5239-01 Introduction to Information Systems Security (INFOSEC)
A basic introduction to INFOSEC disciplines of COMPUSEC, COMSEC, and TEMPEST and the relationships to the supporting disciplines of physical, personnel, and administrative security.
5239-02 Terms, Abbreviations, and Acronyms
Lists and defines computer security terms, acronyms, and abbreviations that have been standardized for use within the DoN.
5239-03 Designated Approving Authority Guidebook
Provides guidance to the DAA in focusing the efforts of the activity security staff. Contains synopsis of certification and accreditation process. Offers the DAA a step-by-step approach to assist him/her in reaching accreditation decisions.
5239-04 Information Systems Security Manager Guidebook
Provides guidance to the individual assigned responsibility for computer security implementation and operation at Navy activities. Additional guidance is provided for ISSMs at SYSCOMs, CINCs, and other echelon II commands. Illustrates the desirability for management involvement and support for the security program.
C5293-05 TEMPEST Control Officer Guidebook
Provides guidance to the individual assigned responsibility for TEMPEST implementation at a major activity.
5239-06 COMSEC Custodian Guidebook
Provides guidance for individuals responsible for COMSEC equipment and keying material at a DoN activity.
5239-07 Information Systems Security Officer's Guidebook
Aids those who carry out and administer computer security programs for specific AISs and LANs to understand the requirements, identify the necessary planning, and to conduct an effective computer security program.
5239-08 Network Security Officer's Guidebook
Provides policy and step-by-step procedures to individuals responsible for accomplishing a risk analysis on WANs. Provides methods for the determination of system sensitivity and criticality, accomplishment of risk assessment and economic analysis, and determination of environmental hazards and threats to computer systems.
5239-09 User Guidebook
Aids the user, experienced and inexperienced, understand the need for computer security and how to make computer security a part of their daily routine. Includes responsibilities for incident identification and internal activity reporting, PC precautions, Terminal Area Security Officer duties, unclassified TEMPEST information, and Controlled COMSEC item equipment and KEYMAT control.
5239-10 Assessed Product List
Identifies products which have been evaluated for features and assurance of trust.
5239-11 Acquisition Life Cycle Guidebook (PMs/Developers)
Identifies key technical and management actions needed from Program Managers and other developers who have managerial and technical responsibilities for acquiring or certifying computer systems. Oriented primarily towards Program Managers, it focuses on the process and requirements to certify and accredit computer systems. Guide address both MCCR and mission support systems.
5239-12 Considerations for Locally Acquired Systems
Provides security guidance for systems acquired using the Abbreviated System Decision Paper (ASDP) process.
5239-13 Information Systems Selection Technical Evaluation
Provides a guideline for those individuals performing the technical evaluation of contractor proposals for meeting the security specification of an acquisition in the source selection phase of the acquisition.
5239-14 Tailoring Security Policy to System Specific Criteria
Provides guidance on how to generate a security policy for both systems to be acquired and those currently in operation.
5239-15 Controlled Access Protection Guide
Aids the user and security staff in understanding the DoN Controlled Access Protection policy, its relationship to C2, and techniques activities can use to acquire CAP compliant systems.
5239-16 Risk Assessment Guidebook
Provides policy and step-by-step procedures to individuals responsible for accomplishing a risk analysis on systems. Provides methods for the determination of system sensitivity and criticality, accomplishment of risk assessment and economic analysis,and determination of environmental hazards and threats to computer systems.
5239-17 Contingency Planning Guidebook
Aids ISSMs and ISSOs in developing effective contingency plans to ensure availability of critical AIS operations.
5239-18 Security Test & Evaluation Guidebook
Provides information on how to perform security test and evaluation (ST&E) for computer systems, embedded computers, and networks. It addresses microcomputers, minicomputers, mainframes, and specialized computers in both stand-alone and networked environments. The instruction provides general guidance and procedures to security mangers and users for conducting ST&Es.
5239-19 Computer Incident Response Guidebook
Aids the user, ISSO, and ISSM in responding to security incidents involving computer penetrations or malicious code. Provides general guidance for planning activity response and specific procedures for coordination with NAVCIRT.
5239-20 Computer Virus Guidebook
Identifies types of viruses, survey of software techniques, management guidelines, testing for viruses, and countermeasures.
5239-21 Trusted Systems Guide
Supplements the security criteria found in DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria for systems supporting critical and highly critical missions and/or functions. This document is driven by national security policy and the growing potential for malicious logic attacks in the automation environment. It focuses on criticality criteria and their application for automated systems supporting and/or performing critical missions and functions. Application of the specified criteria will help reduce or prevent high-impact incidents from failures, accidents, disasters, errors, or other mishaps. This document is to be used in conjunction with DoD 5200.28-STD and when there is a need (under the constraints of performance, cost, schedule, and risk) to ensure automated system "integrity" and "assurance of service". Provides guidance and examples of systems configured using trusted components.
5239-22 Tactical Computer Systems Security Guidebook
Provides information and guidance for the implementation of DoN security policy in deployable and mobile computer systems. Outlines procedures to secure computers in base/station, storage, during shipment, and while deployed.
5239-23 Medical Systems Guidebook
Provides guidance to the DAA and ISSM at DoN activities employing computers in medical treatment environments. Explains the particular concerns involved for systems whose correct operation literally involves "life-and-death" but which have been developed outside the mission critical or "trusted" system environments.
5239-24 Database Security Guidebook
Provides guidance on enhancing or implementing security in existing DBMSs. Information on existing mechanisms in selected DBMSs will be provided along with ways to enhance the security by automated or procedural methods.
5239-25 Access Control Guidebook
Provides guidance on effective access control systems for computers. Discusses password generation and management, authentication devices, and biometrics controls.
5239-26 Remanence Security Guidebook
Provides policy, guidelines, and procedures for clearing and purging computer systems memory and other storage media for release outside of and for reuse within controlled environments. It pertains to both classified and sensitive unclassified information. Implements DOD 5200.28-M and CSC-STD-005-85.
5239-27 Unix Security Guidebook
Provides guidance for properly configuring the security controls for Unix systems and tools which can be used to verify site specific configurations.
5239-28 AIS Security Master Training Plan
Base stock number = Entire Unclassified Set (Hard Copy)
+1 = Entire Unclassified Set (CD ROM)
+2 = Entire Classified Set (Hard Copy)
+3 = Entire Classified Set (CD ROM)