Overview[]
In 1997, the National Research Council, Committee on Improving Cybersecurity Research in the United States published a Cybersecurity Bill of Rights (CBoR). The following is a list of the 10 provisions in this CBoR.
The first three provisions relate to properties of holistic systems, including availability, recoverability, and control of systems:
- I. Availability of system and network resources to legitimate users.
- II. Easy and convenient recovery from successful attacks.
- III. Control over and knowledge of one's own computing environment.
The next three provisions relate to the traditional security properties of confidentiality, authentication (and its extension, provenance), and authorization:
- IV. Confidentiality of stored information and information exchange.
- V. Authentication and provenance.
- VI. The technological capability to exercise fine-grained control over the flow of information in and through systems.
The next three provisions relate to crosscutting properties of systems:
- VII. Security in using computing directly or indirectly in important applications, including financial, health care, and electoral transactions and real-time remote control of devices that interact with physical processes.
- VIII. The ability to access any source of information (e.g., e-mail, Web page, file) safely.
- IX. Awareness of what security is actually being delivered by a system or component.
The last provision relates to justice:
- X. Justice for security problems caused by another party.