FOIA
TABLE OF CONTENTS
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP89B01354R000200250006-7
Release Decision:
RIPPUB
Original Classification:
U
Document Page Count:
5
Document Creation Date:
December 27, 2016
Document Release Date:
April 3, 2013
Sequence Number:
6
Case Number:
Content Type:
MISC
File:
| Attachment | Size |
|---|---|
 CIA-RDP89B01354R000200250006-7.pdf | 137.56 KB |
Body:
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03: CIA-RDP89BO1354R000200250006-7
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03: CIA-RDP89BO1354R000200250006-7
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03 :
CIA-RDP89BO1354R000200250006-7
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03 :
CIA-RDP89BO1354R000200250006-7
UNCLASSIrltu
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03: CIA-RDP89BO1354R000200250006-7
to" - SAFEGUARD 18:
SAFEGUARD 19:
- SAFEGUARD 20:
7- SAFEGUARD 21:
Page
I . INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . .
DDCI Tasking; Approach for Developing Minimum SAFEGUARDS
for "Critical Systems"; Selection of "Critical Systems";
Purpose of Field Coordination and Cost Assessments
II. OBJECTIVE AND GUIDELINES . . . . . . . . . . . . . . . . . . . . 4
Statement of Objective and Policy Guidelines; SAFEGUARDS
Provided by Automated Systems Versus Environmental
and Administrative SAFEGUARDS
III. MINIMUM SAFEGUARDS TO BE PROVIDED BY THE AUTOMATED SYSTEMS . . . . . 7
Overview of DOD Trusted Computer System Evaluation Criteria;
Overview of SAFEGUARDS to be Provided by the Automated
"Critical Systems"; Strategy for Implementation of "Critical
System" SAFEGUARDS:
~C- SAFEGUARD 1:
7 SAFEGUARD 2:
/- SAFEGUARD 3:
,/ - SAFEGUARD 4:
Lam- SAFEGUARD 5:
N A - SAFEGUARD 6:
w~ - SAFEGUARD 7:
n-A- SAFEGUARD 8:
,/- SAFEGUARD 9:
SAFEGUARD 10:
SAFEGUARD 11:
/- SAFEGUARD '12:
- SAFEGUARD 13:
,/- SAFEGUARD 14:
SAFEGUARD 15:
NV, - SAFEGUARD 16:
- SAFEGUARD 17:
TABLE OF CONTENTS
Mandatory Access Control . . . . . . . . . . 12
Discretionary Access Control . . . . . . . 14
Object Reuse . . . . . . . . . . . . . . . 14
Labels . . . . . . . . . . . . . . . . . 15
Label Integrity. . . . . . . . . . . . 15
Exportation of Labeled Information . . . . . . 16
Exportation to Multilevel Devices. . . . . . . 16
Exportation to Single-Level Devices. . . . . . 16
Labeling Human-Readable Output . . . . . . 17
Subject Sensitivity Labels . . . . . . . . . . 17
Device Labels. . . . . ? ? . 18
Identification and Authentication. . . . . . 18
Trusted Path . . . . . . . . . . . . . . . . . 19
Audit. . 19
System Architecture. . . . . . . . . . 20
System Integrity . . . . . . . . . . . . . . . 21
Covert Channel Analysis. . . . . . . . . . . . 21
Trusted Facility Management. . . . . . . . . 21
Security Testing . 21
Design Specification and Verification. . . . . 22
Configuration Management . . . . . . . . . . . 22
2 (or ? ,~
Mme,.
i
UNCLASSIFIED
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03: CIA-RDP89BO1354R000200250006-7
UI4lLhJJA U 1 LW
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03: CIA-RDP89BO1354R000200250006-7
TABLE OF CONTENTS
(Continued)
Page
Administrative
SAFEGUARDS
System Security Plan . . . . . . . . . . . . . 25
External Marking of Removable Storage Media. . 25
Intelligent Terminals and Personal Computers . 25
Clearance of Maintenance Personnel . . . . . . 26
Annual Accreditation Requirement . . . . . . 26
Accreditation Authority for Automated ~Message
Processing Systems . . . . . . . . . . 26
Accreditation of Automated Message Handling
Systems . . . . . . . . . . . . . . . 27
Accreditation Recording. . . . . . . . 27
Control Mechanisms in Automated Message
Handling Systems . . . . . . . . . . . 27
Automated Message Handling System Auditing
Capabilities . . . . 28
Prohibition on Use ofUnencrypted ~ and ~ Dial-up
Lines. o . . . . . . . . 28
Protection of Security-Related Software. . . . 28
Separation of Duties . . . . . . . . . . . 28
Access Authorization Approvals, . . . . . . . 29
Awareness of and Compliance with Appropriate
Security Policies. . . . . . . 29
Two Independent Access Authentication
Mechanisms . . . . . . . . . . . . . . . . 29
~'d _V~ / SAFEGUARD 23:
~~ ~---- j - SAFEGUARD 24:
SAFEGUARD 25:
~ SAFEGUARD 26:
-----.RD
j - SAFEGUARD 36:
,jr
V- SAFEGUARD 37:
Environmental
Systems"
Protection
to be Afforded "Critical Automated
)t SAFEGUARD 38:
Z- SAFEGUARD 39:
V,- SAFEGUARD 40:
SAFEGUARD 41:
jof 3
MINIMUM SECURITY SAFEGUARDS TO BE PROVIDED BY ENVIRONMENTAL AND
ADMINISTRATIVE CONTROLS . . . . . . . . . . . . . . . . . . . . . . . 24
p A - SAFEGUARD 28:
,,, - / SAFEGUARD 29:
N Al- SAFEGUARD 30:
SAFEGUARD 31:
J SAFEGUARD 32:
SAFEGUARD 33:
1 - SAFEGUARD 34:,
---
SAFEGUARD 35:
Physical Security. . . . . . . . . . . .. . 30
Personnel Security . . . . . . . . . . . . . . 30
TEMPEST . . . . . . . . . . . . . . . . . . . . 31
COMSE C . . . . . . . . . . . . . . . . . . . . 31
ii
UNCLASSIFIED
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03: CIA-RDP89BO1354R000200250006-7
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03: CIA-RDP89BO1354R000200250006-7
Next 2 Page(s) In Document Denied
Iq
Declassified in Part - Sanitized Copy Approved for Release 2013/04/03: CIA-RDP89BO1354R000200250006-7
Printer-friendly version