsumer I aids understandablt lan.niawt and illtistlatiotts prc srde. a.,Cul Pas kground Imo, It 4te tor ShoppIllg in I \\tit, t ttstmoldgisal tn,ukt tplast()nit,' the aho,e LS/ p.eh,leatItIne /rorri S..rertnlenthrtt tt IAN us nIt n.S. ,V71t,

ath.P.gtOP, 1)( :040:O'dt, the following ruhl.tatons- I IA\ and \ISI1R, 111,115 51, itti1/1.5545

SprInglitid 1 4 :21,51I ederal Information Processing `standard, Publications erlPh 11.11111 a:is m it, this 501105 s,I, suisels constitute tht I etleial Itdot [swoon Pro...5sslitg Statham Lis Reglstct 1Itt Rt gltht offitial sotust, cel toimmaudit its the I ederal Gust t nal,. at it s"uslitiO st Indalds 1,41,1 i4)porshant to th, I edt ral Property and Atlumustratist Sets ht.., At I 4 I 64 anlentied, Pubil, I ass

ItK, I79 Stal I II and as unplemented F nes wise hder I r r I l I It 12 dand \las I I

and Part 6 of 1 Me IC CI Ii (Code of federll itektulatlonstNisi Interagency Rqoorts IR) A spes tat Solles of interim oi tilial ft 541 \scot, pm!, Hindbs NISI tn outside Tons, is 11011t1 ,..,,ernment and non Lott:M.15M) In gt ne55.11 InItIal distilholion 5 handlcd bs, the Srtsfistri p_11-415. tiVarlbrititlfr ts P5 th, !National It, 11110 al litf,,t 41,111501 St/ 4.,,tSpringfield A A 22 led In paper , op\ or relic forts he form

U.S. Department of CommerceNational InStIttee of Standards and Team° logv(formerly Nallonal Bureau of Standards)Galtnersburg. MD 20899

Odicral Business1 onally for Pewee U$ e $300

0 1