DIRECTOR OF CENTRAL INTELLIGENCE SECURITY COMMITTEE COMPUTER SECURITY SUBCOMITTEE
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP89B01354R000400500002-1
Release Decision:
RIPPUB
Original Classification:
K
Document Page Count:
5
Document Creation Date:
December 27, 2016
Document Release Date:
July 29, 2013
Sequence Number:
2
Case Number:
Publication Date:
December 1, 1981
Content Type:
MEMO
File:
Attachment | Size |
---|---|
CIA-RDP89B01354R000400500002-1.pdf | 179.96 KB |
Body:
- Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
C-)
STAT
STAT
STAT
STAT
DIRECTOR OF CENTRAL INTELLIGENCE
SECURITY COMMITTEE
COMPUTER SECURITY SUBCOMITTEE
--December 1981
DCISEC-CSS-M141
1. The One Hundred and Forty-First meeting of the Computer Security Subcomittee
was held on 17 November 1981 The meeting was
convened at 0930 and in attendance were:
Mr. Robert Graytock, Department of Justice
Mr. Carl Martz, Navy
Mr. Lynn McNulty, Department of State
Mr. Robert Storck, FBI
Mr. James Studer, Army
Mr. James Schenken, U.S. Secret Service
Mr. Lynn Culkowski, Air Force
2. The minutes from the previous meeting were reviewed; there were no changes
or comments, and thus the minutes were accepted as written.
3. The discussions on the rewrite of DCID 1/16 were continued from the last
meeting, at which the NSA member presented a proposed policy statement of, and
approach to, the DCID. For this meeting the CIA, Army, and Department of State
members were requested to be prepared to present their views/proposals. These are
summarized below:
a. Department of State - Mr. McNulty stated that after giving the problem
considerable thought, that he was essentially in agreement with the approach proposed
by the NSA member at the previous meeting. However, he felt that it was important
that the document also include:
- a statement of scope; since the scope of the document clearly has
resource implications, he felt that a "bottom limit" should be defined so that it
was clear as to which system types/ ADP applications the document applied.
- a tie-in with other pertinent policy; the DCID should recognize
other efforts within DoD, DCI, and the civil sector of the government (e.g., TM-1
of the OMB circular).
Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
Declassified in Part- Sanitized Copy Approved forRelease2013/07/30 : CIA-RDP89B01354R000400500002-1
- an accountability mechanism; he felt that the present document
allows individual agencies to effectively ignore the DCI's policy, and thus that
it is important to incorporate a mechanism, such as periodic reporting of compliance
status, accreditation actions, etc., which would provide sufficient visibility at
the DCI level.
In the discussions which followed, there was general agreement on the desirability
of an accounting/visibility mechanism. However, on the question of scope, some of
the membership voiced the opinion that the applicability of the document should not
be artificially and unnecessarily limited. They felt that the resource problem
could, and should be, managed locally.
b. CIA - provided copies of a proposed document (copies
attached), and discussed his approach. Basically, the draft provides a succinct
statement of policy, to which is added sections dealing with the following topics:
- allowable modes of operation and minimum requirements;
- procurement/acquisition;
- accountability on compliance;
- memoranda of agreements' for joint operations;
- reaccreditation and review of threats/vulnerabilities;
- temporary exemptions for unusual and/or emergency situations.
STAT
Comments on the proposed rewrite centered on the details of the exemption mechanism,
and on the section dealing with allowable modes; basically, some of the members felt
that the definition of allowable modes/minimum requirements was overly restrictive
and did not allow sufficient flexibility to take into account technological innovation
or environmental factors. There was additional discussion concerning what to do about
word processors and stand-alone systems, with no consensus being reached.
c. Army - Mr. Studer reiterated his support for the approach proposed at
the previous meeting by He also discussed the specifics that STAT
needed to be appended to such a document, primarily:
- technical guidelines which allow- the NFIRmember to choose the
combination of system features and security countermeasures required to engineer a
system which satisfies ,at least a minimum, and hopefully an optimum, security system,
consonant with operational requirements.
- the capability to incorporate technological innovation.
In the discussion which followed, there was general agreement on the need for the
DCID to be sufficiently flexibile to allow case-by-case systems engineering, where
warranted, to incorporate new technology and consideration for environmental factors.
Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
d.? The Chairman emphasized that the proposed rewrites and the opinions
being voiced on the subject at this time were intended to be the views of the
individual member only, and therefore need not have been staffed throughout the
parent organization. Thus, he cautioned the membership against representing the
comments/opinions expressed on this subject by any of the participants as anything
but personal contributions which are intended to lead to a Subcommittee proposal
for a rewrite of the DCID.
4. The Chairman thanked the Army, CIA, and Department of State members for
their contributions, and asked for volunteers for presentation of further views at
the next meeting. These will be the Navy, FBI, Department of Justice and the Secret
Service members.
5. The next meeting was set for 09.30.on Tuesday, 15 December 1981 at the
txecutive secretary
Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
STAT
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
DRAFT OF NEW DCID 1/16
CONTENTS
SIMPLIFIED 1ST SECTION DEALING WITH POLICY .AND
RESPONSIBILITIES AND EXEMPTIONS.; FOLLOWED TY
REQUIREMENTS (CHAPTER II).
"REQUIREMENTS" SECTION (CHAPTER II) COVERS NEW MODES TO.
REFLECT EXISTING ENVIRONMENT WITH MATRIX TO MAKE IT
UNDERSTANDABLE. . ? ?
EXEMPTIONS FOR "OPERATIONAL" TACTICAL/STRATEGIC ELEMENTS
NEW SECTION(S) DEALING WITH
. ACQUISITIONS/PROCUREMENT STD'S
- UNCLASSIFIED PROGRAM PROCESSING RELATED TO
SOFTWARE DEVELOPMENT ACTIVITY
- MOA 'S BY MEMBER AGENCIES
- "OVER THE COUNTER" ACCESS CONTROLS-
- AREA OF MAINTENANCE/SERVICE OF EQUIPMENT
- WORD PROCESSING EQUIPMENT
- PROVIDING DCI "FEEDBACK" ON STATE OF
ACCREDITATIONS, EXEMPTIONS
Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
R
Next 15 Page(s) In Document Denied
Declassified in Part - Sanitized Copy Approved for Release 2013/07/30: CIA-RDP89B01354R000400500002-1
STAT