This memorandum provides details and further references for the selection and implementation of security for information systems.