SANITIZED VERSION OF DCID NO. 1/16 FOR USIB CONTRACTORS AND NON-USIB GOVERNMENT AGENCIES
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP89B01354R000100080003-0
Release Decision:
RIPPUB
Original Classification:
C
Document Page Count:
13
Document Creation Date:
December 21, 2016
Document Release Date:
October 9, 2008
Sequence Number:
3
Case Number:
Publication Date:
October 17, 1973
Content Type:
MEMO
File:
Attachment | Size |
---|---|
![]() | 415.74 KB |
Body:
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
IBSEC-CSS-R-14
17 October 1973
COMPUTER SECURITY SUBCOMMITTEE
OF THE
UNITED STATES INTELLIGENCE BOARD
SECURITY COMMITTEE
MEMORANDUM FOR: Chairman, USIB Security Committee
SUBJECT : Sanitized Version of DCIT- No. 1/16 for USIB
Contractors and.Non-USIB Government Agencies
1. Earlier this year the Computer Security Subcommittee
identified a requirement for disseminating the substance of
DCID No. 1/16, "Security of Compartmented Computer Operations"
outside the Intelligence Community where sensitive compart-
mented information is processed by computer. This requirement
was acute at certain USIB contractor installations and in non-
USIB Government agencies involved in the computer processing
of compartmented material.
2. In response to this requirement the Subcommittee has
developed the attached "Intelligence Community Policy - Secu-
rity of Compartmented Computer Operations" as a sanitized
version of DCID No. 1/16. This sanitization will permit dis-
semination of Community security requirements in this area to
other agencies and to contractors where dissemination of the
Directive itself is constrained due to the controls on DCID
formatted material.
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
3. It is proposed that following Security Committee
approval of the attachment and USIB consideration, if
necessary, the attached policy paper may be distributed as
required on a selective basis through normal compartmented
control officers but without compartmented controls.
Chi
Computes Security Subcommittee
Distribution:
Orig & 1 - Addressee
1 - ISSG File: Custodian Files, USIB/CSS, Reports to SECOM
1 - ISSG Chrono
OS/P&M/ISSG/ in (17 October 1973)
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
CONFIDENTIAL
INTELLIGENCE COMMUNITY POLICY
SECURITY OF COMPARTMENTED COMPUTER OPERATIONS
(Effective 7 January 1971)
Applicability
In order to insure uniform protection of sensitive
*
compartmented information when such information is stored
and/or processed in remotely accessed resource-sharing
computer systems, minimum security requirements are
established for the utilization of such computer systems
in a compartmented mode of operation. These requirements
are equally applicable within the Intelligence Community,
and to contractors and other government systems handling
sensitive compartmented information.
* The tern "sensitive compartmented information" as used
in this paper is intended to include all information and
material bearing special Community controls indicating
restricted handling within Community intelligence collection
programs and their end products for which Community systems
of compartmentation are formally established. The term
does not include Restricted Data as defined in Section 11,
Atomic Energy Act of 1951, as amended, nor does anything
in this paper supersede or augment requirements on the
control, use and dissemination of Restricted Data or
Formerly Restricted Data.
CONFIDENTIAL
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
CONFIDENTIAL
Purpose
1. This paper prescribes the basic policy concerning
the security aspects of using remotely accessed resource-
sharing computer systems in a compartmented mode of
operation. It specifies the conditions and prescribes
minimum security requirements under which such systems
may be operated. Responsibilities for the security
analysis, testing and evaluation as well as for the
accreditation of such systems are prescribed in applicable
national directives.
2. The computer processing of sensitive compartmented
information in some instances may constitute a threat of
such proportion that it can only be offset by more
stringent security arrangements than those specified in
this paper; conversely, instances may occur.when full
compliance with the requirements of this paper is impossible.
Such instances shall be referred to the cognizant approving
authority in sufficient time to allow their consideration
to any request for deviation from this policy paper.
Definitions
3. Remotely Accessed Resource-Sharing Computer System:
A system which includes one or more central processing units,
peripheral devices, remote terminals, communications equip-
COF IDENTIAL
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
CCNF1UENT1AI
sent and interconnecting links, which allocates its resources
to more than one user, and which can be entered from terminals
located outside the computer center.
4. Compartsented Mode of Operation: Utilization of a
remotely accessed resource-sharing computer system for the
concurrent processing and/or storage (a) of two or more types
of sensitive compartmented information or (b) of any type
of sensitive compartmented information with other than
sensitive compartmented information. System access is afforded
personnel holding TOP SECRET clearances but not necessarily
all the sensitive compartmented information access approvals
involved.
S. Controlled Too Secret Environment: Total system
protection and control from a physical, technical and
personnel security standpoint in accordance with the minimum
requirements for the processing and handling of Top Secret
material.
6. System Accreditation: Approval by cognizant
sensitive compartmented information authority for a remotely
accessed resource-sharing computer system to be operated in
a compartmented mode within a controlled Top Secret environ-
sent as defined above.
ChrETIAL
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
C1 N ICCNTIAL
Policy
7. Remotely accessed resource-sharing computer
systems shall not be utilized for the concurrent processing
and/or storage of two or more types of sensitive compart-
sented information, or of any type of sensitive compartmented
information with other than sensitive compartmented infor-
nation unless the total system is secured to the highest
classification level for all types of sensitive compartmented
information processed or stored therein, except as provided
in paragraph 8 below.
8. Such systems may be operated in a compartmented
mode if maintained in a controlled Top Secret environment
as defined herein and provided that at least the minimum
requirements identified in this paper are implemented and
made a part of system operation.-
9. Judicious implementation of the basic requirements
set forth below dictates a need to test and evaluate their
effectiveness when applied to a specific system as a basis
for accreditation of that system for compartmented computer
operations. Purther, such accreditation shall be subject
to periodic review of the security of system operation.
CONFIDENTIAL
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
CC F1CENTIAL
Minimum Requirements
10. All remotely accessed resource-sharing computer
systems accredited for compartmented operation shall contain
the following security capabilities as an absolute minimum:
a. Information System Security
Officer (ISSO): A security officer
shall be appointed for each computer
system operating in a compartmented
mode. This ISSO is specifically
responsible for ensuring continued
application of the requirements set
forth in this paper, for reporting
security deficiencies in system opera-
tion to the cognizant approving author-
ity, for reporting security deficiencies
in system operation to such authority,
and for monitoring any changes in system
operation as they may affect the security
status of the total system.
b. Personnel Security and System
Access Control Measures: Unescorted
access to the computer center shall be
CONFilENTIAL
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
E! FkkENTIAL
limited to personnel with a predetermined need
and holding Top Secret clearances as well as
access approvals for those types of sensitive
compartmented information stored and/or proc-
essed-by the system. Other personnel requiring
access to the computer center area shall be
properly escorted. A record shall be maintained
of personnel who have access to the computer
center. Access to and use of remote terminals
shall be limited to designated personnel hold-
ing Top Secret clearances and access approvals
for all compartmented information designated
for input/output at that terminal. Administra-
tive approvals, not requiring substantive
briefings, may be granted by cognizant authority
for access to the computer center and/or remote
terminals when access to all sensitive compart-
mented information stored and/or processed in
the system is not operationally required.
c. Physical Security Protection: Physical
security requirements for the computer center
CONFIDENTIAL
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
I CI rIIENTIAL
and remote terminal areas shall be determined
by the classification and types of sensitive
compartmented information involved. The
physical security of the computer center area
shall be based on prescribed requirements, as
implemented by the cognizant sensitive compart-
mented information authority for the most
demanding sensitive compartmented information
stored or processed by the system. Each remote
terminal shall be protected in accordance with
the requirements for Top Secret information and
for all sensitive compartmented information
designated for input/output at that terminal.
Those terminals designated for the input/output
of sensitive compartmented information shall be
in areas approved at least as temporary work
areas for the sensitive compartmented information
involved while operating in a compartmented mode.
d. Communications Links: The communica-
tions links between all components of the system
shall be secured in a manner appropriate for the
transmission of Top Secret sensitive compartmented
information.
GfENTIAL
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
Lv FIL1ENTIAL
e. Emanations Security Aspects: The
vulnerability of system operations to exploita-
tion through compromising emanations shall be
considered in the process of system accredita-
tion. Evaluation of the risks associated with
the computer center and the remote terminal
areas as well as related control measures shall
be accomplished by the cognisant approving
authority.
f. Software/Hardware Controls: Compart-
mentation of information stored and/or processed
in the system shall be based on the features
outlined below. Measures shall be implemented
to provide special controls over access to and/or
modification of these features.
(1) Security Labels: Security
classification and other required
control labels shall be identified
with the information and programs in
the system to ensure appropriate
labeling of output.
IDIENTIAL
Approved For Release 2008/10/09: CIA-RDP89BO1354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
CONFIDENTIAL
(2) User Id.ntification/Authentica-
tion: System operation shall include a
mechanism that identifies and authenticates
personnel accessing it remotely. This
mechanism shall consist of software and/or
hardware devices, manual control procedures
at terminal sites, and other appropriate
measures designed to validate the identity
and access authority of system users.
(3) Memory Protection: Hardware and
software control shall be exercised by the
system over the addresses to which a user
program has access.
(4) Separation of Use Execution Modes
of Operation: The user and execution modes
of system operation shall be separated so
that a program operating in user mode is
prevented from performing unauthorized
execution functions. Controls shall be
implemented to maintain continued separation
of these modes. _
c ul4nIE}iIAL
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0
CONFIDENTIAL
(S) Residue Clean Out: Measures shall
be implemented to.ensure that memory residue
from terminated user programs is made in-
accessible to unauthorized users.
(6) Access Control: Effective controls
shall be implemented to limit user and
terminal access to authorized information
and programs as well as to control read and/
or write capability.
(7) Audit Trail Capability: Each system
shall produce in a secure manner an audit
trail containing sufficient information to
permit a regular security review of system
activity.
S. Individual Security Responsibilities: All
users of the system shall be briefed on the need for
exercising sound security practices in protecting the
information stored and processed by the system, includ-
ing all output. Users shall be informed that the system
is operating in a compartmented security mode and that
the receipt of any information not specifically requested
shall be reported immediately to the ISSO.
CON ~ IDENTIAL
Approved For Release 2008/10/09: CIA-RDP89B01354R000100080003-0