While researching a project I’m working on, I found an interesting publication, National Bureau of Standards Special Publication 500-19, Audit and Evaluation of Computer Security. This publication contains most of the principles found in modern infosec management and control frameworks today. Indeed, looking into the details, one finds discussions of static and dynamic evaluation of computer programs and numerous other familiar topics.
Here’s the punchline. This document was published in 1977. Forty-five years ago.
The next time someone complains to you about having to deal with these “new” cybersecurity standards and practices, you can remind them that these standards and practices are older than most living people in the world today.
Selected screenshots from the Table of Contents.
The entire document is available from NIST here.
Peter H. Gregory 