'SECURITY REQUIREMENTS FOR AUTOMATED INFORMATION SYSTEMS LOCATED IN OVERSEAS INSTALLATIONS', COMMENTS THEREON

Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0 SECRET" MEMORANDUM FOR: Chief, Management Staff, ODP THROUGH: Chief, Engineering Division, P/ODP FROM: I IChief Engineer Engineering Division, P/ODP SUBJECT: "Security Requirements for Automated Information Systems Located in Overseas Installations", comments thereon Attached are Systems Programming Division and Engineering Division comments on the subject document. Attachment: A/S SECRET Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For Release 2006/ / 4 I RDP83T00573R000300130017-0 Comments on "Security Requirements for Automated Information Systems Located in Overseas Installations" 1. Requirements for semiconductor volatile memory may be over-restrictive (probably makes no difference now, but could affect use of bubble memories in the future). Non-volatile memory is comparable to non-removable storage media. 2. Removability of storage media ought not be an absolute requirement for overseas computers. Technology appears to be movi.1g in the direction of non-removability. Instead, there should be procedures governing how non-removable media is to be handled (e.g. guarded, encrypted, etc.) 3. Page 16 - 17, paragraph 2 refers to system software services. The word "exclusive" is unclear as is-the phrase 4. Page 17, paragraph 3 is unclear 5. Page 18, paragraph 5.b-1, requires passwords for each file. It is more appropriate to require that access be authenticated by password and that there be mechanisms restricting file access to authorized users. 6. Similarly, in paragraph 5.c, access to the system ought to be controlled by password. Access to restricted files could then depend on the authentication provided during initial signon. It may be appropriate to utilize file passwords for infrequently accessed collections of files. However, requiring separate passwords for each file will increase the likelihood of passwords being compromised. 7. Audit trail requirement (page 19) is too stringent for existing software. 8. The requirement (page 20, paragraph 3) that a security officer be involved in restarting a failed system is impractical. 9. "Security Deviation" (page 20, paragraph 7) should be clarified. Different reactions are appropriate to different situations. SECR Approved For Release 2006/11/04: CIA-RDP83TOO573R000300130017-0  ILLEGIB Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0 Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For Release 200SEGR:ETA-R DP83T00573R000300130017-0 SECURITY REQUIREMENTS FOR AUTOMATED INFORMATION SYSTEMS LOCATED IN OVERSEAS INSTALLATIONS SECRET Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For Release 2006115 1dRIF-~ZDP83T00573R000300130017-0 u TABLE OF CONTENTS I Purpose II Applicability III Responsibilities A. Headquarters Component B. Overseas Location C.. Information Systems Security Group (ISSG), Office of Security D. Overseas security Support Branch (OSSB), Office of Security E. Communications Security Division (CSD), Office of Communications F. Area Headquarters, Office of Communications G. Technical Security Division (TSD), Office of Security IV 5 stem Security Requirements A. Physical Security 1. ADP Facility Location 2. User Terminal Locations 3. ADP Facility Construction Criteria 4. Personnel Access Controls a. Station or Base b. ADP Facility C. Storage Areas 5. Data and Program Storage Media a. Identification/Labeling b. Storage c. Open Shelf Storage d. Transportation e. Logging and Personal Accountability B. Technical Security 1. Audio Countermeasures 2. Alarm Systems 3. Procedures - Alarm Activation 4. Procedures - Alarm Failure C. Communications Security 1. Equipment Installation a. General SECRET Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For ase 2006/1 1/&ECIR- P83T0057. 00300130017-0 b. Power c. Conduit 2. Telecommunications Equipment Installation a. Standards 3. Telecommunications Signal Lines a. Criteria 4. Emanations 5. Cryptograhic Security D. Information Systems Security 1. Systems Hardware 2. System Software 3. Data Files 4. Sanitization/Destruction a. Policy b. Procedures 5. System Access Controls a. Remote Terminals/Terminal Areas 6. Audit Trails V System Operation A. System Preparation S. Data Processing C. Processing Termination - Normal D. Processing Termination - Emergencies VI System Equipment Transportation and Storage A. Transportation B-. Storage VII System Maintenance/Modifications A: System Hardware B. System Software VIII Emergency Procedures SECRET Approved For Release 2006/11/043 CIA- RDP83T00573R000300130017-0  Approved For Release 2006/11/ ClRETP83T00573R000300130017-0 I Purpose This manual establishes security requirements, standards, and specifications for the protection of word and/or data processing (ADP) systems (hereinafter referred to as automated information 25X1 g systems) and information stored in or processed by information systems located in overseas Stations-or Bases (hereinafter referred to as"overseas location(s)". II Applicability The security requirements, standards, and specifications established herein apply to all automated information processing systems used at overseas locations. This includes systems which interface with telecommunications services, as well as stand-alone and n ,ptworked systems. These requirements do not replace or supergede existing minimum requirements established by other directives, but rather establish a base for additional, security in the area covered. III Responsibilities A. Responsible Headquarters Component The Headquarters Component having primary responsibility for the proposed site of an automated information processing system in an overseas location shall: 1. Request of the Chief, Information Systems Security Group, (ISSG) Office of Security, the necessary pre-installation security survey of the proposed overseas location. 2.. In coordination with. the Chief of Station or Base, approve the designation of a qualified ADP System Security Officer for the proposed site. 3. In coordination with the Chief of Station or Base, the assigned Information System Security Officer (ISSO), and other Headquarters components as required, develop an ADP System Ins t:allation Plan tailored to the selected Station or Base. (See Paragraph C. below) 4. Submit the developed ADP System Installa.:ion Plan to the Chief, ISSG, Office of Security, for final approval. The transmittal document will include a certification that the requirements, standards, and specifications recommended by the pre-installation security survey team and established herein are to be' implemented for the Station or Base. 5. In coordination with the designated Information SEORE !, Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For ase 2006/11/0 E6RE9 3T0057 00300130017-0 Systems Security Officer (ISSO), develop Station or Base Emergency Plan documentation for the evacuation and/or destruction of data and program storage media, and system equipment. B. Overseas Location The Chief of each Station or Base proposing to use an automated information processing system shall 1. Provide area, space, and any special recommendations to the appropriate Headquarters component for inclusion in the ADP System Installation Plan. 2. In coordination with the Headquarters component, designate an ADP System Security Officer for the Station or Base. 3. Direct the ADP System Security Officer to establish and implement in coordination with the designated Information Systems Security Officer (ISSO), a formal ADP System Security Program to ensure compliance with the requirements established herein for the location's automated information processing system. C. Information Systems Security Group (ISSG), Office of Security The Chief, ISSG, is responsible as the ISSO to determine, formulate, interpret, and disseminate policies, and guide the implementation of the security requirements, standards, and specifications within I I and its facilities to ensure compliance with app i.ca a Executive Orders and Directives relating to information systems in accordance with DCID 1/lc. The Chief, ISSG, shall appoint an information Systems Security Officer (ISSO) for each overseas location designated to use an automated information processing system. The ISSO shall: 1. Serve as the security focal point for each assigned automated information processing system. 2. Review the ADP System Installation Plan for each assigned overseas location to ensure that all requirements, standards, and specifications relevant to the proposed installation are implemented. This includes obtaining written certification from the responsible Headquarters component of the satisfactory compliance with these requirements. - 5 - Approved For Release 2006/1(Wft4 i Al DP83T00573R000300130017-0  Approved For Release 2006/11/04 ,3T00573R000300130017-0 3. Submit for approval by the Chief, ISSG, the ADP System Installation Plan established for each assigned overseas location. 4. Obtain approval for the ADP System., Security Program from the Chief, ISSG, for each location. This program shall include the complete spectrum of security controls and safeguards for each system in each location. The ADP System Security Program shall,be prepared with appropriate input from other Headquarters components having specific areas of interest. These include but are not limited to the responsible Headquarters component, the Overseas Security Support Branch (Office of Security), the Communications Security Division (Office of Communications), and the Technical Security Division (Office of Security). 5. Conduct and/or participate in pre-installation security surveys of each assigned overseas automated information processing site. 6. As appropriate, coordinate reports received concerning each assigned overseas location's automated information processing system with the Overseas Security Support Branch (Office of Security), the Communications Security Division (Office of Communications), the Technical Security Division (Office of Security), and the responsible Headquarters component. 7. Review the ADP System Security Program established for each assigned overseas location for continued compliance with the requirements, standards, and specifications established herein. 8. Schedule and conduct an annual security survey and audit of each assigned overseas automated information processing system. D. Overseas Security Support Branch (OSSB), Office of Secur i_ The overseas Security Support Branch shall: 1. interpret, and disseminate policies relating physical security matters as they pertain tol automated information processing systems in overseas locations. 2. In coordination with the designated ISSO, conduct periodic (minimum once every 2 years) physical security surveys of all automated information SECRET Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0 25X1  Approved For Release 2006/11/04 - IA('-~RpDP83T005700300130017-0 Oft SE W~ processing systems in overseas locations. 3. As appropriate, coordinate all physical security reports received concerning overseas automated information processing locations with the Information Systems Security Group (Office of Security), the Communications Security Division (Office oE- Communications), the Technical Security Division (Office of Security), and the responsible Headquarters component. 4. As. required, participate in pre-installation physical security surveys of proposed overseas automated information processing system locations. E. Communications Security Division (CSD), Office of Communications 1. Interpret and disseminate policies relating to c tions security matters as they pertain to utomated information processing systems locat'p in overseas locations, including those systems used for telecommunications services. 2. Conduct TEMPEST testing for all IADP. Systems located in overseas locations. 3. As appropriate, coordinate reports received concerning overseas automated information processing system communications security matters with the Information Systems Security Group (Office of Security), the Overseas Security Support Branch (Office of Security), the Technical Security Division (Office of Sep?.3rity) and the responsible Headquarters component. F. Area Headquarters, Office of Communications The Area Headquarters shall: 25X1 1. Conduct communications secu . LY-4 excluding TEMPEST testing, of all automated information processing systems located in overseas locations. 2. As required, participate in pre-installation security surveys of proposed overseas automated information processing systems. G. Technical Security Division (TSD), Office of Security The Technical Security Division shall: Approved For Release 2001' QU: A-R DP83T00573R000300130017-0  3tt RLI Approved For Release 2006/11/04: CIA-RDP8 005738000300130017-0 1. Conduct an Audio Countermeasures (ACM) inspection of all automated information processing system locations and all user terminal positions remote from the automated information processing system central processor. 2. Install an approved alarm system in the ADP Facility and all areas remote from the ADP Facility in which user terminals are positioned. ("ADP Facility" is defined in Section IV A). IV System Security Requirements .A. Physical Security 1. ADP Facility Location All automated information processing system equipment excluding terminals approved for locations remote a central processor, shall be located within controlled space within the overseas location, in an interior room, when possible, and on a floor which precludes access from the outside (hereinafter referred to as the "ADP Facility"). 2. Use.- Terminal Locations All user terminals should be located within the ADP Facility. Recognizing, however, that Station or Base operational requirements or physical restrictions may preclude the installation of all user terminals within the ADP Facility, the following requirements are established as minimum for the location of user terminals in positions remote from the ADP Facility: a. All user terminals shall be located within controlled space. b. All user terminals shall be located in alarm protected areas and, when possible, in rooms meeting the criteria for a "secure area". (See Section IV B - Technical Security). SECRET Approved For Release 2006/1 1/04: C;IA-R DP83T00573R000300130017-0  Approved For ase 2006/11EGP83T0057 r~ 3. ADP Facility Construction Criteria a. Existing Buildings An ADP Facility which is to be located in an existing building shall be constructed to meet the existing criteria for a "secure area". b. New Buildings 125X1 be approved by the Office of Communications. 4. Personnel Access Controls Approved 24 hour a day protection is required it each location in which an ADP Facility is instaled. Headquarters will normally not approve installation of an A 'n sites lacking the 24 hour approved because of the inability to provide sa isfactory alarm response. b. ADP Facility Only Staff employees who possess an established need-to-know, as determined by the Chief of Station or Base, shall be allowed access to the ADP Facility. If cryptographic equipment or material is installed in the ADP Facility, appropriate Cryptographic clearances are required. (See Section IV Paragraph C5b). c. Storage Areas 25X1 Only staff employees who possess an esta is a need-to-know shall be allowed access to - 9 - Approved For Release 2006/tltO,44 I* RDP83T00573R000300130017-0  Approved For Release 2006/11/04 -.4L P 3T00573R000300130017-0 the approved storage area in which data and program storage media are maintained. 5. Data and Program Storage Media a. Identification/Labeling 1) Demountable data and program storage media (magnetic tapes, disk packs, floppy disks, a;..:i cassettes) shall bear an external label to clearly indicate the highest security clasification and/or compartments of the information stored on the media. 2) Card decks shall be marked so as to clearly indicate the highest security classification and/or compartments of the information stored on the deck. 3) Program listings, including program listings on microform, shall be labeled so as to clearly indicate the highest security classification and/or compartments of the information listed. 4) Any punched paper. tapes used shall be labeled and marked so as to clearly indicate the highest security classification and/or compartments of the information recorded. b. Storage All demountable data and when not being used, shallrberplacedrineaneapproved Class 5 security container. These security containers may be located within the ADP Facility or the Station or. Base vault (other than that used for communications facilities) provided the Station or Base vault meets the standards established for an ADP Facilit y. c. Open Shelf Storage ADP Facilities wherein the system does not have removable storage media or where the internal memory is non-volatile, shall only be approved when the construction of the ADP Facility meets the requirements for open shelf storage of the material contained. d. Transportation The physical movement of all demountable data and e media outside the approved secure program storasEqEr .0 Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For case 200611 'E4dR -1 DP83T0057 00300130017-0 area, or between the overseas location's buildings, shall be accomplished in accordance with existing requirements for the movement of classified documents of an equal classificati-on. The prescribed and approved logging and personal. accountability procedures shall be used. e. Logging and Personal Accountability 1) A logging and personal accountability system shall be established and maintained, and shall be based on procedures approved by the designated Information System Security Officer. 2) Staff employees shall be designated and identifiable on an access list to receipt for all classified data and program storage media. 3) The logging and personal accountability system shall include logs for the removal and return of all demountable data and program storage media from and to the approved storage area. 4) The access lists and the logging and personal accountability system shall be periodically reviewed by the designated Information Systems Security Officer to determine their accuracy and currency. B. Technical Security 1. Audio Countermeasures An Audio Countermeasures (ACM) inspection will be conducted in the proposed ADP Facility and in all areas remote from the ADP Facility in ~hhicheuser terminals are to be positioned, prior operational implementation of any automated information processing. 2. Alarm Systems The ADP Facility and all areas remote from the ADP Facility in which user terminals are to be positioned shall be equipped with an office of Security approved alarm system. If the ADP Facility, or any user terminal area, is partitioned into separate areas by wall to ceiling panels, each subdivided area shall have an independent alarm and/or sensor. 3. Procedures - Alarm Activation SECRET Approved For Release 2006/11/841 tI RDP83T00573R000300130017-0  Approved For Release 2006/11/04SEU3T00573R000300130017-0 25X1 25X1 b. The shall immediately summon the responsz e c. The responsiblel officer shall inspect the alarmed area for evidence of a penetration or attempted entry. d. If evidence of a penetration or attempted entry is discovered, the responsible officer shall: 1) Fully secure the affected area. If the ADP Facility or area in which a remote user terminal is located cannot be fully secured after an alarm activation, the area shall be occupied by an taff employee until the alarm system is restored to service. 2) Time of alarm activation b) Area of alarm activation c) Type of alarm (volumetric or door contact) d) Condition at the time of alarm activation, ie. (1) Was there a power failure in the area? (2) Did alarm function properly when checked following the activation? a) (3) Any other information which will assist the Chief, Regional Security Group, to determine whether the information processing equipment affected can be placed back in operation, and when. 3) Maintain the affected area and equipment in a fully secure status until a response is received. 4) Following the response, arrange for the conduct of a full audio countermeasures in.:pection prior .sE~?EL 2 - Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For ase 2006/11/04: CIA-RDP83T005700300130017-0 AMM"a SECRET to placing the area and equipment back into service. 4. Procedures - Alarm Failure In the event of an alarm failure the responsible fficer shall: a. Report the incident via a PRIORITY cable slugged 1) Time alarm failure discovered 2) Area of alarm failure 3) Type of alarm (volumetric or door contact) 4) As much information about the alarm failure as possible to assist the regional security group and or Headquarters to diagnose the failure problem. If repair instructions cannot be provided by cable, a qualified security officer will be sent to the Station or Base either from the appropriate regional group or Headquarters. b. obtain appropriate increased guard coverage until the alarm is again operational. C. Communications Security, 1. Equ ipnent Installation a. General National Communications Security policy requires that classified information which is transmitted electrically must be protected either by the use of approved cryptographic equipment, or by protected distribution systems. All transmission paths between a remote terminal and the ADP Facility, therefore, must be protected by one of these means if classified information is processed. The Standards for Protected Distribution Systems are contained in National COMSEC Instruction (NACSI) 4009. SECRET Approved For Release 2006/11/04.: lA-R DP83T00573R000300130017-0  Approved For Release 2006/11/04 : 4_ ~T00573R000300130017-0 1) A non-standard power plug and receptable shall be used for all automated information processing system equipment to the selected power outlet to preclude movement of the equipment from its designated installation position. 2) All automated information processing system equipment shall be connected to a ground and that ground shall be made through the ground wire of the AC power cord. 1) All equipment installations that plan to use a protected distribution system shall be considered for approval on a case-by-case basis. 2) All automated information processing system equipment shall be installed using a dedicated power run housed in ferrous conduit and terminating at its own breaker in the power panel closest to the, equipment. 2. Telecommunications Equipment_In...tallatio a. Standards Installations of automated information processing system equipment to be used for telecommunications services shall meet the standards defined in the Office of Communications handbooks OCHB--F 10.70.2 (Staff Communications Security General) and National Communications Security Instruction (NACSI) 5203. 3. Telecommunications-Signal Lines a. Criteria Signal lines connecting the installed automated information processing system equipment'to the Station or Base Communications Center, when the equipment is used for telecommunications services, shall meet the following criteria: 1) The signal line must be optically isolated to break the signal line metallic conductors. 2) The signal line must he non-ferrous cable with the shield grounded at the communications facility end only. SECRET Approved For Release 2006/11/04: CIA-R?P83T00573R000300130017-0  Approved For ase 2006/11/04: CIA [2P RTEQ575 4-. Emanations a. All automated information processing system equipment used in overseas locations shall meet the specifications set forth in the National COMSEC/EMSEC Information Memorandum (NACSEM) 5100. b. All installations of automated information processing system equipment, regard-less of mode of o-peration, shall be in accordance with the NACSI 5203 publication. c. All automated information-processing system equipment installed in overseas locations shall be positioned, where possible, so as to have a three (3) foot area of control which is the three dimensional space surrounding the automated information processing system equipment. e. The following minimum installation separation requirements shall ap.)ly to all automated information processing system equipment installed in overseas locations. SEPARATION FROM MINIM UM DISTANCE rrL'ransmitters/Receivers 3 Feet CCTV/Tape Recorders 3 Fee- ',--Converters/Oscillators 3 Feet Black Signal Lines 2 inches Modems 2 inches Black Patch Panels 2 Inches Power Lines 2 Inch-es Black Telephones 3 Feet Step Down Transformers 2 Inches Black Computer Processors 3 Feet Voltage Regulators 2 Inches Outside and Uncontrolled Walls 3 Feet Intercom Systems 3 Feet 3 Feet- f. Radios and/or other electrically operated entertainment devices shall not be located in the ADP Facility nor in any room housing cryptographic equipment. Further, radios and/or other ,SECRET Approved For Release 2006/11/04-. 4ITk-RDP83T00573R000300130017-0  Approved For Release 2006/11/0P83T00573R000300130017-0 electrically operated entertainment equipment shall not be located within 3 feet of any automated information processing, or cryptographic equipment, regardless of the number of intervening walls. 5. Cryptographic Security a. All cryptographic equipment shall be installed, operated, and maintained in accordance with the procedures issued by the Office o.f Communications. b. All cryptographic equipment and all other COMSEC accountable material will be issued to the Station or Base "Communications Facility COMSEC Custodian" by the Central Office of Record (COR). The Communications Facility COMSEC Custodian will, in turn, issue the required material to the Station or Base ADP System Security Officer on a hand receipt which will be updated semi-annually. D. Information Systems SecuritV 1. s tem Hardware Unless a formal waiver is obtained from the Director of Security, the following automated information processing system hardware requirements are established as minimum. a.. All automated information processing system equipment shall be TEMPEST approved. b. All automated information processing system central processor units shall possess semiconductor volatile internal memory. c. All automated information processing system equipment shall use removable data storage media (disks, disk packs, magnetic tapes, floppy disks, tape cassettes) . 2. System Software All automated information processing systems which utilize an Operating System shall provide the following exclusive services: 1) Cause all applications programs to load as scheduled. 2) Allocate memory, direct access storage space, ~: ( ~z )f --L_ LWUU I Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For Release 2006/11/04: CIA-RDP83T0057Q00300130017-0 ,SEC RL and devices to applications programs. 3) Handle all input/o?tput functions related to available and shared resources.' 4) Handle all interrupts.designa-ted for applications programs in a known and secure manner. 5) Protect itself, and provide an authorization function to permit only approved sets of individuals and programs to be combined for a particular job run. 5) Provide for the production of an audit trail record. (See Audit Trails, Section IV Paragraph DFi) . 25X1 25X1 3. Data Files All data files used and/or created during processing shall contoin only data recorc'.: organized for proc ess i -v and/or I I related information. 4. Sanitization/Destruction a. Policy The sanitization requirements and procedures established herein do not apply to "Restricted Data" or formerly "Restricted Data" as defined in Section II, Atomic Energy Act of 1954 as amended, and codified at 42 USC, Section 201(y) , or to storage media on which COMSEC keying material has ever been recorded. These materials shall be either destroyed or returned to Headquarters in compliance with current directives concerning such materials. 1) Card Decks, Program Listings, and Paper Tapes When no longer needed for the processing of eta, card decks, program listings, or paper tapes shall be destroyed in accordance with current security approved .destruction procedures 2) All Other Data and Program Storage Media When no 'conger needed for the processing of Approved For Release 2006/11 /Q i' 83T00573R000300130017-0  Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0 'Mr" -ftfwp~ 25X1 data, or when deemed inoperative, all other data and program storage media (magnetic tapes, floppy disks, tape cassettes, disk packs, or other rigid magnetic storage devices) shall be either destroyed in accordahce with current security approved destruction procedures, or returned to the Responsible Headquarters component via classified pouch for appropriate disposition. 5. System Access Controls a. Remote Terminal/Terminal Areas 1) User terminals located in positions/areas remoted from the ADP Facility shall be system identifiable, by location, and individually designated for a specific security classification access level. 2) Access to areas in which remote terminals are installed shall be restricted during processing operations; only those terminals designated for the security classification access level being processed shall be logically connected data processing system, and only those employees with an established need to know shall be allowed access to the system. b. Data Files file - i -i. .J aCU L)y a password and indicators to describe to the system the type of access authorized. 2) Access to the master data file containing the assigned unique user passwords shall be limited to the Station or Base ADP System Security Officer (the assigner) . 3) Access to data files shall be-permitted only at s .ie and system identifiable terminals, and system output shall be restricted to the same specific identifiable terminals .:nd printers. c. User Identifiers (Passwords) 1) User access to an data file hal, b e con1L.Lo fled through the use of a unique identifier (Password), and shall be authenticated by the system each time the user desires to access the data processing system. 18 Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For aaWase 2006/11/04 : 1005700300130017-0 2) The password shall not be printed or displayed at any terminal and shall be considered to he at the highest classification level of the data processed by the system insofar as its issuance, individual handling, and storage. 3) User data file passwords shall be changed and new passwords issued: a) Immediately following any suspected security compromise, or b) When it is determined that an individual no longer requires access to the system, or c) Every six months. NOTE 1: These requirements do not apply to stand-alone word processing terminals. NOTE 2: For some Stations or Bases located in criteria areas, the ISSO may require more frequent password changes. 5. Audit Trails All automated information processing systems which utilize an Operating System shall provide an audit trail record capability. The audit trail record, as a minimum, shall accurately reflect: a. All unauthorized at-tempts to access the information processing system, any application program, or any data file. b. All authorized system users who attempt to access an unauthorized application program or data file. C. Any system user who accesses, or attempts to access, an application program. or data file during non-duty hours. V System Operation A. System Preparation 1. Approved physical security safeguards as defined in the overseas location's ADP System Security Program and applicable to the information processing system to be used shall be activated. Approved For Release 200641-R DP83T00573R000300130017-0  Approved For Release 2006/11/04' CIA-gbId3T00573R000300130017-0 2. When no cryptographic equipment is included in an ADP installation, the procedures approved by the Director of Security for controlling personnel access to the ADP Facility, and any remote terminals to he used, shall be activated. When cryptographic equipment is included in the ADP installation, the procedures approved by the Director of Communications, and coordinated with the Director of Security, shall be implemented . 3. All telephones located in the ADP Facility shall be physically disconnected using a plug and jack arrangement, or a WEC0 270 disconnect, or secured with an approved cryptographic system. 4. The demountable data and program storage media to be used during processing shall be removed from security approved storage, mounted on the appropriate equipment, and the system made ready for processing. S. Data Processing 1. All system controls shall conform to those required for the protection of the highest classification of the information being processed. 2. Authentication of system user personnel shall be performed by the ADP system. 3. Should an abnormal data processing system operation occur involving any demountable data and/or program storage media (runaway tape or malfunctioning disk pack), the processing operation shall be stopped and the ADP System Security Officer shall be contacted for a determination of the action to be taken. 4. Following any abnormal system operation, the incident shall be logged and the log maintained. 5. Following an abnormal system operation, the ADP System Security Officer shall, within 24 hours of the occurance of the incident notify Headquarters via ROUTINE cable slugged of the incident and the corrective action taken. 5. Following an abnormal system operation, the System Operating System shall be reloaded and the information processing system reinitialized. 7. Should a security deviation (i.e., a suspected security compromise) occur during the data processing operation, the processing operation shall be stopped, and the ADP System Security Officer contacted ,SEPU ILI) E -1 .20 - Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For Ukase 2006/11/04VE3T0057 0300130017-0 immediately for a determination of the action to be taken. 8. Following a suspected security compromise, the incident shall be logged and the log maintained. 9. Following a suspected security compromise, the ADP System Security Officer shall, within 24 hours of the occurance of the incid tify Headquarters via PRIORITY cable slugged unless the Chief of Station or Base determines t at an IMMEDIATE OR IMMEDIATE NIACT cable is indicated by the circumstances of the incident. Corrective action taken by the ADP System Security Officer will be included. If cryptographic material is involved in the incident, an INFO copy of the cable will be provided the Communications Security Division (CSD), Office of Communications by the inclusion of the COMMO slug. 10. Should an act of nature or man-initiated emergency occur (e.g. fire, earthquake., riot, terrorism) or threaten, the ADP System Security Officer shall be contacted immediately. The ADP System Security Officer shall prepare to initiate appropriate emergency procedures. See Section VIII. Actual destruction of any storage media or equipment shall be at the direction of the Chief of Station or Base, or when loss of control of the Facility is imminent. C. Processing Termination-Normal 1. All demountable data and program storage media used or produced during the processing operation, including the Operating System, shall be removed from the appropriate device. 2. All demountable data and program storage media used during the processing operation, incuding the Operating System, shall be labeled and placed in security approved storage. 3. The automated information processing system rain Power Switch shall be placed in the OFF position. All classified waste, notes, listings, printer and console ribbons for disposal shall be handled in accordance with established procedure-s for destruction of classi Eied waste. 5. All output such as printouts shall be placed in security approved storage. f. The ADP Facility shall be secured in accordance with SERE Approved For Release 2006/11!04 -1CIA-RDP83T00573R000300130017-0  Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0 the prc',Zedures approved by the ISJand defined in the location's ADP System Security Program. 7. All user terminals located in positions remote from the ADP Facility shall be secured in accordance with the procedures approved by the ISSO and defined in the location's ADP System Security Program. D. Processing Termination-Emergencies See Section VIII, Emergency Procedures. VI S stem Equipment Transportation and Storage A. Transportation The transportation of automated information processing system equipment for installation in overseas locations, and the return of system components and. equipment for repair/maintenance, shall be accomplished using the currently available TECHREQ procedure. B. Storage The Chief of Station or Base shall provide storage for all automated information processing equipment receiv_d and waiting installation in an area which mf its the security requirements established in Section IV, Paragraph A3a. VII 8 stem Maintenance/Modification A. System Hardware 1. Maintenance All on-site maintenance of autornatE i information 25X1 processing system equipment installed in an overseas location shall be performed by personnel assigned to the Area Telecommunications Office, Office of Communications. 2. Modifications All on-site changes of equipment configuration, or modifications to an existing system component, shall be: a. Approved, in writing, by the (Thief, Information SECS Approved For Release 2006/11/04: CIA-RDP83T00573R000300130017-0  Approved For R&Lgase 2006/11/04 : Clp-l . i1 573 90300130017-0 Systems Security Group, and b. Accomplished by personnel assigned to the Area Technical Office, Area Headquarters, Office of Communications. B. System Software 1. Maintenance/Modifications a. All automated information processing system software (programming) maintenance and/or modifications shall be acco-oplished under the control of the Responsible Headquarters component office and provided to the overseas location as a completely tested and operational module or software package. b. The responsible ISSO shall, in coordination with the Responsible Headquarters component office, review all system software modifications and certify, in writing, that the modification does not impact adversely the security profile of the modified system. VIII Emergency Procedures A. In coordination with the ISSO and the Station or Base ADP System Security Officer, the Headquarters component office having primary responsibility shall develop, document, and maintain the following automated information processing system emergency procedures. 1. Emergency Sanitization - Data and Program Storage Media 2. Emergency Protection - Data and Program Storage Media 3. Emergency Protection - Word and Data Processing Equipment 4. Emergency Destruction - Data and Program Storage Media Emergency Destruction - Word and Data Processing Equipment B. Each Emergency Procedure will be submitted to the Chief, Information Systems Security Group for final approval., The Chief, Information Systems Security Group shall, as appropriate, coordinate each Emergency Procedure with the Overseas Security Support Branch (OSSB), Office of Security, the Communications Security Division (CSD), S ET /04 A=RE Approved For Release 2006/11 P83T00573R000300130017-0  Approved For Release 2006/.11/04: CIA-R DP83T00573R000300130017-0 Office of Communications, and the Technical Security Division (TSD), Office of Security, prior to final approval. C. Procedures for the handling of cryptographic equipment and materials in emergencies shall be in accordance with the requirements stated in the Station or Base Communications Facility Emergency Destruction Plan and any additional local procedures agreed upon between the location's ADP System Security Officer and the Telecommunications Officer. ALL PORTIONS OF THIS DOCUMENT ARE SECRET SECRET Approved For Release 2006/11/04: CIA-R DP83T005.73R000300130017-0