PROPOSED ODP POLICY EXCLUDING ADPE OF FOREIGN MANUFACTURE
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP91-00280R000100130040-5
Release Decision:
RIPPUB
Original Classification:
C
Document Page Count:
28
Document Creation Date:
December 23, 2016
Document Release Date:
September 11, 2013
Sequence Number:
40
Case Number:
Publication Date:
May 4, 1981
Content Type:
MEMO
File:
Attachment | Size |
---|---|
![]() | 1.04 MB |
Body:
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280IR000100130040-5
4 MAY 198i
MEMORANDUM FOR: Chief, Procurement Division, OL
STAT30m:
Chief, ADP&EB/PD/OL
Proposed ODP Polity Excluding ADpa.
of Foreign Manufacture
REFERENCE: Memo dtd 21 Apr 81 fm C/MS/ODP to
C/PD/OL (ODP-81-437)
1. The above reference contains ODP's proposed policy
"that automatic data processing eqUipment which is-substantially
of foreign manufacture will not be procured foruse in. Office ?
Data Processing computer networks."
2. ODP's concerns leading to this policy are enumerated
in paragraph ? 1 of thereference. ODP cites two primary reasons.,
i.e., physical security considerations and potential require-
ment for visits to Agency facilities by representatives such:
as manufacturing engineers.
3. In response, to ODP's request for reasons to strengthen
the policy, we ?suggest that-thee are questions which should
first be addressed, including those in Attachment 1.
4. Upon adequate response-to these questions and
further identification of the'specific security .considerations
which necessitate the proposed policy, we are prepared to
-further -assist in development of approaches to meet actual
needs in this area.
STAT
Att
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
/\
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
3.
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Attachment 1
1. What are the parameters Or "Substantially- of
Foreign Manufacturer?" The entire system, :individual
components - subcomponents?
2. How are these determinations (Foreign Manufacture)-
to be made? On a case by case basis? For each ,procurement?
By who? Any exceptions? ?
3 Will vendors have an opportunity to rebut this policy
and its presumptions?
4. What are the established security- safeguards presently
imposed upon ADPE systems to prevent these occurrences?
5. Shouldn't this type of policy apply to the Agency
vice ODP?
6. What is the olicy. of other intelligence organizations,
i.e., NSA, DIA.,- ARMY AIR FORCE, FBI?
7.. Have there been prior docutented _instances of
tampering foreign national consultations, etc.?.
8. What Source- would be available, to the Agency, given
the fact that Most ADPE vendors utilize transnational corpor-
ations for parts, mainframe assembly, etc.?
9. How would domestically ? manufactured, not foreign
designed equiptent, be treated under the policy? ?
npriassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved forfo'r IrieTear-se 2013/09/11: CIA-RDP91-00280R000100130040-5
Attachment 1
RESPONSE TO QUESTIONS BY OL/ADP&EB ON
FOREIGN-MANUFACTURED ADPE POLICY*
.1 & 2 - Security determinations always require the exercise of
judgment.- ODP would expect that when required a panel
of OL, OS and ODP'personnel would make?the
determination on a case-by-case basis. We would also
-agree to a more detailed definition and guidelines if
thWere j-udged practical (by Place of manufacture of
critical components; -place of final assembly, etc.).
We recognize that the problem ? is complicated. But, if
we routinely make personnel security judgments,
judgments such as we are suggesting should be Possible
and, .in fact, are frequently made even now. For
example, OL has recently acted, in conjunction with ODP
a/hd based on existing OS policy, to preclude ODP
:/ ASusiness with a formerly U. S
.we-
25X1 !under foreign ownership
It
.No. They will tl5e given the opp8rtunity to present the
facts Of their specific situation and to present a
rebuttal to the initial Agency position. The final
-Agency determination will not be subject to
26(1 challenge.
4. Existing security procedures prevent us from allowing
non-U. S. citizens .access to our ADPE, such as for
specialized maintenance, or support, (All regular
maintenance personnel must be U. S. citizens and
preferably Agency cleared. The maintenance firm must
also ..be U. S7-. owned. These- are lOngstanding OL and 'OS
polic,ies.). With equipment predominantly from U. S,-
owned vendors and of U. S. manufacture, access to
technical staff,. (engineering, manufJ,,cturing, etc.) who
are Q. S. citizens is generally not a problem. This
would not be 1,c,- .ith equi Tent of foreign
-25X1. manufacture.
*Responses
Pr,!ferenee.
25X1
are keyed to questions, by number, in Attachent 1 of
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
N?17-?.7,. ? ?
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: alA-RDP91-00280R000100130040-5
Factory modification of ADPE is..always potentially- a
threat.. We rely-, .for lack of more sophisticated
controls, on the intearity. of U. S.-owned firms and
their personnel.. We would be far more vulnerable in
this ..regard with equipment substantially of foreign
25X1 manufacture. .
5. We would stron support a. similar Agency-wide-,
25X1 policy.
6. We do not know the policies,of other agencies in the
regard. We, however, do not consider other agencies,
policies particularly relevant. .CIA security policy is
separate and distinct from the policies of other .
25X1 agencies.
We have on numerous occasions consulted with
manufacturing and engineering personnel when
particularly difficult problems have been encountered
and local maintenance personnel. could not provide the?
required support. We have obviously not used foreign
manufacturing or engineering personnel in this
regard. The purpose of .this Policy is to avoid being
? put in the position where we have no choice. To our
/knowledge we currently use no ADPE that would fall
25X1-. ./ under this policy..
We have no docuented instances,.of factory-tampering
? with ODP ADPE. The intelligence target is of high
value and the technology, available. Prudent security-
( ?management requires us to take action to minimize the
25X1 possible threat.
No equipment in our current inventory would, in our
judgment,. be excluded by the criteria of this program
policy. Thus, for example,- our existing sources would
remain available to us at least in the near future.
25X1
Domestically manufactured, not foreign designed?
equipment from a U.- S.-owned firm .does not fall under
this policy or present an unusual- security problem.
25X1
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
. . ?
MEMORANDUM FOR:
FRO:4:
FAIRJECT:
25X1
R: 3RENCE:
?
?
?
C)9 JUN iS1
Deputy Director of. Security
Physical, Technical aridArea ,Security
Information Systems Security Group, OS
???:?.7 ? ?
-7STAT
.Proposed ODP Policy Excluding ADPE of Foreign
Manufacture
?
dated 4 May 1981 same
,
? :-..-Memorandum dated 21 April 1981 from
-C/MS/ODP to C/PD/OL (ODP 81-437)
1: This Office fully supports the policy outlined in
paragraph 2 of reference (b). This policy incidentally was first
surfaced in 'our joint OS/ODP Computer Security Working Group and,
in fact, prior to final publication by the Office of Data
Processing (0D2), Managemant Staff (MS) was coordinated with the,
Office of Security (OS), Information Systems Security Group
25X1sG)-...
25X1
? ? ?
2-:...11ith-respect to the two basic -concerns raised by ODP;
- ?
' ? '7 -
- ? ? - - -__ ?
a. There is-a-distinct threat'ito ADPE both .at the
manufacturing point. and/or at the servicing end via a device
used for: the purpose already stated in reference (b). We
believe, "however, that there would be better ways for a
hostile or (friendly) government to obtain information but
that threat nevertheless exists.
b. Regarding service reresentatives - any foreign
national representative of these manufacturers would not be
permitted entry to complex for obvious
security reasons.
.3. In answer to specific questions listed in attachment (1)
rezerence (a), we have the following comments correspon:ain7,
to pararao-as in attachment):
25X1
a. We view these rJaremeters as the entire system to ?
inclune- irvaividual com2onents of a colt10uter,-
meory 110 -
well as,communication equipment.
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
7-
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
. . . 0 . ?
.;
- ? - -
b.. - We would 'prefer that these be made at time of
'procurement as part- of*-the procurement process. Inquiries
should be made as -to 'foreign affiliation and if possible
- ?place of manufacture of computer units under procurement
consideration. -- There should .be no exceptions unless there
are overriding 'circumstances not now envisioned and then
only with written 'concurrence by the Director of Security.
and the Director of Data . Prtocessing.
. .?
? c.. No.: We believe that this is an 'internal rvg. ency
policy :matter _necessitated by the .DCI s legal responsibility
r to protect- Sources-and Methods. DDO -.data which is Processed
.on our -co=uters -1.-yOuld -.certainly. be considered in this
?-
not: specifically analyze
implanted devices or for
Technical. Security Division/Office of Security people,
'..-:however,vidoTmake-;:a periodic_ "audio sweep" of outlying Agency
building's which. conceivably would .pick up emanating signals.
Regarding _Visiting service representatives: service
technicians who regularly maintain our computer eguime_nt
-must be. cleared and badged (vNE: badge includes polygraph -
..intervieW). Service personnel on the Agency account, who
regularly service our ,eouipment but who .do not qualify for a
badge ( less than 100 visits per rear) 'are also , generally
appropriately cleared. In the .event there are . no badged or
cleated service. personnel available, uncleared
....-.representatives will be asked to perform maintenance
- ---functions:u.hder escortby .a "knowledgeable" individual.' Of
.- course this' procedure-is difficult- to enforce in- the daily
?
sub j ect area.
do
.., -
equipment. for
?
new-- computer-;
modifications .
work environment
?
.:.e. Yes. We-are currently reviewing Agency and
Community policy in the information security area in order
to update existing-regulations/directives and will consider
this cuestion as part of that review. Additionally, we feel
that it should also apply-to the intelliaence Community
STAT ( e -9., to member Agencies processing under DOLT) 1/16)
f. To our 'knowledge there is currently no icy
-Community-wide specifically addressing this ratter.
very, recently, as you know, there was a spec i ie "buy-
_A7r,-E.-ican" clause in the GSA procurement 6 irect Lves w-clir2h no.,
has been voided by 1-,xecutive Order. Further, historically
the United States comput,r .manufacturers have not had any
competition from .foreign companies. However, with recent
technical strides in computer manuEr-tul7i
'PrOble r3f usinc;' faco
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
. _
25X1
h. We are not as concerned about United States computer
? manufacturers using transnational corporations for parts,
_.....etc. ,....as-we?are of foreign manufacturers producing this
_computer &quip:I-lent in their own country under their. "total"
-1-controL.-:'In short, we have to live -with the "facts of fife"
0E-American business..
i.;any questions 'would first have to be ?-answered such .
--asdegree of foreign control; the -distribution process for
--c?? this.equipment,.tvoes of contracts (overt/covert) under.
25X1 .-consideration.
?4.. Obviously
?lanation.
25X1
25X1-.1..be .the Point of
contact
. _
. ?
-
these
questions
need further discussion
(secure extensi
Wi th in
'
ISSG on this issue.
and
?1
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
25X1
STAT-
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
/CE)
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
20 July 1981
STAT
STAT
STAT
QTAT
',TAT
STAT
WA!
STAT
STAT
STAT
25X1
25X1
STAT
STAT
MEMORANDUM FOR THE RECORD
SUBJECT: Foreign Manufactured ADP Hardware
1. On 13 July 1981, the undersigned repiesented OL/SS ata
meeting held in the ODP Management Staff area, Room 2-D-03 Head-
quarters Building. In attendance were Actin Chief
ODP Management Staff and Chief, ODP Policy and Plans Group
Chief, Informations Systems Security Group, OS;
Assistant General Counsel, Procurement Law Division,
Chief, ADPU Branch of OL/PD: Contracting
?GC;
Officer, ADPU Branch of OL/PD and ODP Security
Officer.
2. The meeting was called by to discuss
concerns with ODP' .s proposed policy tor excludang the procurement
of foreign manufactured ADP hardware. This policy is set forth in
the 21 April 1981. memorandum (Tab A) from ODP to
response (Tab B) raised several issues which were responded to ny
ODP Management Staff (Tab C) and OS/ISSG (Tab D) T1-1-hrIckground
of ODs policy formulation was explained by The Direc-
tor of ODP, Mr. Bruce Johnson, is responsible for the ODP Management
Staff production of a policy paper. He was aware of the impending
procurement of several Central Processing Units (CPU's) and queried
his staff in regard to Agency policies for the procurement of foreign
manufactured ADP equipment, and CPU's in particular. He was advised
that the most pertinent regulation that had a bearinc7 on his concerns
was located in
This extract was presented
as a view graph at the meeting. At some point in.the ODP's search
for a specific policy, Mr. JOhnson had occasion to 'discuss ADP equip-
ment of foreign manufacture with. the -(then) DDA, Mr. Hugel. Mr. Hugel
indicated his support for a policy that would preclude purchasing
foreign manufactured ADP equipment in even more stringent terms than
those envisioned by Mr. Johnson. Until this point, ? Mr.: Johnson had
proposed excluding the procurement of "major systems" only. Mr.
Hugel suggested that the prohibition be extended to all ADP hardware.
The end result of Mr. JohnSon's deliberations was the 21 April 1981
policy memo which was written at his direction by the ODP Management
Staff.
3. early remarks directed the course of the meet-
ing. He indicated that an "ODP Policy Statement" governing the
procurement of foreign manufactured ADP equipment was r1-)ably an
incorrect format to achieve the desired results, suggested,
and the attendees agreed, that a Headquarters regu aLion per aining ?
to this subject should eventually be published and that a notice
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
cip)
SUBJECT:. Foreign Manufactured ADP HardWare
Or other appropriate instrument signed.by the Director Of Logistics
serve as an interim measure. Agreement on the plitlication of a_D/L
notice was the only truly-firm course of action decided upon airing
tlie---rsolve.d---that the Director of ODP will, send a
-re-qUe-g-t--176?Ihe Director of Logistics for .the publication of a D/L
notice. Included in the request will be an ODP policy statement,
highlighting the issues that they feel should be addressed in the .
notice. The request will contain a concurrence line for the Director
.of Security's signature and will be coordinated with ISSG and OL/SS.
ODP views the-D/L notice as the means to insure that contracting
officers consider the origin of ADP equipment in their evaluations
.of responses to ADP-RFP's.
.4. The issue of the nature of the threat posed by the purchase
STAT of foreign ADP equipment was raised by .He suggested
that it would be appropriate :to justify the publication of a D/L notice
to the 'Director of Logistics. The request might include case histories
or technical evidence to support a ban on the procurement of foreign
ADP equipment. Although the existence of evidence of a threat was. ?
? alluded to by. some of the attendees, no specific cases were mentioned.
STAT The groietp deferred to who indicated that the critical
consideration is that all ADP equipment has the potential to be net-
worked within the Agency. :There is no guarantee that- a stand alone
piece of ADP equipment, ostensibly purchased for unclassified use,
will not be networked into a highly classified system at some future
date. It was decided that a lengthy justification would not be in-
cluded in the D/OBP's request to the D/L, in that the threat is
self-evident.
S. A discussion was held concerning the variables in ownership
or place of manufacture that would disqualify an ADP vendor from
STAT consideration for procurement. - presented a chart (Tat F)
that reflects ODP's concerns in this area.: There was_general
agree-
ment among the attendees that theeprocurementeof a complete ADP system
manUfactU-red-oVer-Se-is is completely unacceptable, Beyond this, vari-
atiOns in:the-hardware-assembly were discussed (parts:manufactured
overseas, but assembled in the U.S.; inert parts manufactured overseas,
but installed in U.S. systems, etc.) that pointed out the need for
flexibility in the application of any policy to ban procurement of
foreign ADP hardware. There was no attempt to formulate specific
evaluation-standards during the .meeting
6. There was tentative consensus that future RFP's for ADP
_ _ _ _
_. _
-ocurerent should include a clause spellin,c, outire Agency's prohi-
--;,
ultaon OR tne procurement of foreign nanutactured ADP equipment. Ihe
_ _
____?____ -
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
SUBJECT: Foreign Manufactured -ADP Hardware
clause would be based on the policy _no-tice that will be sought from
the Director of Logistics. -A questionnaire designed to disclose the ?
origin- of manufacture of the system or components being offered
would also be included in the RFP. The questionnaire would be used
in evaluating the vendor's response. For any evaluation to be mean-
ingful and consistent. baselon:e pass/fail standards will have to be
STAT created. acknowledged that the creation of such
. standards would require extensive ISSG participation, if indeed the ?
? task was not exclusively ISSG's.
7. It 1s apparent that implementatiOns of a policy to ban
_foreign ADP equipment will require much_ more consideration, especially
. in the area of. formulating meaningful evaluation criteria. For. now,
as noted above, the only action that will' be sought by ODP is a policy
direCtive over the signature of the Director of Logistics.
STAT
AttaChment
Security Staff, OL
3
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
R
Next 2 Page(s) In Document Denied
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
'21; '"/
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
MEMORANDUM FOR: See Distribution
STAT,R0I
ODP-81-963
27 July 1981
Security Officer, ODP
SUBJECT Automatic Data Processing Equipment
of Foreign Manufacture - Draft Memorandum
? Attached is a draft of. a memorandum from the Director of
Data Processing to the Director of Logistics via. the Director of'
Security. Please review the draft to ensure that you are in ?
-agreement with its contents. Please submit your concurrence or
comments by 3 August 1981.
STAT
DI STRIBUTION-
STAT
STAT
25X1
- OS/ISSG-
OL/ADP & EB.
OL/SS
- c/o OL/SS
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
25X1
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
rsr-N .7-1 A I
ODP-81-95.1
24 July 1981
U
.
MEMORANDUM FOR: Director of Logistics
VIA- Director of Security
-FROM Bruce T.Johnson
Director of Data Processing
SUBJECT Automatic Data Processing Equipment of
Foreign Mandfacture
1. Automatic data processing equipment (ADPE) manufactured
in a foreign country is becoming more and more common in the
American marketplace and, hence, senior OD? managers are becoming
increasingly concerned, for security reasons, about the possible
introduction of foreign manufaCtured ADPE into Central
Intelligence Agency facilities. Two primary reasons for these
concerns are physical security considerations and the potential
requirement for visits to Central Intelligence Agency facilities
(2('
771
Declassified in Part - Sanitized Copy Approved for Release 2013/09/1'1 : CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
by representatives of foreign manufacturers such as design or
systems engineers. New equipment will use technology that will
make detection of surveillance devices very difficult and thus
increases the possibility of;a successful .penetration of our
???
security safeguards. When difficult, complex engineering
-problems-:are-encountered with ADPE manufactured in the U. S., it
usually is pos.s'ible and sometimes necessary to bring specialize
engineering personnel-to Headquarters to resolve the problems.
This clearly would not be. possible with a foreign manufacturer
having a foreign nation'al staff. Our s'ecurity conCerns,
therefore ?include:
Alteration of equipment for surveillance or disruptive
purposes during manufacture.
Embargo of spaces, upgrades, enclineerir:g changes, or
follow-on technology.
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
O Alteration of eauipment fnr lanrin
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
purposes during service (including modification of
TEMPEST equipment).
o Difficulty in access to engineering/manufacturing
personnel.
o Possibility of having to utilize foreign national
engineering/manufacturing specialists for non-routine
25X1 maintenance of hardware/software.
? IA 6?
g>S1
2. I wish to make it clear from the outset that we
)0 %?
/04
recognize the complexity of this problem. Current Agency
9 V
ocj!,procurement and security policy does not permit contracting with
P?ii$"' "corporations under foreign ownership, contract or influence."
\
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
I ii
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Our. intent here isLs extend this protection
Lo that it covers
the location and ownership of the manufacturer even when the
equipment is obtained from a separate and distinct U. S.-owned
vendor and the routine maintenance performed by a U. S.-owned
'maintenance. organization. We view this situation as 'a gap in our
current security and procure-ment policy and believe for the
reasons stated above this gap should be closed. Our concern here
is driven by our knowledge of the current ADPE market where, in
fact, foreign-manufactured IBM-compatible mainframes are
available from U. .-owned sales and service corpoi-ations.
therefore with the concurrence of the Director of Security -a-c-4-6
.(.).
l? .-, I ( -P)
N..N
youncu_rre.nce would like to establish a procurement policy ?,?j?,,
.
\ .(.k1
?;,---?
?
which, for security reasons, does not permit the acquisition of
V% c r, :.-, ,
ADPE substantially of foreign manufacture for use in CIA data ,,1* ?
_ (fiYic r.:J,
.
ip--I.,
. .
processing activities. Until we have more experience with this
A 1
-
proposed policy our working definition of ADPE substantially of 's
N)?.
foreign manufacture will be that critical subsystems or final
assembly is performed by a foreign manufacturer. We further
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Lo.reign manu rcii.Turer in relation to gecraphy or ownership
?
(i.e., ADPE manufactured in-the U. S. by a foreign-owned firm
would also be excluded).
/STAT
3. Representatives of the offices of Logistics, Security,
General Counsel and Data Processing discussed this matter on
13 ,July 1981,*. They .proposed, and I Support the proposal, that C4,4A
14a- policy prohibiting the procurement of ADPE substantially of
foreign manufacturer be established for use in CIA data
processin6 activities. If you are.in agreement and the Director.
.?/
of Security concurs., I suggest that a Headquarters Regulation be
published establishing this policy. In the interim this policy
could he implemented in a Procurement Notice.
. Our view is that the issue of foreign
yte4 ?
manufacture will
A,
be evaluated along with other security factors in the overall
contractor evaluation. process.. A panel of Logistics, Security
and Data Processing. personnel can be convened, if required, to
7-per-fOrm the comprehensive security evaluation.
. Requests for Proposal would bring this matter to the
attention of the potential contractors and contain a
eSTAT
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
STAT
? .
?
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
questionnaire simila, to the DD Form 4415, Cei---ificate pertaining'
STAT
to Foreign Interests (attached). A similar form will be
developed in ODP and coordinated with your office and the offices
of General Counsel and Security.
6. As you well know the Agency is increasingly relying on
automatic data processing. equipment for the manipulation ?and
storage of classified information. This, in turn, increases our
vulnerability ,to security penetrations that exploit weaknesses in
our ADPE equipment or procedures. We believe this policy is one
more seep in improving our ADP security posture and reducing our
risk of loss or compromise of classified information.
Attachment:
CONCUR:
Wu'
Director of. Security.
STAT CD?/NS/
Bruce T, Johnson
STAT
(243u1y81)(red 41 disk) STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
U
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
25X1
25X1
G NI 4
25X1
25X1
25X1
29 July .1981
MEMORANDUM FOR: Director of fogistics
FROM:
. SUBJECT:
REFERENCE:
Jim:
Associate General Counsel
Foreign Ownership of Contracto
Manufactured Products
and.
Multi Adse Memo fm SO/ODP,
dtd 27 July 1981, Subj: Automatic Data
Processing Equipment of Foreign Manufacture -
Draft Memorandum (ODP-81-963)
1..Attached is a copy of my comments regarding referent.
The draft is more evidence of the problem the Agency is confronted
with. I hope, however, it is not a ruse just to permit sole
source acquisitions from a few chosen. contractors.
2. In any event, ont./'acts Staff,
spoken to me regarding his immediate problems with
Have you decided definitely that its ()Kay to go
forward with the completion of the two OTS contracts presently
underway? I told .that was my understanding, but I Would
double check. Also, is he to attend
With the officers from
OTS, has
Att: ?
As stated
?
?
1
I
STAT
STAT
STAT
STAT
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
STAT
LUN 1-101:1\1 1 IAL
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
OGC 4)06425
25X1
25X1
MEMORANDUM FOR:
FROM:
SUBJECT:
REFERENCE:
Security Officer,
29 July 1981
Office of Data Processing
STAT
Counsel
Equipment of Foreign
Associate General
Automatic aAta Processing.
Manufacture - Draft
Multi Adse memo fm
dtd 27 July 1981;
Memorandum
STAT
SO/ODP,
same subject (ODP81-963)
1. Attached are our comments concerning referent memorandum.
? We would point out specifically page 4 of the draft. that the
language should be revised to reflect that the Director of
Logistics', in accordance with his area of responsibility, is being
asked to/ establish the particular procurement policy of no foreign
ADP, rather than merely co se Suggested wording to this
25X1 effect 'has been provided.
/2. If you have any questions, please feel free to call par,
25X1 at extension
Att.:
As stated
cc: D/L, Watt
C/ADP&EB/PD/OL, Watt
25X1
N Fl D N
I..
STAT
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5
?
SEE ANNOTATIONS IN COLUMNS OF TAB 6
Vr.e.
Declassified in Part - Sanitized Copy Approved for Release 2013/09/11: CIA-RDP91-00280R000100130040-5