COMMENTS ON COMPUTER SECURITY SUBCOMMITTEE OF THE UNTIED STATES INTELLIGENCE BOARD SECURITY COMMITTEE, IBSEC-CSS-

Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320013-1 I ite4 '4 December 1970 SUBJECT: Comments on Computer Security Subcommittee of the Page 1- I. United States Intelligence Board Security Cpmmittee, IBSEC-CSS- Purpose: Change "prescribes' to "provide" since the paper is to assist rather than require. II'. Scope: It is suggested that the meaning of "special handling controls" be made clear. . Security Analysis Change "accumulate" to "identification". Delete "conceptual approaches and". Place period after "system" in 4th line. Delete "and applying these as they pertain". Add "Determine how these security features are applied" to the software, system. -7-n /7. 2nd' line "not". dependent)upon softWare", , erolatipn of "software" i this context? . , Exc r, ? ; Declassified in Part - Sanitized Copy Approved for Release 2013/03/21: CIA-RDP89B01354R000200320013-1 Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320013-1 C_ Page 4 C-O-N-F-I-D-E-N-T-I-A-L -2- Security labels This appears to be a minimum requirement as in DCII) L/16. This per should contain guidance on how to determine that a security requirement satisfied, NOT a restatement of the requirement. c. System Supervisor In addition to access control7guidance for determining that the supervisor is adequate should be included. Page Page 6 3. 1,4-) ? (3)// Se4) I don't think you mean this. ? same comment as for tyage a. , above. (1) "and/or remote terminals". This is a more stringent requirement than currently USIB approved procedure. Also, it does not agree with 3.a. (2), page 7. (2) Rewrite first sentence to say clearly what should be done to test or analyze a personnel security control. C-O-N-F-I-D-E-N-T-I-A-L Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320013-1 Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320013-1 Page 7 b. up or down? C-0-N-F-I-D-E-N-T-I-A-L -3- (3) This paragraph is not clear to me. (Are you c. Similar comments to page 2.a., above. This requirement is less than cqptained in paragraph d. page 8 of DCID 1/16. o7 . CkINA.,-41;Le, "cf---dde ? Ou\A Ap--vvA) adtAai 2Ke/ STAT STAT Declassified in Part - Sanitized Copy Approved for Release 2013/03/21.: CIA7RDP89B01354R000200320013-1