SUGGESTED AGENDA TOPICS AND COMMENTS ON PROPOSED PROCEDURES FOR THE NTISSC AND ITS TWO PERMANENT SUBCOMMITTEES

Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9 UNCLASSIFIED LExecutive Registry 84-92./4,/. Secretary, Natrona Telecommunications and Information Systems Security Committee, National Security Agency FROM: James H. Taylor Executive Director, CIA SUBJECT: Suggested Agenda Topics and Comments on Proposed Procedures for the NTISSC and Its Two Permanent Subcommittees REFERENCE: Chairman, NTISSC Ltr (COMSEC 1-2/150), dtd 5 Oct 1584, Subject: NTISSC Representation 1. This memorandum provides a suggested agenda item and comments on the proposed procedures for the National Telecommunications and Information Systems Security Committee (NTISSC) and its two permanent subcommittees. The Executive Director, CIA, will represent the DCI, including his Intelligence Community responsibilities. 2. We recommend that a comprehensive telecommunications and automated information systems security threat briefing be provided to the NTISSC, including a summary of the security vulnerabilities in DOD systems which were identified in a recently completed survey for the SECDEF. 3. We reviewed the proposed charter for the NTISSC and its two permanent subcommittees and believe that the changes noted in the attachment provide clarification and ensure consistency with the NSDD. We particularly note that paragraph 7e of the proposed Subcommittee on Automated Information Systems Security (SAISS) charter defines guidance to include program and budget matters. NSDD/145, however, makes a clear distinction in the program and budget responsibilities of the System Security Steering Group, the Executive Agent, and the National Manager with respect to automated information systems security vice telecommunications security. Automated information security program and budget recommendations, for example, are only to be reviewed in aggregate. Therefore, we believe that it is inappropriate for. the SAISS to provide program and budget guidance to the departments and agencies. Our concerns can be accommodated by changing the second sentence of paragraph 7e of the SAISS charter to read as follows: .... . A T r W r n Lill Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9 "Guidance as defined herein refers to a policy, direction, decision, -instruction or advice which concerns planning or applying automated information systems security requirements, standards, criteria, and equipments." 4. I look forward to participating in the first meeting of the NTISSC on 8 November. Attachment: a/s James H. aylor IIKIP' ACCTrTrn Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9 SUBJECT: Suggested Agenda Topics and Comments on Proposed Procedures 'for the NTISSC and Its Two Permanent Subcommittees 1 - Addressee 1 - ExDir/CIA 1 - D C I 1 - DDCI 1 - ER 1 - D/ICS 1 - D/PPS 1 - C/IHC 1 - ICS Registry Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9 UivL,Ln,JLI iLu , Recommended Changes to the NTISSC ..and Its Two Permanent Subcommittees o Change last sentence of paragraph 7, Section VII, of the NTISSC charter to read: "Following receipt by the chair, the reports and recommendations shall be forwarded to the full NTISSC for review, formal approval or disapproval, and forwarded as appropriate." Rationale: Clarification of roles and responsibilities of NTISSC o Change last two sentences of paragraph 5a. of the proposed operating procedures of both subcommittees to read: "The chair shall vote in the event of a tie. Dissenting views, with supporting rationale, may be provided by any representative, brought to the attention of the NTISSC Secretariat, and forwarded to the full Committee." Rationale: Clarification of voting procedures and handling of dissenting views o Delete the specific identification of the chairman of the subcommittees z t and replace with: "The Chairman of the NTISSC, with the concurrence of a majority of the NTISSC voting members, will nominate the chairmen of the subcommittees." Rationale: To ensure future flexibility in determining chairmen of subco ttees. Also, should be accomplished by memorandum from the NTISSC Chairman rather than included in the charter. o Insert the following sentence at the beginning of paragraph 3, Section II, of the.NTISSC charter: "The Committee shall make recommendations to the Steering Group on Committee membership." Rationale: Consistency with NSDD/145 o Delete the first nine words of paragraph 1, Section VII, of the NTISSC charter and insert the following: "The Committee shall submit annually an evaluation of the status of national telecommunications and automated information systems security with respect to established objectives and priorities. Included in the evaluation will be . . . ." Rationale: Consistency with NSDD/145 o Replace paragraph 4, Section VII of the NTISSC charter with corresponding language from paragraph 5b(4) of NSDD/145: "The Committee shall identify systems which handle sensitive, non- government information, the loss and exploitation of which could adversely affect the national security interest, for the purpose of encouraging, advising and, where appropriate, assisting the private sector in applying security measures." Rationale: Consistency with NSDD/145 UNCLASSIFIED Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9 UNULMSSIriLU o Insert in secpnd-paragraph, first line of STS charter after the word matters, "relating to telecommunications security" so that this paragraph reads: "Matters relating to telecommunications security under the cognizance of the STS and subject to the deliberations and actions of the STS include . . . Rationale: Consistency with NSDD/145 o Change the second sentence, paragraph 7e, of the SAISS charter to read: "Guidance as defined herein refers to a policy, direction, decision, instruction or advice which concerns planning or applying automated information systems security requirements, standards, criteria, and equipments." Rationale: Consistency with NSDD/145 Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170027-9