POLICY FOR PROTECTION OF SENSITIVE, BUT UNCLASSIFIED INFORMATION IN FEDERAL GOVERNMENT TELECOMMUNICATIONS AND AUTOMATED SYSTEMS

Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 MEMORANDUM FOR: C/ER I reed a call from a copy of Do you agree disagree who would like ue Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 STAT STAT STAT STAT Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 NSDD ?-/ 5 HAS BEEN RESCINDED/SUPERSEDED BY N V.2 Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 EXECUTIVE E 2RETARIAT ROUTING SLIP TO: -, ACTION INFO DATE INITIAL 1 DCI X 2 DDCI X 3 EXDIR X 4 D/ICS X 5 DDI X 6 DDA X 7 DDO X 8 DDS&T X 9 Chm/NIC 10 GC X 11 IG 12 Compt X 13 D/OLL 14 D/PAO 15 D/PERS 16 VC/NIC 17 D/COMMO/DA X 18 NI0/FD1A X 19 D/OIT/DA X 20 D/OIS/DA X 21 D/Security X 22 3637 (10-81) Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 STAT Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 THE WHITE HOUSE WASHINGTON 4648 ADD-ON October 29, 1986 MEMORANDUM FOR THE VICE PRESIDENT THE SECRETARY OF STATE THE SECRETARY OF THE TREASURY THE SECRETARY OF DEFENSE THE ATTORNEY GENERAL THE SECRETARY OF COMMERCE THE SECRETARY OF TRANSPORTATION THE SECRETARY OF ENERGY THE DIRECTOR, OFFICE OF MANAGEMENT AND BUDGET THE DIRECTOR OF CENTRAL INTELLIGENCE= CHAIRMAN, JOINT CHIEFS OF STAFF ADMINISTRATOR, GENERAL SERVICES ADMINISTRATION DIRECTOR, FEDERAL BUREAU OF INVESTIGATION DIRECTOR, FEDERAL EMERGENCY MANAGEMENT AGENCY THE CHIEF OF STAFF, UNITED STATES ARMY THE CHIEF OF NAVAL OPERATIONS THE CHIEF OF STAFF, UNITED STATES AIR FORCE COMMANDANT, UNITED STATES MARINE CORPS DIRECTOR, DEFENSE INTELLIGENCE AGENCY DIRECTOR, NATIONAL SECURITY AGENCY MANAGER, NATIONAL COMMUNICATIONS SYSTEM SUBJECT: Policy for Protection of Sensitive, but Unclassified Information in Federal Government Telecommunications and Automated Systems The NSDD-145 SSSG has approved the policy for Protection of Sensitive, but Unclassified Information in Federal Government Telecommunications and Automated Systems for immediate implementation by all Federal Executive Branch Departments and Agencies. Attachment Policy Statement cc: Director, OMB Director, WHMO Director, OA Director, USSS Director, OSTP Director, OPM hn M. Poindexter A (cm Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 1 11 NTISS NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY NTISSP No. 2 29 October 1986 NATIONAL POLICY ON PROTECTION OF SENSITIVE, BUT UNCLASSIFIED INFORMATION IN FEDERAL GOVERNMENT TELECOMMUNICATIONS AND AUTOMATED INFORMATION SYSTEMS Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 SSSG SYSTEMS SECURITY STEERING GROUP CHAIRMAN FOREWORD NSDD-145, "National Policy on Telecommunications and Automated Information Systems Security," signed by the President on 17 September 1984, in part provides policy and direction for systems protection and safeguards for telecom- munications and automated information systems that process or communicate sensitive but unclassified information. The NSDD-145 Systems Security Steering Group has established that sensitive, but unclassified information that could adversely affect national security or other Federal Government interests shall have system protection and safeguards; however, the determination of what is sensitive, but unclassified information is a responsibility of Agency heads. Executive Order 12356 prescribes requirements for classifying, declassifying, and safeguarding national security information. This policy and the principles and procedures contained in Office of Management and Budget (OMB) Circulars Nos. A-123 and A-130, "Management of Federal Information Resources," .are complementary. John M. Poindexter , Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 NATIONAL POLICY ON PROTECTION OF SENSITIVE, BUT UNCLASSIFIED INFORMATION IN FEDERAL GOVERNMENT TELECOMMUNICATIONS AND AUTOMATED INFORMATION SYSTEMS SECTION I - POLICY Federal Departments and Agencies shall ensure that telecommunications and automated information systems handling sensitive, but unclassified information will protect such information to the level of risk and the magnitude of loss or harm that could result from disclosure, loss, misuse, alteration, or destruction. SECTION II - DEFINITION Sensitive, but unclassified information is information the disclosure, loss, misuse, alteration, or destruction of which could adversely affect national security or other Federal Government interests. National security interests are those unclassified matters that relate to the national defense or the foreign relations of the U.S. Government. Other government interests are those related, but not limited to the wide range of government or government-derived economic, human, financial, industrial, agricultural, technological, and law enforcement information, as well as the privacy or confidentiality of personal or commercial proprietary information provided to the U.S. Government by its citizens. SECTION III - APPLICABILITY This policy applies to all Federal Executive Branch Departments and Agencies, and entities, including their contractors, which electronically transfer, store, process, or communicate sensitive, but unclassified information. SECTION IV - RESPONSIBILITIES This policy assigns to the heads of Federal Government Departments and Agencies the responsibility to determine what information is sensitive, but unclassified and to provide systems protection of such information which is electronically communicated, transferred, processed, or stored on telecommunications and automated information systems. The Director of Central Intelligence shall, in addition, be responsible for identifying sensitive, but unclassified information bearing on intelligence sources and methods and for establishing the system security handling procedures and the protection required for such information. , Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 Federal Government Department and Agency heads shall: a. Determine which of their department's or agency's information is sensitive, but unclassified and may warrant protection as sensitive during communications or processing via telecommunications or automated information systems. This determination should be based on the department's or agency's responsibilities, policies, and experience, and those require- ments imposed by Federal statutes, as well as National Manager guidance on areas that potential adversaries have targeted; b. Identify the systems which electronically process, store, transfer, or communicate sensitive, unclassified information requiring protection; c. Determine, in coordination with the National Manager, as appropriate, the threat to and the vulnerability of those identified systems and; d. Develop, fund and implement telecommunications and automated information security to the extent consistent with their mission responsibilities and in coordination with the National Manager, as appropriate, to satisfy their security or protection requirements. e. Ensure implementation of telecommunications and automated information systems security consistent with the procedures and safeguards set forth in OMB Circular A-123 and A-130. The National Manager shall, when requested, assist Federal Government Departments and Agencies to assess the threat to and vulnerability of targeted systems, to identify and document their telecommunications and automated informa- tion systems protection needs, and to develop the necessary security architectures. , Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 R Next 1 Page(s) In Document Denied Declassified in Part - Sanitized Copy Approved for Release 2013/08/01 : CIA-RDP01M00147R000100100001-5 STAT