GUIDELINES FOR THE SECURITY ANALYSIS, TESTING, AND EVALUATION OF RESOURCE-SHARING COMPUTER SYSTEMS

fflrrrnrr i_? Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320005-0 IBSEC- CSS-R-6 2 2 JAN 1971 COMPUTER SECURITY SUBCOMMITTEE OF THE UNITED STATES INTELLIGENCE BOARD MEMORANDUM FOR: Members, Computer Security Subcommittee United States Intelligence Board SUBJECT : Guidelines for the Security Analysis, Testing, and Evaluation of Resource- Sharing Computer Systems 1. Attached for your infOrmation is a copy of the final draft of the proposed guidelines for the security analysis, testing, and evaluation of resource-sharing computer systems, prepared sub-. sequent to our discussion of subject at the 15 January 1971 Subcom- mittee meeting. 2. Copies of these guidelines were furnished members of the Security Committee at the latter's 19 January meeting with a request for their approval or comment, to be submitted to the Secretary, SECOM by the close of business 28 January 1.971. 3. At the 19 January SECOM meeting, I called attention to the following points about this guideline paper: a. It represented the product of the Subcommittee and was not meant to be a fully coordinated Community document; b. Its contents are not meant to be directive in nature; it should serve as a handbook for testing the security of computer systems; c. The Subcommittee expanded the scope of the paper beyond the original USIB tasking, in order to 1 ExcludadeRfrOolimP alutomatic downgrading and declassification Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320005-0 Declassified in Part - Sanitized Copy Approved for Release 2013/01-. CIA-RDP89B01354R000200320005-0 ULM I Itliav a int.. extend its possible application to other than computer systems operating in a Top Secret environment and a multi-level mode; d. In producing the paper, the Subcommittee delib- erately did not address the problems involved in the implementation of the guidelines. The apparent problem of resource availability in this regard could have seriously impaired our effort, since the lack of technical expertise to conduct certain phases of system security testing and evaluation might have suggested omission of such aspects from the testing process. Distribution: 1 each CSS Member 1 - C/IHC Support Staff Chairman Computer Security Subcommittee -2- STAT t Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320005-0