Public Law 100-235, "Computer Security Act of 1987", January 8, 1988
Office of Management and Budget Circular No. A-130, "Management of Federal Information Resources", February 8, 1996
Office of Management and Budget Circular No. A-123, "Management Accountability and Control", June 21, 1995
DOD Directive 5000.1, "Defense Acquisition", March 15, 1996
DOD Regulation 5000.2-R, "Mandatory Procedures for Major Defense Programs (MDAPS) and Major Automated Information System (MAIS) Acquisition Programs", November 4, 1996
DOD Directive C-5200.5, "Communications Security (COMSEC)", Oct 6 1981
DOD Instruction 5200.40 "DOD Information Technology Security Certification and Accreditation (C&A) Process (DITSCAP)", 30 December 1997
DOD Directive 5220.22, "Industrial Security Program", November 1, 1986
DOD Directive 8500.1, "Information Assurance", 24 October 2002
DOD Directive 8500.2, "Information Assurance (IA) Implementation", 6 Feb October 2003
DOD Manual 8510.1-M, "Department of Defense Information Technology Security Certification and Accreditation (C&A) Process (DITSCAP) Application Manual", 31 July 2000
Federal Information Processing Standards (FIPS), Publication 31 "Guidelines for Automatic Data Processing Physical and Risk Management", June 1974
Federal Information Processing Standards (FIPS), Publication 41 "Computer Security Guidelines for Implementing the Privacy Act of 1974", May 30, 1975
Federal Information Processing Standards Publication 65, "Guideline for Automatic Data Processing Risk Analysis", August 1, 1993
National Computer Security Center (NCSC) Technical Guide 031 (NCSC-TG-031), "The Certification and Accreditation Process Handbook for Certifiers", NCSC-TG-031, 1996
National Computer Security Center (NCSC) Technical Guide 032 (NCSC-TG-032) "Accreditor Guideline", July 1972
National Institute of Standards and Technology (NIST) Special Publication 800-6, "Automated Tools for Testing Computer System Vulnerability", December 1992
National Institute of Standards and Technology (NIST) Publication 800-12, "An Introduction to Computer Security", October 1995
National Security Administration (NSA) Manual DS-80, "INFOSEC Software Engineering Standards and Practices Manual", January 9, 1991
National Security Telecommunications and Information Systems Security Instruction (NSTISSI) 4009, National Information Systems Security (INFOSEC) Glossary, August 1997
Secretary of the Navy Instruction (SECNAVINST) 5239.3A, "Department of the Navy Information Security (INFOSEC) Program", 20 Dec 2004
SECNAVINST 5510.30A (SECNAVINST 5510.30A), "Department of the Navy Personal Security Program", 10 Mar 1999
SECNAVINST 5510.36 (SECNAVINST 5510.36), "Department of the Navy Information Security Program (ISP) Regulation", 17 Mar 1999